US President Barack Obama has been accused of drawing up IT security proposals that will “create a cyber police state”.
The plans, outlined in a speech on Tuesday, are intended to update the US Computer Fraud and Abuse Act (CFAA), but critics argue that the wording of the proposed laws is so broad that they could be used against almost anyone with even the faintest link to online crime.
The laws suggest that anyone who “intentionally exceeds authorised access to a protected computer, and thereby obtains information from such computer… or for a purpose that the accesser knows is not authorized by the computer owner” could be charged under the CFAA – which would cover anyone opening a folder on a corporate network that they are not supposed to.
Robert Graham, CEO at Errata Security, said that the laws could even conceivably be applied to anyone clicking on a link in an email or a Tweet. “The new laws make it a felony to intentionally access unauthorized information even if it’s been posted to a public website. The new laws make it a felony to traffic in information like passwords, where “trafficking” includes posting a link,” wrote Graham in a blog post.
He continued: “Even if you don’t do any of this, you can still be guilty if you hang around with people who do. Obama proposes upgrading hacking to a “racketeering” offense, means you can be guilty of being a hacker by simply acting like a hacker (without otherwise committing a specific crime).
“Hanging out in an IRC chat room giving advice to people now makes you a member of a ‘criminal enterprise’, allowing the FBI to sweep in and confiscate all your assets without charging you with a crime. If you innocently clicked on the link above, and think you can defend yourself in court, prosecutors can still use the 20-year sentence of a racketeering charge in order to force you to plea bargain down to a one-year sentence for hacking.”
Obama is also planning a new mass internet surveillance law, in effect to legitimise the internet surveillance covertly carried out for years by the National Security Agency and exposed by Edward Snowden.
Obama’s proposals coincide with similar proposals from Prime Minister David Cameron, who has promised to resurrect the Communications Data Bill and also called for all encrypted communications to lodge keys with a government-mandated authority so that they can be read at will by government agencies.