CYBER LAWS & The Snowden Case

 

Staying ahead of cybercriminals and being able to prosecute them to the fullest extent of the laws is a difficult task that law enforcement is faced with. Unfortunately the technology is advancing so fast that the law is having a difficult time keeping up. Unlike the European Union, the United States does not have one single law that regulates cyber security and privacy (IT Governance, n.d.). Several US states have their own cyber security and data breach notification laws, which makes doing business across all 50 states considerably challenging. A few of the cyber security laws in the US are:

• 15 US Code Chapter 98, Sarbanes-Oxley – Requires organizations to prove their cyber security credentials and carries criminal penalties

• SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information – Is an information security regulation requiring a company to carry appropriate cyber security measures and carries a civil fine of up to $1,098, 190

• GLBA: Gramm-Leach-Bliley Act – Is an information security and privacy law and carries fines that could exceed $1 million and a possibility of losing FDIC insurance which would be the end of any financial firm

• FTC: Federal Trade Commission Act §5 - Is an information security regulation requiring appropriate cyber security measures and is a privacy law that can impose civil liabilities, that have reached $5 billion in the recent Facebook case

• HIPAA: Health Insurance Portability and Accountability Act – Is a security, privacy, and breach notification law which carries fines related to the nature of the crime, the largest fine to date was $16 million

 While individual states have different cyber security laws, there is not a single law that covers cyber security for the world. This makes it difficult to apprehend and charge cybercriminals in other countries. Law enforcement is at the mercy of the host country laws and extradition policies. One famous example of this is the Snowden case. In 2013 Edward Snowden was working as an IT systems expert in a contract for the National Security Agency (NSA) (Davies, 2019). While working at the NSA, he provided three journalists with thousands of top-secret documents concerning US intelligence agencies surveillance of American citizens. Obviously the US was highly motivated to capture him and try him to the fullest extent of the law. While on the run, Snowden spent 40 days in the Moscow airport attempting to negotiate asylum in a number of different countries. He was repeatedly denied asylum and chose to stay in Russia, where he remains today. Without the host countries legal cooperation, the United States can’t try Snowden unless he is on US soil, or a country that cooperates with the US.

International law does not unilaterally regulate cyberspace (Hollis, n.d.). However, several international organizations including the United Nation General Assembly’s First Committee on Disarmament and International Security, the G20, the European Union, ASEAN, and the OAS have affirmed that existing international law applies to the use of information and communication technologies (ICTs) by states (Hollis, n.d.). It is important to note that cyber security laws need to catch up with today’s growing technology, need to be formed and enforced at the national and international level, and need to enable international cooperation when it comes to catching and trying cybercriminals.

References

Davies, D. (2019, September 19). Edward Snowden speaks out: 'I haven't and I won't' cooperate with Russia. NPR. Retrieved February 21, 2022, from https://www.npr.org/2019/09/19/761918152/exiled-nsa-contractor-edward-snowden-i-haven-t-and-i-won-t-cooperate-with-russia 

Federal Cybersecurity and Data Privacy Laws Directory. IT Governance. (n.d.). Retrieved February 21, 2022, from https://www.itgovernanceusa.com/federal-cybersecurity-and-privacy-laws 

Hollis, D. (n.d.). A brief primer on International Law and Cyberspace. Carnegie Endowment for International Peace. Retrieved February 21, 2022, from https://carnegieendowment.org/2021/06/14/brief-primer-on-international-law-and-cyberspace-pub-84763