02:40 GMT01 October 2020
Listen Live
    Get short URL
    0 33

    Based in part on sanctions imposed against North Korea after the cyberattack on Sony Pictures, President Obama has signed a new executive order which allows the US to penalize individuals accused of cybercrimes. A necessary step toward securing cyberspace, or a frightening government overreach?

    After the hack into Sony Pictures last November – the same one that aired Hollywood’s dirty laundry and temporarily crippled the Seth Rogan comedy, "The Interview" – President Obama signed an executive order imposing financial sanctions against North Korea. The penalties were meant to punish the government the FBI deemed responsible, but the individual hackers were more or less immune.

    On Wednesday, Obama signed a new order. The first of its kind, this order grants the US authority to place sanctions on individuals overseas who are found to be involved in cybercrimes.

    "Part of the message it will send is if you think you can just hide behind borders and leap laws and carry out your activities, that’s just not going to be the case," a senior administration official told the Washington Post, speaking on condition of anonymity. "We have other ways of getting at you, and we can hit where it hurts in terms of financial impact."

    The move is also concerned with large commercial data breaches, like the ones affecting Home Depot, Target, and JPMorgan Chase. Hackers stole millions of credit card and Social Security numbers through those attacks.

    Grounded in the International Emergency Economic Powers Act, the order gives the treasury secretary, in consultation with the attorney general and secretary of state, the power to target foreign individuals or groups. Those who have engaged in illicit, cyber activity could then have their financial assets frozen and a visa ban imposed. The order could also bar commercial transactions with those individuals.

    The administration insists that any such sanction must be grounded in evidence which could theoretically withstand a court challenge, and must meet specific requirements to be considered "significant malicious cyber-enable activities."

    Firstly, the cybercrime must be harmful to national security at large. It will also have to fall into one of four categories: an attack on infrastructure, such as power grids; an interference with major computer networks; digital theft of intellectual property; or benefitting from stolen property, such as credit card data.

    "You can’t use it to go after Joe Schmo the petty criminal," the official told the Post. "You've got to be able to demonstrate [the activity] is on a scale that's harmful to the United States as a whole."

    While many are lauding the order as a bold, necessary move in cybersecurity, the decision may not sit well with others already concerned about government overreach in the digital age. Any executive order signed by the Democratic president is bound to draw criticism from the Republican-controlled Congress, but there may be legitimate concerns.

    For one, while officials stress that such sanctions can only be imposed on individuals after court-worthy evidence is gathered, there is still no indication that a judicial process will be involved. Carried out through the executive branch, the order could be abused if not properly monitored.

    There could also be questions of jurisdiction. While a post on the White House blog states that the order will cut off funding to hackers who "use our financial institutions or partners to transfer their money," the order is still aimed at punishing foreign citizens. In May, the Justice Department issued indictments against five Chinese hackers the US accused of cyber espionage. As expected, those charges didn’t  go over well with the Chinese government.

    President Barack Obama prepares to speak at the National Cybersecurity and Communications Integration Center.
    © AP Photo / Evan Vucci
    Last month, Obama also announced the creation of a new federal intelligence center to combat cybercrime. The Cyber Threat Intelligence Integration Center was dubbed an "intelligence center that will 'connect the dots' between various cyber threats to the nation so that relevant departents and agencies are aware of these threats in as close to real time as possible," an anonymous official told the Post.

    That announcement, too, faced criticism.

    "The internet cannot be protected by the government, because the government will never permit a system that it can’t zero into," Judge Andrew Napolitano told Fox Business at the time, adding that "any government agency that is big enough to protect us, is big enough to surveil us."

    And big enough to freeze individuals' bank accounts, evidently.


    US Banks Avoid Cybercrime
    Next US Attorney General to Prioritize Terrorism, Cybercrime Issues
    Netherlands to Hand Alleged Russian Cybercriminal to US: Reports
    US Prosecutors Ask to Postpone Trial of Alleged Cybercriminal Seleznev
    hackers, data breach, executive order, cybersecurity, cybercrime, CTIIC, US Treasury, White House, United States
    Community standardsDiscussion