Sony, in what I predict to be a brilliant marketing move, has cancelled what was certainly going to be a shitty movie. This has gotten the expected, and likely desired, result of unleashing a great deal of impotent Internet rage. Not one to let a crisis go to waste the politicians in Washington DC are swooping in like vultures. First United States officials claimed that the hack was almost certainly performed by North Korea. Now senators are using that claim to justify the necessity of a “cyber security” (a meaningless term) bill:
Senator John McCain (R-AZ) also said that the choice set a “troubling precedent” in cyberwarfare. “The administration’s failure to deter our adversaries has emboldened, and will continue to embolden, those seeking to harm the United States through cyberspace,” he said in a statement. He reiterated promises to focus on the issue if elected chair of the Armed Services Committee, including plans to create a subcommittee for cybersecurity issues. “Congress as a whole must also address these issues and finally pass long-overdue comprehensive cybersecurity legislation,” he said. McCain has been pushing cybersecurity bills for years, including the Secure IT Act, a competitor to the controversial CISPA bill.
In a statement on Tuesday, Senator Dianne Feinstein (D-CA), a major proponent of cybersecurity and author of multiple bills, said that “this is only the latest example of the need for serious legislation to improve the sharing of information between the private sector and the government to help companies strengthen cybersecurity. We must pass an information sharing bill as quickly as possible next year.”
There are three points I would like to bring up.
First, there is no evidence that North Korea was involved in the Sony hack. All we have are statements made by United States officials. Remember that United States officials also told us that there were weapons of mass destruction in Iraq.
Second, the reason people like McCain and Feinstein want to pass a “cyber security” bill is because it would further enable private corporations, the same private corporations that currently possess a great deal of your personal information, to share data with the federal government without facing the possibility of legal liability. What members of Congress are referring to as “cyber security” bills are more accurately called surveillance bills.
Third, legislation won’t improve computer security. No matter how many “cyber security” bills are passed the fact of the matter is that bills are merely words on pieces of paper and words on pieces of paper have no ability to effect the world by themselves. What you need are experts in computer security doing their job and that is done by enticing them with rewards (often referred to as paying them) for utilizing their skills. Legislation doesn’t do that, markets do. The only thing legislation does is state who the state will send armed thugs after if their desires are not properly met.