A decade ago, a motivated hacker could make off with some of your most important documents—deeds, legal paperwork, tax returns or maybe that novel you’d been working on. He’d have a good idea of the basics, the most prosaic details.
Today, though, as the content of our digital lives creaks into gigabytes, heavy with tens of thousands of photos, logs of website visits and text messages, the same hacker could piece together your life in minute detail. Your secrets, hopes, fears and dreams are there, in your email account or on your phone, for the taking.
Any of us would be alarmed if some of our most sensitive conversations leaked to the public, our employers or other people we know. But what if even that information was spun, taken out-of-context or manipulated? This is an under-appreciated threat that, in the age of “deep fakes,” will only get more acute. Plus, while we’re all vulnerable to cyberattack and hacking from digital pirates who want to make a buck, or even from disgruntled family or employees, the incredible resources a hostile foreign state could bring to such an effort is even more terrifying.
The U.S. government is making an effort to combat this, but is concentrating on the biggest offenders first. This summer, the Justice Department announced a much-needed crackdown on Chinese cyberattacks and intellectual property theft, especially those targeting academic research institutions. Despite a long-time, widespread awareness of these espionage efforts against Americans, this is welcome news.
The Justice Department’s 2018 “China Initiative” rightly prioritizes cases of economic espionage from the Chinese Communist Party and has, thus far, announced charges in more than 20 egregious cases. But the Justice Department can’t be everywhere, and their lawyers have limited bandwidth to deal with cases that don’t pose an immediate, material threat to national security.
And victims can’t even take those responsible to court. Until now, the Foreign Sovereign Immunity Act (FSIA) prevents American companies, universities and even citizens from suing the state sponsors of hacking and espionage campaigns.
Because U.S. courts, and even the State Department, will prevent victims from getting restitution, this is a loophole that has the effect of actually encouraging foreign countries to get involved in information and political warfare against Americans and their interests.
Fortunately, though, as deadlocked as politics is in 2020, Congress is considering a bipartisan fix to the FSIA. The Homeland and Cyber Threat (HACT) Act allows both American organizations and citizens to sue foreign powers for damages to their business or reputation that are attributable to hacking campaigns.
This isn’t a radical step; it’s a reasonable one—and comes on the heels of several past modifications of foreign sovereign immunity. In 2016, Congress tweaked the FSIA to enable victims and their families to sue for compensation from state sponsors of terror in American courts.
Despite its 60 House supporters ranging from the left, right and center of American politics, the HACT Act has some detractors. Their objections to this sensible legislation are hollow, though. Some critics contend that opening these foreign countries to the U.S. legal system would undermine the U.S. government’s ability to solve these issues diplomatically.
That’s a decent argument, but it never works out that way—and reliably gets the worst offenders off the hook. When brought into bilateral negotiations about trade, weapons, war or territory, issues like cybercrime, hacking and intellectual property theft always get put on the back-burner and are lost amid hard-nosed horse-trading between government officials.
Also, professional diplomats at the State Department, National Security Council or other agencies aren’t well-versed in the intricacies of the many complicated cyber cases that can be traced every year to a foreign state actor. A courtroom is a far better setting for deliberating evidence and for getting just restitution for criminal wrongdoing.
The foreign cyberattacks we hear about often target infrastructure, like power grids or other government services. In recent years, though, foreign adversaries have found that using hacking in information and political warfare is perhaps just as useful; these campaigns cost comparatively little, but they can have a massive impact. These campaigns can—and have—targeted American businesses as well as individuals, costing many billions of dollars’ worth of damage.
The bipartisan support for the HACT Act couldn’t have been possible until now, as both Republicans and Democrats have recognized the threat, even for largely partisan reasons. Without it, an aggressive China or Russia is emboldened to use its technological prowess to target American citizens, businesses or academic and research institutions without fear of consequences in an American courtroom.
It’s time that changed.