Congress Can't Even Get Its Own Cybersecurity Right, So Why Should We Let It Define Everyone Else's?
from the questions-worth-pondering dept
Congress claims to be really, really serious about passing cybersecurity bills this session -- even though each of the proposals it seems to put forth don't seem to have anything to do with cybersecurity, but plenty to do with increasing surveillance capabilities. We're still waiting for someone (anyone!) to explain what kind of cyberattack the latest bills would have stopped? Looking at the details, as has been the case for years, it really looks like these bills are about increasing the budget for various government agencies while simultaneously increasing surveillance capabilities.And, as Trevor Timm points out, how could you possibly trust Congress on cybersecurity when those writing the bills don't seem to understand the basics themselves:
Elsewhere in the article, Timm notes that almost no one in Congress uses encrypted emails or encrypted phone systems, and that pretty much all of Congress is easy prey for foreign intelligence agencies looking to snoop on it.Just look at Congress’ own cybersecurity practices. None of the members of the Senate’s Intelligence Committee - the most influential cybersecurity oversight body in Congress - have websites that use HTTPS encryption, which is increasingly becoming the standard for websites who want to provide basic security protections for the people who visit them (Google and others have had it for years).
It’s such a vital tool that the executive branch recently promised to move all its websites over to HTTPS within two years - many of its agencies, though not all, have already made the switch. But there’s not even a hint that Congress is attempting to do the same. (The website of the Senate Intelligence Committee, which is in charge of cybersecurity oversight on the Senate side, also looks like it was designed in 1996.)
Perhaps Congress should get its own house in order before telling the rest of the country how to improve its cybersecurity?
And the key decision makers appear to be even worse than the rank and file:
We wrote about that comment by John Carter, in which he followed it up by proving that he was absolutely clueless about encryption. And yet he's looked at to help decide how these things are regulated.Consider the qualifications of the members who are in charge of cybersecurity oversight and who are leading the push for these invasive new laws. The man in charge of the subcommittee on cybersecurity and the NSA in the House, Representative Lynn Westmoreland, has a background in construction and is best known for trying to pass a Ten Commandments law (while only being able to name three of them). His actual expertise in cybersecurity is anyone’s guess, besides having an NSA facility in his district.
It gets worse. The Congressman who oversees the appropriation of billions of dollars in cybersecurity funding for the Department of Homeland Security, Representative John Carter, said this about cybersecurity and encryption recently: “I don’t know anything about this stuff”. Yes, that is an exact quote.
Timm also reminds us how Congress used to have an Office of Technology Assessment, a non-partisan organization that advised Congress on technology issues from 1972 until 1995. That's when Newt Gingrich defunded it. An effort last year by Rush Holt to bring it back was overwhelmingly rejected, suggesting that Congress wants to remain ignorant, even as it has to make laws on this stuff.
At least it appears that more Congressional reps are finally figuring out how to use HTTPS -- with 214 members now at least supporting HTTPS, if only 76 default to it. That's not everything they need to know about cybersecurity, but it at least starts the conversation. Though it seems notable that no Senate site does. It really seems that if Congress wants to write laws about cybersecurity, it should first be required to get its own online security straight first.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: congress, cybersecurity
Reader Comments
Subscribe: RSS
View by: Time | Thread
Politics as usual
They first create problems then campaign against them. They let Obama run wild, they let law enforcement run wild, they let bureaucracies "They Created" run wild! They let the COURTS run wild. They let business run wild.
You pesky citizens ares stupid and deserve the shit you are about to get, it just sucks I have to deal with it because you are all too stupid to vote the correct way.
the correct way to vote has been and will always be... for the voter to first eliminate all candidates that are corrupt, this is not hard actually, then vote for the candidate that stands for your principals.
Reagan is currently the last president that deserved any respect or dignity. Clintoon, Bushtard, and Osama are dirt bags. The house and senate have been corrupt for decades. Radio and the media consistently get it wrong and the people just eat it up left and right.
We deserve this miserable nation we have flushed down the shitter! Once enough illegals get here you will lose your country just like the Europeans are losing theirs. Enjoy losers!
[ link to this | view in thread ]
[ link to this | view in thread ]
It's this bad everywhere
The societal cost of this is already enormous and is still growing as the intersection of those areas with law increases. But I don't see a way out, as large swaths of the electorate simply don't see this complete lack of qualification as an issue.
[ link to this | view in thread ]
Re: Politics as usual
[ link to this | view in thread ]
Re: Re: Politics as usual
And since you think voting will not be fixing it, what pray tell, do you say will fix it?
[ link to this | view in thread ]
Re: It's this bad everywhere
Sure I, like everyone else, likes to pick on the other side of the isle, but the bigger problem is those on this & that side protecting the dirt bags!
[ link to this | view in thread ]
[ link to this | view in thread ]
Politics Unusual
1. Get rid of money in politics.
2. Get rid of political parties.
Neither of these are new ideas, and it may take a gun to the head of those needed to make the changes, but I see these as the way.
[ link to this | view in thread ]
I think I spotted the problem...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Politics as usual
In what sense is that not hard? Do you have a magical corrupt politician detector?
In my opinion the problem isn't corrupt politicians as much as it's a system that requires honest politicians to behave in corrupt ways if they want to accomplish anything at all.
[ link to this | view in thread ]
Re: Politics as usual
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: It's this bad everywhere
[ link to this | view in thread ]
Think about it....
Just watch it will come out later that the NSA won't let Congress secure themselves because Terrorism!
[ link to this | view in thread ]
Re: Re: Politics as usual
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Politics Unusual
3. Remove corporate personhood.
Without it. large companies would be unable to both grow larger and influence the governing process in any way, as they would no longer have the rights of people. And companies that own other companies could be broken up, as that ownership would no longer be legal. It would also make the MAFIAA's shell game of Hollywood accounting impossible, as it relies on front companies which cannot exist and do what they do without having the rights of people.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
because it's Congress and they dont do anything wrong and never lie (or so they say!)!!
[ link to this | view in thread ]
Re: Re: Politics Unusual
[ link to this | view in thread ]
Re: Re: Re: Politics as usual
Hell, I'm conservative and get called that on a regular basis for not toeing the party line. I'm not going to.
[ link to this | view in thread ]
Re: Re: Politics as usual
Could someone please explain this?
[ link to this | view in thread ]
Re: Re: Re: Politics Unusual
In 2003, I was living in Argentina. It was an interesting time, and one of the things that happened was a presidential election. There were five major candidates, and in the end it came down to two guys, where the margin of victory was smaller than the margin of error. Former president Carlos Ménem, trying to win his way back into La Casa Rosada (in the USA we have the White House; the Argentine equivalent is the Pink House,) garnered a very narrow plurality of the vote, with Néstor Kirchner coming in a very close second.
The most recent US election at the time was the one in 2000, and we all remember what a horrendous mess that was. (For values of "all" including US citizens who are not significantly younger than myself.) So it was interesting to watch what happened.
The short version is, instead of wasting time and money on endless recounts and re-recounts and re-re-recounts and court cases and whatnot, they scheduled a runoff election in a few weeks' time. But here's the interesting thing: that runoff election never happened. It quickly became clear that almost everyone who had not voted for Ménem the first time was going to support Kirchner in the runoff, and so Ménem conceded. And I couldn't help but think, this is so much more civilized than the way we did it.
But something like that can't happen without multiple strong parties in the first place.
[ link to this | view in thread ]
... and whose fault is that, eh?
This article posits that congresscritters don't understand cybersecurity like technologists do, don't use it in spite of being in a position where heightened security is important, and are making laws despite apparent ignorance of the issues.
The article misses at least two points: The members are congress are not by trade technologists. It's not their job to completely understand every nuance of a subject. That's why they have staffs. So argue instead about the ignorance of their staffs. You might also spend some time griping about the congressional IT infrastructure.
One of my favorite lines from this article was Most members of Congress and most congressional staff use unencrypted email ... (quoting ultimately from Chris Soghoian). Most of the world uses unencrypted email. Most often, it's over HTTPS. Sometimes it is on a system "entirely behind a firewall". It's still unencrypted.
Consider the intersection of public records laws and encryption, for congressional email. There were a couple of stories about the Clinton email scandal not so long ago. Now picture if the emails themselves were encrypted.
Finally, what was entirely missing from this article was a plan of action. What are you -we- going to do about this situation? Are you just going to tut-tut, "how terrible this is"?
Because if you're really concerned about this issue, you're going to do something. Contact your representatives (and/or their staffs) and ask to talk about this issue in depth. Don't just inform them of your concerns, ask them what the problems are on their end. Refer them to well known experts so that you don't come across as a special interest lobbyist.
Without the "Do", this article is just blindly repeating someone else's reporting and trolling for an emotional response.
[ link to this | view in thread ]
Re: Re: Re: Re: Politics Unusual
More importantly: this could not happen in the US without a constitutional amendment!
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Politics Unusual
[ link to this | view in thread ]
Re: ... and whose fault is that, eh?
I believe that was actually the point of the article: we don't need to do anything, and more specifically, we don't need Congress to pass cybersecurity laws, especially since they don't seem to even be aware of the basics.
(Note: I'm not saying here that I agree with that viewpoint, only that I believe that that was (at least part of) the argument being made in this article.)
[ link to this | view in thread ]
From the bottom of the linked page:
"Copyright © 2006 United States Senate Select Committee on Intelligence"
[ link to this | view in thread ]