Justice Dept. Lobbies Against Cyber Security

James Baker of the Justice Department recently testified to the Senate Judiciary Committee about ECPA reform, and in the process he touched on the provision of ECPA that prohibits ISPs from sharing subscriber data with the government in the absence of a court order.  Mr. Baker hinted that this provision should perhaps be expanded to prohibit ISPs from sharing subscriber data with any third party in the absence of a court order:
A sixth potentially appropriate topic for legislation is the disclosure by service providers of customer information for commercial purposes.  Under § 2702(c)(6) of ECPA, there are currently no explicit restrictions on a provider disclosing non-content information pertaining to a customer or subscriber “to any person other than a government entity.”  This approach may be insufficiently protective of customer privacy.  Congress could consider whether this rule strikes the appropriate balance between providers and customers.
This strikes me as a dangerous step from the point of view of cybersecurity.  Let me give one example.  In a distributed denial of service attack, infected consumer machines are instructed to send packets to a victim site, which is then overwhelmed by malicious traffic.  An ISP can often tell which of their customers’ machines have been infected just by looking at the nature of the signals the machines are sending.  If the ISP passes that information on to the victim site, the victim site or its service provider can shunt aside or drop signals from the infected computers as part of the target’s defenses.
Mr. Baker’s casual proposal to extend the ECPA bar on disclosure would seem to make such such defensive moves illegal in the absence of a court order.  It seems to me that this would dramatically slow responses to denial of service attacks.
Am I missing something, or is the Justice Department just clueless?  Orin Kerr, the batsignal is flashing!


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Related Posts Plugin for WordPress, Blogger...