Congress Is Weakening America’s Cybersecurity. It Couldn’t Have Picked A Worse Time.  

from the protect-our-internet dept

Last week the world watched in horror as Russia illegally launched a brutal war in Ukraine. Online videos and eyewitness accounts evoked a terrible throwback to WWII, with tanks rolling over borders, frightened refugees, and bomb blasts in a major European capital.

While the visuals look hauntingly familiar, this war is very different: it is the first major global conflict to be fought not only on the ground, but also online as Russia aggressively extends its campaign to the online sphere. Indeed, dominating the cyber realm is a critical part of Russia’s military strategy.

Even prior to the physical invasion, Russian cyber warriors initiated massive attacks on Ukrainian infrastructure. Government ministries, military institutions, and bank websites were knocked offline using sophisticated malware. The aim was to deny Ukrainians access to news, communications services, banking, and the power and conveniences of the Internet. Meanwhile, on social media sites, Russian trolls unleashed a blizzard of online disinformation in an effort to sow fear and confusion.

U.S. social media sites are responding to the challenge. Facebook parent company Meta has removed disinformation posts and websites, and has banned Russian state media from running ads or monetizing on the Meta platform anywhere in the world. Twitter is stepping up efforts to detect platform manipulation and is actively monitoring the accounts of government officials, journalists, and other high-profile individuals to prevent hacks and takeovers. Meanwhile, user traffic within Ukraine has shown a spike in the use of Telegram, Signal, and other encrypted messaging services.

Russia’s cyberwar will likely not end at Ukraine’s borders. Cybersecurity experts warn the United States and other western democracies that they will likely be the next targets as Russian hackers zero in on data centers, critical infrastructure, and sensitive data. Many U.S. companies are at risk: the Financial Times reports that more than 100 Fortune 500 companies use Ukrainian IT services.

Russia certainly has the means and expertise to expand the cyber battlefield. According to the Microsoft Digital Defense Report, 58% of all cyberattacks observed in 2021 came from Russia. Even more chilling: nearly a quarter of nation-state cyberattacks targeted not governments or businesses, but individual consumers.  

 In this treacherous environment, you would think that Congress would rush to reinforce the security of American networks and personal devices. In fact, the opposite is true. In their haste to punish “big tech,” U.S. policymakers are advancing legislation that makes Americans less secure and creates an online playground for foreign adversaries and other bad actors.

The most egregious example is the Earn IT Act, a bill that creates a false choice between protecting the physical safety of children and protecting the online safety of Americans.  Not only will this overly broad bill chill lawful speech, but it will also undercut internet safety by making platforms criminally liable for providing encryption. Online wrongdoers of all types were presumably thrilled when this bill passed out of the Senate Judiciary Committee, despite pointed objections from many Senators. 

The EARN IT Act is not the only example. Another Senate bill, the Open App Market Act, forces app stores to enable the downloading of unverified software from third-party providers. More, the bill prohibits the required use of in-app payment systems owned by the app store provider, placing app store users at the mercy of bad actors using unvetted payment systems. Taken together, these provisions allow foreign actors or cyber thieves to sidestep the sophisticated and effective measures currently used by app stores to screen for malicious and dangerous software.

Finally, so-called “competition” bills in the House and Senate include provisions intended to prevent large tech platforms from self-preferencing a company’s own services against those of competitors. Unfortunately, these bills would also prevent companies from blocking or taking down offensive or unwanted content. These bills open the door to content from Russian and other foreign propagandists, as well as stalkers, cyberthieves, and other bad actors.

Policymaker pique at a handful of tech companies does not justify undermining the online security of millions of Americans. At the very least, Congress should put an immediate stop to all bills that prevent platforms from moderating foreign propaganda or protecting the security of consumer devices. Instead, Congress should work with the tech industry on legislation to strengthen Americans’ privacy and online safety and provide our companies with the tools to navigate an increasingly challenging online world.

Michael Petricone is the Senior Vice President of Government Affairs, Consumer Technology Association (CTA)

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Congress Is Weakening America’s Cybersecurity. It Couldn’t Have Picked A Worse Time.  ”

Subscribe: RSS Leave a comment

This comment has been flagged by the community. Click here to show it.

Ehud Gavron (profile) says:

Stats from Microsoft

“58%” of attacks come from Russia.

Yes, 58% of attacks on Microsoft Windows that they catch come from Russia. Imagine if they knew what they’re doing.

Microsoft is the biggest problem. Since WFW they’ve worked hard to ensure everything is so backward-compatible that malware thrives on it. That’s 40 years of head in sand fingers in ears Microsoft driven loss of trillions of dollars.

Please don’t give them a pulpit.


That One Guy (profile) says:

Re: Only the nobility deserve privacy, the peons can do without

It’s hard to say for sure as it’s not like you’d ever get an honest answer from those gunning for encryption but I suspect it’s a mix of greed and short-sightedness/indifference.

Greed in that those involved want access to any and all information to the point that they think they are owed that access and anything that prevents is is a terrible thing to be scrapped and short-sightedness/indifference in the sense that they either don’t think or don’t care that once the door is open for them it’s open for everyone, even those they might considered enemies.

ECA says:

To much in 1 article

So we start off in russia vs Ukraine, and goto R vs everyone, then to national idiocy?

A bill to do everything in 1 shot?

First the Ukraine.
Looking at their country, I think Russia cant block much as over 1/2 the Border isnt on the Russian side.
And if Russia is able to hack all the Connecting servers on the EU side, WTF are those Admin’s NOT DOING?

As to this country. consider Any logical reasoning for our gov. to do this and what it would take to Force them to DO IT. Lots of money from somewhere? Trying to fix something they dont Understand, but has been Told(not explained) to them?
Already know they got rid of allot of people that were there to Explain things TO the politicians, but at LEAST ask their kids about tech and programming the remote. At least find the grandkid that programs the phone

This comment has been deemed insightful by the community.
Anonymous Coward says:


Because if you read the article, you’d see it’s all connected. Russia’s cyber warfare will not end with Ukraine and other western democracies will likely be next on the hit shit and instead of trying to beef up our defenses we’re heading towards WEAKENING it by attacking the very thing that protects everyone: Encryption.

Scott Yates (profile) says:

Mixing the bad bills in with the good bills

The only problem I have with this article is the idea that allowing users to choose where they install from, and who they pay is somehow worse. No one is FORCING users to use applications outside of the app stores walled garden.

If the user wants to install an app that has been forced off the app store because Russia decided it was bad for instance, the user should have the choice of downloading it directly from the developer, and paying them directly as well.

This comment has been deemed insightful by the community.
Mike Masnick (profile) says:

Re: Re:

Yup. This is my take on it as well. I use Android in part because I want to support an ecosystem that allows for sideloading. I do wish that Apple would do the same with its app store… but I’m very, very hesitant to say that Apple MUST allow that to happen, because that has a lot of downstream effects.

Scott Yates (profile) says:

Re: Re: Does it have language that says that in the bill

I skimmed over it but did not see “must accept all third party apps” or similar language. User initiated and approved each time side loading seems like the right approact honestly. Hard to see what the negative downstream effects would be at that point. Android has proven that it can work.

Lostinlodos (profile) says:

Re: Re: Exactly!

There’s a fairly big difference between installing apps outside of the marketplace
Bulldozing the walls that make the marketplace what it is.

The first is the equivalent of letting customers eat a Burger King onion rings with a BigMac and shake inside McDonald’s.
The other is telling McDonald’s they need to let burger sell king whoppers inside the McDonald’s.

Btw, as I’ve pointed out before: you very much can install software on an iPhone from outside the App Store. You just need to know how to do it.

Anonymous Coward says:


I fear I noticed that line as well. I doubt that it as simple as “U.S. good, everyone else bad”.

But to start that conversation, perhaps some googling might help.

Wikipedia labels a “war without international legality” as one “not in self defense or approved by the United Nations Security Council”.

U.S. law is … confused on the issue. The Constitution says that (only) congress can declare war. But it also calls the president the “Commander in Chief”, having control of the armed forces. So for instance, the legality of the Vietnam War is debatable under U.S. law, but fairly excusable under the U.N. charter (under “restoring of international peace”).

In a different scenario, it is the winner of a civil war who gets to declare the other side illegal.

“In all revolutions the vanquished are the ones who are guilty of treason, even by the historians, for history is written by the victors and framed according to the prejudices and bias existing on their side.” – 1891, Missouri Sen. George Graham Vest

So … the question of an illegal rests in “who you accept as the authority.”

This comment has been flagged by the community. Click here to show it.

Ehud Gavron (profile) says:

Legal "War"

Previous commenter made a good point about “Only Congress”… and the Commander in Chief. Sadly this doesn’t resolve the issue.

WAR is never “Legal”. If you have a problem with this sentence feel fee to look it up, quote it, and make your point.

ALL wars are UNLAWFUL TRESPASS and KILLING and possible MUTILAtION and DESTRUCTION of properties not belonging to the aggressor. Don’t like that either? Look it up, quote it, and make your point.

When IRAQ attacked QUWAIT… illegal, right?
When IRAN attacked IRAQ… illegal, right?
When BOSNIA, HERZEGOVINA, RUSSIA, CRIMEA, UKRAINE, oh and let’s not forget 6 Arab countries attacking Israel…

ALL ILLEGAL. Because ALL WAR IS ILLEGAL. Pretending there are rules of war that make it legitimate is to pretend that some KILLING, RAPING, BLOWING UP, AND DESTROYING is lawful.

It isn’t.

If you think I’m wrong, please do point out some piece of international law that supports KILLING, DESTROYING, RAPING, etc.


Jim says:


Good article, interesting. And, most of the comments seem to forget, what is legal war? I have never heard of one. All war is illegal.
Second, all encryption, can be overcome by computing power. Sooner or later. Lucky guess is just as good. But sooner or later, the right key appears. The thing I have about signal, is that the sender and the receiver both have the message deleted, especially in sunshine states, done by politicians. Violating state conduct rules. I’ll bet it’s been done out in DC also. A politician with signal on their communication device should just walk to a jail, they violated their oath.

Lostinlodos (profile) says:

Outside payments suck

Mandating that users be able to use outside payment systems is, arguably, a good thing.
Forcing it is not!

One of the biggest draws to these app marketplaces, after the security of vetting, is the single payment options.

That’s exactly why, elsewhere in the world, you find Google pay, Apple Pay, Amazon Pay, etc. in a store. At the gas station. On the web site to buy new third party software.

Looks to me like this is less about big tech and consumer choice…
And more about big banks and big money.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...