What is going on here is that Obama is creating a dragnet for catching as many dissentients to his tyrannical government as he can. The federal government has declared war upon conservatives – and they are winning. Even local law enforcement considers ‘sovereign citizens’ a greater terrorist threat than Islamic militants.
The government moves their communist agenda forward by creating fake attacks upon itself, known as false flags, in order to obtain more control. This isn’t theory, this is admitted and past false flags have been declassified.
We can expect false flags to follow the new CFAA, which is basically a rehashed CISPA, in order bring in more and more control. The Washington Post recently published and article illustrating how DHS isn’t even protecting the federal government from cyber attacks.
So, Obama is so concerned about protecting us from cyber attacks…but not his own government? That’s highly unlikely. Expect the feds to get attacked online soon…by their own hand.
Eventually, probably after the beginning of martial law, this will be used to classify average, liberty-minded Americans as criminal in order to send them to re-education camps. This will be one of many types of dragnets used in order to ‘disappear’ people they don’t like – just as we’ve seen in other oppressive regimes.
But even those who send a link to certain kinds of information, or transmit passwords that aren’t their own, would likely break the CFAA too. Any party who “knowingly and willfully” sent a “password or similar information, or any other means of access” to a computer, “knowing or having reason to know that a protected computer would be accessed or damaged without authorization” would have committed an illegal act, under Obama’s proposals.
Another of Obama’s recommendations could see offenses covered by the CFAA included in prosecutions under the Racketeering Influenced and Corrupt Organizations Act. According to Graham, just being linked to a hacker group would land you in danger of a 20-year prison sentence. As many innocent researchers and interested parties hang around in the same chatrooms and forums as criminal hackers, this could again ensnare many who don’t deserve to have their online activities criminalised.
The US government has seemingly offered some compromises, one being the addition that only those who illegally obtained information worth more than $5,000 could be prosecuted. That should lead to limits on the number of those who could be charged for, say, sending a link to leaked passwords. But it’s easy to ratchet up the value of data, especially if the information provides access to accounts. Not to mention the increase of a maximum penalty for circumventing access controls from five to ten years.
All this isn’t dissimilar from what the law says in the UK. For instance, under the Computer Misuse Act, those who access material they “know” they haven’t been authorised to see can be hit with a six months jail sentence or a £5000 fine. “It was considered poorly thought through at the time… The US is just proposing the same thing. I wish there were more digitally literate folk in parliament,” said professor Alan Woodward WWD -2.92%, a security expert from the University of Surrey.
The CFAA has already caused plenty of consternation amongst professional hackers, better known as penetration testers, who seek to find weaknesses in digital tools to encourage speedy resolutions. Forbes has previously heard complaints from the security community researchers have been threatened with legal action for simply doing their job. “Protecting computers often means attacking them. The more you crack down on hackers, the more of a chilling effect you create in our profession. This creates an open-door for nation-state hackers and the real cybercriminals,” Graham said.
“If this comes true, it’s going to have a devastating effect on the offensive security industry, as developing or even just being in possession of a copy of a security testing tool such as Metasploit could potentially be interpreted as conspiracy to commit a crime,” added Andreas Lindh, a consultant for I Secure Sweden.
Others are a little less pessimistic. Jon Oberheide, co-founder of Duo Security, said he didn’t believe the changes would have “a significant impact on researchers’ ability or appetite to do what they do”. “Cyber security law is out-dated and already has a lot of grey area. But the written letter of the law is a minor aspect compared to how that law is put into practice and prosecuted. Security researchers care much more about the implementation of the law than the text,” he told Forbes. “After all, we make a living poking holes in implementations, even if they have secure designs. So unless security researchers start being prosecuted, I don’t think many will blink.”
A number of high profile cases have tested the adequacy of the CFAA. The late freedom of speech and open internet activist Aaron Swartz was prosecuted for downloading files from the Massachusetts Institute of Technology (MIT) he believed should have been open to all. Defenders of Barrett Brown believe he has been kept in jail for simply copying a link related to the breach of US government contractor Stratfor from one chatroom to another.
The security community had hoped the Obama administration would bring more context into hacking laws so researchers and other innocents weren’t implicated by simply going about their normal online lives. But with the stalling of Aaron’s Law, a bill named after Swartz that was supposed to rethink cyber legislation in favour of legitimate research and freedom of information, those hopes had started to fade as of summer 2014. With Obama’s proposals, security professionals’ optimism has all but evaporated. “In short, President Obama’s War on Hackers is a bad thing, creating a Cyber Police State,” added Graham.