A couple of years ago....from 1998-99....I worked in the Pentagon. Part of my responsibilities included working cyber law issues. It was a challenging, but a lot of fun. The issues were all fairly new, so there wasn't a lot of "hard & fast" legal precedent on which to base a legal opinion. The whole time I worked cyber law questions, I advocated for a standard that set a virtual "red line" around critical computer systems or databases, such that if anyone not authorized to access that system or database did so, it constituted an act of war. It's an act of war for a nation-state or terrorist organization to penetrate our borders and cause havoc; the act of penetrating a critical computer system or database should be categorized the same way. Of course, there were practical problems that needed to be identified and worked out; but the main idea was that there are certain systems or databases that are so essential to the functioning of our goverment, our defense, or our society that any interference with those systems would cause a major disruption equivalent to an attack on the homeland and those systems needed protection.
At the time, during the Clinton Administration, there were certain elements within the Department of Justice that heavily resisted calling any computer intrusion an act of war. They wanted to categorize any intrusion into a computer system or database, critical or not, as a criminal act. The problem with this approach was that criminal acts need to be investigated; applying all the "standard" investigatory rules, such as the requirement for probable cause prior to issuing a search warrant.
I've been out of the cyber law arena for some time, but it looks like someone with some sense finally saw the light. According to FoxNews, the Pentagon has finally concluded that computer sabotage coming from another country could be considered an act of war. All I can say is, "about time."
At the time, during the Clinton Administration, there were certain elements within the Department of Justice that heavily resisted calling any computer intrusion an act of war. They wanted to categorize any intrusion into a computer system or database, critical or not, as a criminal act. The problem with this approach was that criminal acts need to be investigated; applying all the "standard" investigatory rules, such as the requirement for probable cause prior to issuing a search warrant.
I've been out of the cyber law arena for some time, but it looks like someone with some sense finally saw the light. According to FoxNews, the Pentagon has finally concluded that computer sabotage coming from another country could be considered an act of war. All I can say is, "about time."
No comments:
Post a Comment