Wednesday, October 3, 2012

Week 1 Graded submission, part 2

Topic - What are some difficulties policy-makers face (at the US national level) to make policy that gets the desired results to counter cyber crime? Does the public demand seriously effective policy to counter cyber crime (think credit card fraud or ID theft)? In your view, do current legislative efforts address cybercrime concerns adequately?

A significant difficulty that impedes the creation of federal cyber crime legislation is that detection, prevention, and tracking of cyber crime is performed through monitoring. Botnets, a collection of compromised systems controlled by a “botherder”, or single attacker, are valuable weapons to cyber criminals and attackers. (Vacca, p. 119, 2006) The best way to mitigate or prevent the damage from an attack by a botnet is to have the authorities detect, locate, and disrupt it. According to Walsh et al., botnets are detected by examining traffic sessions for known botnet command and control (C2) traffic. (2006) Such detection cannot occur without examining the traffic and such examination by US government entities run into privacy concerns. The moment wide scale monitoring is mentioned then Constitutional privacy concerns are raised. The appearance or opportunity for privacy abuse by the US government is then given tough scrutiny by the judiciary and public.

Tsukayama quotes a American Civil Liberties Union counsel as saying “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back” about the Cyber Intelligence Sharing and Protection Act (CISPA), passed by the House this past April. (2006) CISPA just allows companies the option of share data with the federal government in the event of a possible cyber threat, it doesn’t require it. If the Electronic Frontier Foundation and American Civil Liberties Union represent the American public then I think the answer is no. Seriously effective policy apparently comes at too great of a price to personal privacy. (Tsukayama, 2006)

Recent legislative efforts, Cyber Intelligence Sharing and Protection Act (which Tsukayama reports that even the White House feels is inadequate) as well as the failed attempts from 2011 of Stop Online Piracy Act and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, risk too much damage to privacy and freedom of speech. (censorship, loosely covered as protecting copyright and trademarks)

Matthew

Strayer, T. W., Walsh, R., Livadas, C., & Lapsley, D. (2006). Detecting Botnets with Tight Command and Control. Retrieved 26 September 2012 from: http://people.csail.mit.edu/clivadas/pubs/StrayerWLL06.pdf

Tsukayama, H. (2012). CISPA: Who’s for it, who’s against it and how it could affect you. Retrieved 26 September 2012 from: http://www.washingtonpost.com/business/technology/cispa-whos-for-it-whos-against-it-and-how-it-could-affect-you/2012/04/27/gIQA5ur0lT_story.html

Vacca, J. R. (2009). Computer and information security handbook. Burlington, MA: Morgan Kaufmann.

No comments:

Post a Comment