Congress Can't Even Get Its Own Cybersecurity Right, So Why Should We Let It Define Everyone Else's?

from the questions-worth-pondering dept

Congress claims to be really, really serious about passing cybersecurity bills this session -- even though each of the proposals it seems to put forth don't seem to have anything to do with cybersecurity, but plenty to do with increasing surveillance capabilities. We're still waiting for someone (anyone!) to explain what kind of cyberattack the latest bills would have stopped? Looking at the details, as has been the case for years, it really looks like these bills are about increasing the budget for various government agencies while simultaneously increasing surveillance capabilities.

And, as Trevor Timm points out, how could you possibly trust Congress on cybersecurity when those writing the bills don't seem to understand the basics themselves:

Just look at Congress’ own cybersecurity practices. None of the members of the Senate’s Intelligence Committee - the most influential cybersecurity oversight body in Congress - have websites that use HTTPS encryption, which is increasingly becoming the standard for websites who want to provide basic security protections for the people who visit them (Google and others have had it for years).

It’s such a vital tool that the executive branch recently promised to move all its websites over to HTTPS within two years - many of its agencies, though not all, have already made the switch. But there’s not even a hint that Congress is attempting to do the same. (The website of the Senate Intelligence Committee, which is in charge of cybersecurity oversight on the Senate side, also looks like it was designed in 1996.)

Elsewhere in the article, Timm notes that almost no one in Congress uses encrypted emails or encrypted phone systems, and that pretty much all of Congress is easy prey for foreign intelligence agencies looking to snoop on it.

Perhaps Congress should get its own house in order before telling the rest of the country how to improve its cybersecurity?

And the key decision makers appear to be even worse than the rank and file:

Consider the qualifications of the members who are in charge of cybersecurity oversight and who are leading the push for these invasive new laws. The man in charge of the subcommittee on cybersecurity and the NSA in the House, Representative Lynn Westmoreland, has a background in construction and is best known for trying to pass a Ten Commandments law (while only being able to name three of them). His actual expertise in cybersecurity is anyone’s guess, besides having an NSA facility in his district.

It gets worse. The Congressman who oversees the appropriation of billions of dollars in cybersecurity funding for the Department of Homeland Security, Representative John Carter, said this about cybersecurity and encryption recently: “I don’t know anything about this stuff”. Yes, that is an exact quote.

We wrote about that comment by John Carter, in which he followed it up by proving that he was absolutely clueless about encryption. And yet he's looked at to help decide how these things are regulated.

Timm also reminds us how Congress used to have an Office of Technology Assessment, a non-partisan organization that advised Congress on technology issues from 1972 until 1995. That's when Newt Gingrich defunded it. An effort last year by Rush Holt to bring it back was overwhelmingly rejected, suggesting that Congress wants to remain ignorant, even as it has to make laws on this stuff.

At least it appears that more Congressional reps are finally figuring out how to use HTTPS -- with 214 members now at least supporting HTTPS, if only 76 default to it. That's not everything they need to know about cybersecurity, but it at least starts the conversation. Though it seems notable that no Senate site does. It really seems that if Congress wants to write laws about cybersecurity, it should first be required to get its own online security straight first.

Filed Under: congress, cybersecurity


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 21 Apr 2015 @ 2:50pm

    Politics as usual

    Congress is responsible for 95% of the trouble

    They first create problems then campaign against them. They let Obama run wild, they let law enforcement run wild, they let bureaucracies "They Created" run wild! They let the COURTS run wild. They let business run wild.

    You pesky citizens ares stupid and deserve the shit you are about to get, it just sucks I have to deal with it because you are all too stupid to vote the correct way.

    the correct way to vote has been and will always be... for the voter to first eliminate all candidates that are corrupt, this is not hard actually, then vote for the candidate that stands for your principals.

    Reagan is currently the last president that deserved any respect or dignity. Clintoon, Bushtard, and Osama are dirt bags. The house and senate have been corrupt for decades. Radio and the media consistently get it wrong and the people just eat it up left and right.

    We deserve this miserable nation we have flushed down the shitter! Once enough illegals get here you will lose your country just like the Europeans are losing theirs. Enjoy losers!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2015 @ 2:58pm

      Re: Politics as usual

      If you think voting is going to fix this, you're as stupid as you claim the rest of us to be.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Apr 2015 @ 3:00pm

        Re: Re: Politics as usual

        You are the stupid one for believing that voting will not fix it.

        And since you think voting will not be fixing it, what pray tell, do you say will fix it?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Anonymous Coward, 21 Apr 2015 @ 3:25pm

          Politics Unusual

          Two things, neither easy.

          1. Get rid of money in politics.

          2. Get rid of political parties.

          Neither of these are new ideas, and it may take a gun to the head of those needed to make the changes, but I see these as the way.

          reply to this | link to this | view in chronology ]

          • identicon
            Jair, 21 Apr 2015 @ 6:06pm

            Re: Politics Unusual

            I would add a third step:

            3. Remove corporate personhood.

            Without it. large companies would be unable to both grow larger and influence the governing process in any way, as they would no longer have the rights of people. And companies that own other companies could be broken up, as that ownership would no longer be legal. It would also make the MAFIAA's shell game of Hollywood accounting impossible, as it relies on front companies which cannot exist and do what they do without having the rights of people.

            reply to this | link to this | view in chronology ]

            • identicon
              Pragmatic, 22 Apr 2015 @ 6:46am

              Re: Re: Politics Unusual

              If you succeed in getting rid of political parties, what will you do about caucusing? Human beings are social creatures, it's normal to form tribes.

              reply to this | link to this | view in chronology ]

              • icon
                Mason Wheeler (profile), 22 Apr 2015 @ 7:36am

                Re: Re: Re: Politics Unusual

                I actually don't think the solution is to get rid of political parties, because as you point out, realistically, that won't work. What we need to get rid of is "two political parties."

                In 2003, I was living in Argentina. It was an interesting time, and one of the things that happened was a presidential election. There were five major candidates, and in the end it came down to two guys, where the margin of victory was smaller than the margin of error. Former president Carlos Ménem, trying to win his way back into La Casa Rosada (in the USA we have the White House; the Argentine equivalent is the Pink House,) garnered a very narrow plurality of the vote, with Néstor Kirchner coming in a very close second.

                The most recent US election at the time was the one in 2000, and we all remember what a horrendous mess that was. (For values of "all" including US citizens who are not significantly younger than myself.) So it was interesting to watch what happened.

                The short version is, instead of wasting time and money on endless recounts and re-recounts and re-re-recounts and court cases and whatnot, they scheduled a runoff election in a few weeks' time. But here's the interesting thing: that runoff election never happened. It quickly became clear that almost everyone who had not voted for Ménem the first time was going to support Kirchner in the runoff, and so Ménem conceded. And I couldn't help but think, this is so much more civilized than the way we did it.

                But something like that can't happen without multiple strong parties in the first place.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 22 Apr 2015 @ 8:52am

                  Re: Re: Re: Re: Politics Unusual

                  ...something like that can't happen without multiple strong parties...

                  More importantly: this could not happen in the US without a constitutional amendment!

                  reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 21 Apr 2015 @ 3:28pm

      Re: Politics as usual

      "for the voter to first eliminate all candidates that are corrupt, this is not hard actually"

      In what sense is that not hard? Do you have a magical corrupt politician detector?

      In my opinion the problem isn't corrupt politicians as much as it's a system that requires honest politicians to behave in corrupt ways if they want to accomplish anything at all.

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 21 Apr 2015 @ 3:28pm

      Re: Politics as usual

      Oh, and Reagan was corrupt as hell.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Apr 2015 @ 5:44pm

        Re: Re: Politics as usual

        Two words: Iran-Contra Affair!

        reply to this | link to this | view in chronology ]

        • identicon
          Pragmatic, 22 Apr 2015 @ 6:49am

          Re: Re: Re: Politics as usual

          The Far right has deified Reagan, forgetting that they'd call him a liberal socialist if he ever entered their hallowed halls, the hypocrites.

          Hell, I'm conservative and get called that on a regular basis for not toeing the party line. I'm not going to.

          reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 22 Apr 2015 @ 7:22am

        Re: Re: Politics as usual

        For the life of me I can't figure out how a guy who got caught giving weapons to America's enemies, who inflated the national debt like a balloon, and who championed a law severely weakening traditional marriage and the family, laying the foundation that the gay marriage movement built upon in later years, is considered some sort of paragon to conservatives today.

        Could someone please explain this?

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2015 @ 2:57pm

    If you think voting is going to fix this, you're as stupid as the rest of us.

    reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 21 Apr 2015 @ 2:58pm

    It's this bad everywhere

    There are precious few people in positions of political power who have even a rudimentary grasp of science, medicine, technology, computing, mathematics, or engineering. Worse, most of them don't even try to acquire a back-of-the-envelope level of understanding. And still worse, some of them are actually proud of their ignorance.

    The societal cost of this is already enormous and is still growing as the intersection of those areas with law increases. But I don't see a way out, as large swaths of the electorate simply don't see this complete lack of qualification as an issue.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2015 @ 3:06pm

      Re: It's this bad everywhere

      They are busy with their left vs right, repuke vs demtard rhetoric to notice they are being played for fools.

      Sure I, like everyone else, likes to pick on the other side of the isle, but the bigger problem is those on this & that side protecting the dirt bags!

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2015 @ 4:54pm

      Re: It's this bad everywhere

      Science, medicine, technology, computing, mathematics, engineering?! Those don't get you elected. Look at our Congress. They are post-docs in mudslinging, political grandstanding, fundraising, speculative innuendo, and pandering. Those are the attributes that get you elected and re-elected. Voters don't want to vote for people they think are smarter than they are... and the voter of today is a product of the education of today. It requires actual work to get an education, and outside of enough to get a job, and to reinforce what you already believe, the average American is decidely that - just average. We have the Congress we deserve, sadly. We do, we voted it in... but don't blame any Republicans on me .

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2015 @ 3:14pm

    sounds like a typical government to me. too much power in the hands of those least capable of using it correctly!

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 21 Apr 2015 @ 3:26pm

    I think I spotted the problem...

    Apparently, those in power think that surveillance and security are the same thing. Which, if you're in power and worried about the unwashed masses getting too angry about your BS, might not be wrong.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2015 @ 3:26pm

    Congress wants to define cybersecurity for the people so that their cybersecurity definition (which is wrong)will become 'right.' (which still makes it wrong)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2015 @ 3:42pm

    What do you expect from people who fall for the old "please input your password" trick from something in their junk box?

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 21 Apr 2015 @ 3:43pm

    "Do what we say, not what we do" is the cornerstone for everything that is wrong with people in power in the states do business.

    reply to this | link to this | view in chronology ]

  • identicon
    Anony, 21 Apr 2015 @ 5:09pm

    Think about it....

    "Elsewhere in the article, Timm notes that almost no one in Congress uses encrypted emails or encrypted phone systems, and that pretty much all of Congress is easy prey for foreign intelligence agencies looking to snoop on it. "

    Just watch it will come out later that the NSA won't let Congress secure themselves because Terrorism!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2015 @ 5:53pm

    Upgrading web security with best practices from the eff is the very least the congressional IT guys should do.

    reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 21 Apr 2015 @ 6:51pm

    Keep complaining about this. Maybe we will eventually get in-the-loop experts in government who will all be of the pro-surveillance and aggression industries.

    reply to this | link to this | view in chronology ]

  • icon
    toyotabedzrock (profile), 21 Apr 2015 @ 6:58pm

    The child anti trafficking act they want to pass has an army staffed anti economic crime cyber unit attached.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Apr 2015 @ 2:34am

    'Congress Can't Even Get Its Own Cybersecurity Right, So Why Should We Let It Define Everyone Else's?'

    because it's Congress and they dont do anything wrong and never lie (or so they say!)!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Apr 2015 @ 8:44am

    ... and whose fault is that, eh?

    'Congress Can't Even Get Its Own Cybersecurity Right, So Why Should We Let It Define Everyone Else's?'

    This article posits that congresscritters don't understand cybersecurity like technologists do, don't use it in spite of being in a position where heightened security is important, and are making laws despite apparent ignorance of the issues.

    The article misses at least two points: The members are congress are not by trade technologists. It's not their job to completely understand every nuance of a subject. That's why they have staffs. So argue instead about the ignorance of their staffs. You might also spend some time griping about the congressional IT infrastructure.

    One of my favorite lines from this article was Most members of Congress and most congressional staff use unencrypted email ... (quoting ultimately from Chris Soghoian). Most of the world uses unencrypted email. Most often, it's over HTTPS. Sometimes it is on a system "entirely behind a firewall". It's still unencrypted.

    Consider the intersection of public records laws and encryption, for congressional email. There were a couple of stories about the Clinton email scandal not so long ago. Now picture if the emails themselves were encrypted.


    Finally, what was entirely missing from this article was a plan of action. What are you -we- going to do about this situation? Are you just going to tut-tut, "how terrible this is"?

    Because if you're really concerned about this issue, you're going to do something. Contact your representatives (and/or their staffs) and ask to talk about this issue in depth. Don't just inform them of your concerns, ask them what the problems are on their end. Refer them to well known experts so that you don't come across as a special interest lobbyist.

    Without the "Do", this article is just blindly repeating someone else's reporting and trolling for an emotional response.

    reply to this | link to this | view in chronology ]

    • icon
      Mason Wheeler (profile), 22 Apr 2015 @ 10:15am

      Re: ... and whose fault is that, eh?

      Finally, what was entirely missing from this article was a plan of action.

      I believe that was actually the point of the article: we don't need to do anything, and more specifically, we don't need Congress to pass cybersecurity laws, especially since they don't seem to even be aware of the basics.

      (Note: I'm not saying here that I agree with that viewpoint, only that I believe that that was (at least part of) the argument being made in this article.)

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Apr 2015 @ 5:02am

    (The website of the Senate Intelligence Committee, which is in charge of cybersecurity oversight on the Senate side, also looks like it was designed in 1996.)


    From the bottom of the linked page:

    "Copyright © 2006 United States Senate Select Committee on Intelligence"

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.