Congress Is Weakening America’s Cybersecurity. It Couldn’t Have Picked A Worse Time.
from the protect-our-internet dept
Last week the world watched in horror as Russia illegally launched a brutal war in Ukraine. Online videos and eyewitness accounts evoked a terrible throwback to WWII, with tanks rolling over borders, frightened refugees, and bomb blasts in a major European capital.
While the visuals look hauntingly familiar, this war is very different: it is the first major global conflict to be fought not only on the ground, but also online as Russia aggressively extends its campaign to the online sphere. Indeed, dominating the cyber realm is a critical part of Russia’s military strategy.
Even prior to the physical invasion, Russian cyber warriors initiated massive attacks on Ukrainian infrastructure. Government ministries, military institutions, and bank websites were knocked offline using sophisticated malware. The aim was to deny Ukrainians access to news, communications services, banking, and the power and conveniences of the Internet. Meanwhile, on social media sites, Russian trolls unleashed a blizzard of online disinformation in an effort to sow fear and confusion.
U.S. social media sites are responding to the challenge. Facebook parent company Meta has removed disinformation posts and websites, and has banned Russian state media from running ads or monetizing on the Meta platform anywhere in the world. Twitter is stepping up efforts to detect platform manipulation and is actively monitoring the accounts of government officials, journalists, and other high-profile individuals to prevent hacks and takeovers. Meanwhile, user traffic within Ukraine has shown a spike in the use of Telegram, Signal, and other encrypted messaging services.
Russia’s cyberwar will likely not end at Ukraine’s borders. Cybersecurity experts warn the United States and other western democracies that they will likely be the next targets as Russian hackers zero in on data centers, critical infrastructure, and sensitive data. Many U.S. companies are at risk: the Financial Times reports that more than 100 Fortune 500 companies use Ukrainian IT services.
Russia certainly has the means and expertise to expand the cyber battlefield. According to the Microsoft Digital Defense Report, 58% of all cyberattacks observed in 2021 came from Russia. Even more chilling: nearly a quarter of nation-state cyberattacks targeted not governments or businesses, but individual consumers.
In this treacherous environment, you would think that Congress would rush to reinforce the security of American networks and personal devices. In fact, the opposite is true. In their haste to punish “big tech,” U.S. policymakers are advancing legislation that makes Americans less secure and creates an online playground for foreign adversaries and other bad actors.
The most egregious example is the Earn IT Act, a bill that creates a false choice between protecting the physical safety of children and protecting the online safety of Americans. Not only will this overly broad bill chill lawful speech, but it will also undercut internet safety by making platforms criminally liable for providing encryption. Online wrongdoers of all types were presumably thrilled when this bill passed out of the Senate Judiciary Committee, despite pointed objections from many Senators.
The EARN IT Act is not the only example. Another Senate bill, the Open App Market Act, forces app stores to enable the downloading of unverified software from third-party providers. More, the bill prohibits the required use of in-app payment systems owned by the app store provider, placing app store users at the mercy of bad actors using unvetted payment systems. Taken together, these provisions allow foreign actors or cyber thieves to sidestep the sophisticated and effective measures currently used by app stores to screen for malicious and dangerous software.
Finally, so-called “competition” bills in the House and Senate include provisions intended to prevent large tech platforms from self-preferencing a company’s own services against those of competitors. Unfortunately, these bills would also prevent companies from blocking or taking down offensive or unwanted content. These bills open the door to content from Russian and other foreign propagandists, as well as stalkers, cyberthieves, and other bad actors.
Policymaker pique at a handful of tech companies does not justify undermining the online security of millions of Americans. At the very least, Congress should put an immediate stop to all bills that prevent platforms from moderating foreign propaganda or protecting the security of consumer devices. Instead, Congress should work with the tech industry on legislation to strengthen Americans’ privacy and online safety and provide our companies with the tools to navigate an increasingly challenging online world.
Michael Petricone is the Senior Vice President of Government Affairs, Consumer Technology Association (CTA)
Filed Under: competition, congress, content moderation, cybersecurity, earn it, encryption, open app markets, russia
Comments on “Congress Is Weakening America’s Cybersecurity. It Couldn’t Have Picked A Worse Time. ”
This comment has been flagged by the community. Click here to show it.
Stats from Microsoft
“58%” of attacks come from Russia.
Yes, 58% of attacks on Microsoft Windows that they catch come from Russia. Imagine if they knew what they’re doing.
Microsoft is the biggest problem. Since WFW they’ve worked hard to ensure everything is so backward-compatible that malware thrives on it. That’s 40 years of head in sand fingers in ears Microsoft driven loss of trillions of dollars.
Please don’t give them a pulpit.
E
I’ve never understood the almost universal effort to weaken encryption in the government by lawmakers. It’s almost like they don’t have a clue!
Re: Only the nobility deserve privacy, the peons can do without
It’s hard to say for sure as it’s not like you’d ever get an honest answer from those gunning for encryption but I suspect it’s a mix of greed and short-sightedness/indifference.
Greed in that those involved want access to any and all information to the point that they think they are owed that access and anything that prevents is is a terrible thing to be scrapped and short-sightedness/indifference in the sense that they either don’t think or don’t care that once the door is open for them it’s open for everyone, even those they might considered enemies.
To much in 1 article
So we start off in russia vs Ukraine, and goto R vs everyone, then to national idiocy?
A bill to do everything in 1 shot?
First the Ukraine.
Looking at their country, I think Russia cant block much as over 1/2 the Border isnt on the Russian side.
And if Russia is able to hack all the Connecting servers on the EU side, WTF are those Admin’s NOT DOING?
As to this country. consider Any logical reasoning for our gov. to do this and what it would take to Force them to DO IT. Lots of money from somewhere? Trying to fix something they dont Understand, but has been Told(not explained) to them?
Already know they got rid of allot of people that were there to Explain things TO the politicians, but at LEAST ask their kids about tech and programming the remote. At least find the grandkid that programs the phone
Re:
Because if you read the article, you’d see it’s all connected. Russia’s cyber warfare will not end with Ukraine and other western democracies will likely be next on the hit shit and instead of trying to beef up our defenses we’re heading towards WEAKENING it by attacking the very thing that protects everyone: Encryption.
Also, don’t use “sophisticated” as a scare word here.
Mixing the bad bills in with the good bills
The only problem I have with this article is the idea that allowing users to choose where they install from, and who they pay is somehow worse. No one is FORCING users to use applications outside of the app stores walled garden.
If the user wants to install an app that has been forced off the app store because Russia decided it was bad for instance, the user should have the choice of downloading it directly from the developer, and paying them directly as well.
Re:
Yeah, the Open App Markets Act is a good idea. Walled gardens of the likes that Apple operates are bad. I’d like to see the OAMA succeed and for iPhones to be cracked wide open for their owners to use as they see fit.
Re:
There is a difference from allowing side loading, available in Android, and forcing an app store to accept all third party applications, which is what the objective of the bill appears to be.
Re: Re:
Yup. This is my take on it as well. I use Android in part because I want to support an ecosystem that allows for sideloading. I do wish that Apple would do the same with its app store… but I’m very, very hesitant to say that Apple MUST allow that to happen, because that has a lot of downstream effects.
Re: Re: Does it have language that says that in the bill
I skimmed over it but did not see “must accept all third party apps” or similar language. User initiated and approved each time side loading seems like the right approact honestly. Hard to see what the negative downstream effects would be at that point. Android has proven that it can work.
Re: Re: Exactly!
There’s a fairly big difference between installing apps outside of the marketplace
And
Bulldozing the walls that make the marketplace what it is.
The first is the equivalent of letting customers eat a Burger King onion rings with a BigMac and shake inside McDonald’s.
The other is telling McDonald’s they need to let burger sell king whoppers inside the McDonald’s.
Btw, as I’ve pointed out before: you very much can install software on an iPhone from outside the App Store. You just need to know how to do it.
illegal war?
WFT is an illegal war? For that matter, WTF is a legal war? Do you think tht all fo the wars taht the U.S. starts are legal and vice versa? If so, you should stop writing.
Re:
I fear I noticed that line as well. I doubt that it as simple as “U.S. good, everyone else bad”.
But to start that conversation, perhaps some googling might help.
Wikipedia labels a “war without international legality” as one “not in self defense or approved by the United Nations Security Council”.
U.S. law is … confused on the issue. The Constitution says that (only) congress can declare war. But it also calls the president the “Commander in Chief”, having control of the armed forces. So for instance, the legality of the Vietnam War is debatable under U.S. law, but fairly excusable under the U.N. charter (under “restoring of international peace”).
In a different scenario, it is the winner of a civil war who gets to declare the other side illegal.
So … the question of an illegal rests in “who you accept as the authority.”
As usual, too many law makers and politicians want to see their names on bills without even thinking about the consequences! Add in that most of them want to get extra coins in their coffers and we have a recipe for disaster!
To err is human, to really fuck things up requires a computer. To progress to the FUBAR level requires the government.
Re:
Maybe so, but from time to time, the computers do give the government a run for their money.
This comment has been flagged by the community. Click here to show it.
Anna's Spa and Wellness AirDrie
nice article…
Re:
If you’re going to spam for a business, you should at least get the address right – Airdrie is a place name.
Legal "War"
Previous commenter made a good point about “Only Congress”… and the Commander in Chief. Sadly this doesn’t resolve the issue.
WAR is never “Legal”. If you have a problem with this sentence feel fee to look it up, quote it, and make your point.
ALL wars are UNLAWFUL TRESPASS and KILLING and possible MUTILAtION and DESTRUCTION of properties not belonging to the aggressor. Don’t like that either? Look it up, quote it, and make your point.
When IRAQ attacked QUWAIT… illegal, right?
When IRAN attacked IRAQ… illegal, right?
When BOSNIA, HERZEGOVINA, RUSSIA, CRIMEA, UKRAINE, oh and let’s not forget 6 Arab countries attacking Israel…
ALL ILLEGAL. Because ALL WAR IS ILLEGAL. Pretending there are rules of war that make it legitimate is to pretend that some KILLING, RAPING, BLOWING UP, AND DESTROYING is lawful.
It isn’t.
If you think I’m wrong, please do point out some piece of international law that supports KILLING, DESTROYING, RAPING, etc.
E
Re:
It takes only one side to start a war. Once a war has started, your side has to win it.
Re:
Events are not illegal, actions are. Invading another country without provocation (war) violates international law. Defending your territory from an attacker (war) does not.
Re: Re:
And I was signed out, oops.
Interesting
Good article, interesting. And, most of the comments seem to forget, what is legal war? I have never heard of one. All war is illegal.
Second, all encryption, can be overcome by computing power. Sooner or later. Lucky guess is just as good. But sooner or later, the right key appears. The thing I have about signal, is that the sender and the receiver both have the message deleted, especially in sunshine states, done by politicians. Violating state conduct rules. I’ll bet it’s been done out in DC also. A politician with signal on their communication device should just walk to a jail, they violated their oath.
Re:
Yes, but decrypting the message hundreds,thousands or millions of years after the message was sent is not a result that is any use to the security services.
Re: Re:
That issue is, however, why security of “data at rest” is a different problem from, and usually harder than security of “data in transmission”.
JFC someone just hack the Trump faithful in Congress’s phones & leak the data.
We’d have bullet proof encryption required immediately… plus the evidence to get rid of them.
Outside payments suck
Mandating that users be able to use outside payment systems is, arguably, a good thing.
Forcing it is not!
One of the biggest draws to these app marketplaces, after the security of vetting, is the single payment options.
That’s exactly why, elsewhere in the world, you find Google pay, Apple Pay, Amazon Pay, etc. in a store. At the gas station. On the web site to buy new third party software.
Looks to me like this is less about big tech and consumer choice…
And more about big banks and big money.