The US Congress is hard at work crafting legislation to fight cybercrime and protect the American public from its effects. The very belief that legislation can, in any manner, be an effective tool against cybercrime, cyberterrorism or cyberwarfare, demonstrates an abysmal, shocking and shameless lack of understanding of the Cyber World.
Cybercrime occupies a realm of the real world that transcends, and is immune to the influence of law. You can no more diminish cybercrime and its effects through enacting laws, than you can defeat a heavily-armed Islamic State (Isis) in battle through the use of harsh words.
Let me give you the most shocking and embarrassing example: Senator Bill Nelson (D-Fl), a member of the Senate Commerce Committee, has proposed legislation that will force companies that have been hacked to notify all customers whose private data has been breached within 30 days of discovery of the breach.
No more mind-warping news has reached my awareness since my discovery that Santa Claus was a coordinated and devious mass deception perpetrated on small children by the adult world.
A pointless law
That someone with such extreme naivete could possibly be elevated to the rank of Senator is incomprehensible to my mind. Yet this appears to be reality. Let's look at this as if we're a first semester freshman student in the cyber sciences. We would know next to nothing of practical value yet, but we would at least know the fundamental principles upon which science is based.
We know, for example that more than 90% of all computer hacks go entirely undetected. Of the 10% that are detected, there is not a single example where the awareness of the breach happened sooner than 6 months after the breach, with the average being two or more years. Even the most invasive and egregious hacks are seldom detected soon enough to avoid the hackers from exploiting whatever they have taken.
A prime example of this is the hack of the US Office of Personnel Management. The most sensitive data that any government can possible posses, complete records of every employee possessing a Top Secret clearance, went undiscovered for more than a year.
I now ask you: of what earthly value is a legislated notification period to a victim whose data has already been compromised and exploited to the fullest extent possible?
Politicians will become puppets of informed political advisers
When I read about Senator Nelson's proposal, I assumed that he had been immediately booted out of the Commerce Committee while his fellow Senators rolled on the floor in convulsions of laughter. To my abject horror, such was not the case. The proposal has support from actual Senators representing actual States. What is worse is that there are four additional competing bills in the upper chamber that make Nelson's proposal seem positively brilliant.
My heart is heavy to see our once great government spiral down the staircase of ignorance when anything involving cyber science is addressed. We must have leaders who are educated in this most critical of all fields or we will end up in a country where political advisers, who do in fact understand this science, become the metaphorical Praetorian Guard and our elected leaders become puppets on their strings.
Cyber Science, which is based on the manipulation and movement of invisible particles, processed by microscopically tiny devices, which create near infinite information, which is then stored in an undefined and unmanifest 'cloud', which is then accessed through untraceable mechanisms, cannot - even in the realm of science fiction - be influenced in any meaningful manner through legislation.
It is education and education alone that will help us. Ignorant leaders cannot possibly make informed decisions. As long as our leaders are illiterate in the Cyber Sciences, The United States will continue its downward spiral toward oblivion.