As it should be for a topic whose technologies and players are complex and dynamic, the bill focused on giving our protectors the tools they need. The bill also gives suitable authority and legal protections to our current cybersecurity agencies, as well as private sector operators of critical infrastructure. It provides authority to share information (without fear of legal action on grounds of privacy or antitrust violation), to classify parts of it when that’s necessary, and to release publicly only that which can be safely disseminated.
In SECURE IT’s criminal penalty sections, call for fines and imprisonment of 3, 5, 10, or 20 years for cyber-attacks depending on the value of damages, threat to public safety or injury to people. Curiously, jail time for trafficking in passwords was not mentioned, but is subject to seizure of property used in commission of that crime. Damage to critical infrastructure gets 3-20 years of imprisonment without parole and generally is to be consecutive to any other criminal penalty.
None of this is likely to discipline foreign enemy cyberattacks – unless we make the mistake of dragging the enemy soldiers into civilian courts.
In Rep Blackburn’s op-ed, transparency is mentioned although it is not a strong theme in the bill. When interpreting a law, statements made during passage can be called on to indicate what the representatives had in mind. Unfortunately there is plenty of paranoia among courts and no-secrecy advocates who would gladly misinterpret even a mention of transparency.
Transparency is a campaign theme that appeals to the distrustful. But transparency is not fully appropriate if applied to the tools you would need to catch and thwart military thugs and commercial thieves who are dedicated to killing you or damaging your way of life.
Unfortunately, sometimes a rat trap needs to be baited and camouflaged. Sometimes a camera recording the perpetrator's identity needs to be hidden from the perp's gaze. And when you video the perp’s identity, keep watching covertly - you might trace him back to his spymaster or mob boss. In cyber-security, transparency should be limited to areas that will not hobble effectiveness and will not expose our team of protectors to heightened personal danger.
We should thank the White House and Rep. Blackburn for taking on this topic. Let’s err on the side of empowering not of regulating our cyberprotectors. It’s overdue.
Daley is a retired businessman who lives in Florida and who writes for The American Consumer Institute Center for Citizen Research