Last Week in Tech Law & Policy, Vol.2: The Inside Scoop

(by Chelsea E.  Brooks, Colorado Law 2L)

State of the Union:  This week, I want to look ahead to President Obama’s State of the Union Address, which will be held Friday,  January 20th.  The President has revealed cybersecurity as being one of the key issues he will address. In particular, he is proposing a 30-day window in which companies must notify consumers that their data has been breached, is championing criminalization of selling credit card information outside of the U.S.,  and is expected to recommend to Congress a Consumer Privacy Bill of Rights.  In addition to consumer-focused proposals, the President wants to broaden the legal definition of unauthorized computer access under the Computer Fraud and Abuse Act (CFAA) and increase penalties for computer access crimes.

Back to Sony:  Connecting back to last week’s post, could the Sony hacking scandal have been influential in directing this agenda?  As mentioned in Vol.1, the Sony hack has “broad implications for the future of law enforcement, crime and punishment, privacy, and war.”  Those implications may already be coming to light as Shaun Donovan, the Director of the Office of Management and Budget, has cited to the Sony hack in writing the Administration’s cybersecurity proposals to Congress.  Donovan states:

[T]he dramatic increase in cyber intrusions and the recent destructive and coercive attack on Sony Pictures Entertainment offer a stern reminder that we must act with urgency to do everything possible to better protect the Nation and economy against cyber threats.

With that statement in mind, consider two questions posed by the New York Times:

When should the federal government step in to fight hackers? And is America’s own use of cyberweapons a complicating factor?

Blackhat:  Hollywood’s recent connections with cybersecurity don’t stop with the Sony hack.  The just-released Blackhat glamorizes the world of hacking and raises the question: could the current climate of fear of cyber crime lead to over-inclusive policy making?  Members of the Obama administration are already citing to the Sony hack as reasoning for increasing punishments and broadening the power of the CFAA. Is this reasoning justifiable?  Can increasing penalties effectively deter undesirable hacking?  (The legal ramifications didn’t seem to deter the Sony hackers.)