Earlier this week president Obama signed a new executive order into action under the International Emergency Economic Powers Act (IEEPA). The new policy allows the US government to seize the assets and money of any foreign hacker found to be breaking into American networks. Signed into action, in what is being described as part of a ‘national emergency’, the executive order calls for sanctions to be placed on all international hackers, and calls for them to be treated in the same way that any terrorist or mob leader would be, meaning that any of the Chinese elite cyber army or foreign member of Anonymous, for example, could face having any or all of their American assets seized.
The executive order, however, is being portrayed by many as one of a kind, because of its vague nature and broad scope, which most consider to be far too totalitarian, with a few posts on Reddit even claiming that support for Edward Snowden, in the form of donations, could be enough to have you flagged as a cyber terrorist and have your assets seized.
Although that is an incredibly unlikely scenario, and I would not go worrying yet if you happen to have donated money to Snowden, it is fair to say that the policy is vague enough to warrant a little concern. It’s definition about who exactly it can punish, and for what exact kinds of cyber behavior, leaves people wondering if it will be used to target future whistleblowers, or perhaps the journalists who publish the leaks or in fact just about anybody who Obama’s government feels is disturbing the status quo.
Actually, the executive order is much more like something you would expect to see in Russia where it is commonplace for political activists, dissenters and anti-establishment figures to have their assets taken, be placed under house arrest, or at times even have family members thrown in jail as a warning to desist in opposing the regime.
The most troubling aspects of the executive order gives the Department of the Treasury the power to sanction anyone outside of the US that is ‘directly or indirectly’ involved in any ‘cyber-enabled activities … that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.’
It also calls for the assets and funds of anyone found to be ‘causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain,’ to be seized.
As you can see, it is pretty easy to understand why this executive order is causing such a stir, and it doesn’t stop there. The new policy also calls for assets to be appropriated from anyone found to be giving financial or material aid to any nation or individual that is also sanctioned by the order, and even says that any person found to be giving financial aid to any person whose ‘property and interests in property are blocked pursuant to this order who might have a constitutional presence in the United States,’ can be sanctioned.
It is the latter part that has had Reddit bloggers discussing whether donating money to Snowden could have them blacklisted, and their assets seized for traitorous behavior. In an amusing twist to the tale, however, rather than discouraging people from donating to Snowden, the executive order has actually had the reverse effect, causing a noticeable increase in donations to Snowden’s legal fund in the hours following its announcement – a raised middle finger to the government – and in solidarity with the exiled whistleblower.
All in all, the executive order seems to be somewhat hypocritical, although that is something that we have come to expect from the US’s policies – first the NSA spies on its own citizens and the rest of the world, then it feels that being hacked is a national emergency requiring tyrannically broad emergency policies.
Following the Sony hack fiasco in December of last year, the FBI were quick to announce that they knew the perpetrators were the North Koreans (probably in coordination with the Chinese elite hacker group). Although the FBI would not admit how they knew that, plenty of evidence soon surfaced showing that the US had been involved in penetrating North Korean networks for quite some time.The US’s response to the embarrassingly high level attack was to put sanctions on the North Korean officials involved, and one would assume that if this new executive order had been in place then it would have meant that if they did have any assets on US soil, those would have been or could now be confiscated.
How the US was able to so quickly point the finger following the Sony hack is just one example of its blatant methods of espionage, and also its completely blinkered sense that it should be able to do anything it likes to others – while pompously insisting that other nations and individuals cooperate and do the opposite. In American politics you definitely do not expect to be treated how you treat others.
One worry is that this new executive order could have an undesired effect on security research. As Kurt Opsahl, General Counsel for the Electronic Frontier Foundation (EFF, a well known digital civil liberties group), observes,
‘We’re still digesting the full order, but we’ve got a few initial questions already. One is whether this order could have unintended negative effects on critical security research. For example, could the executive order be used to issue sanctions, without due process, against security researchers who make or distribute penetration testing tools.’
Mr Opsahl points out that it would be unfair for people involved in vital security research to be worried that they could fall victims to these new sanctions,
‘The tools that could be used for attacks are also vital for defense, and security researchers who use them should not have to worry that they may face sanctions from the Secretary of the Treasury’
Although it is not clear just how this executive order will play out, and only time will tell, for now American citizens can rest easy knowing that it is targeted specifically at foreign hackers. On the other hand, if you are a foreign hacker planning to be the next Gary McKinnon, then perhaps it would be a good idea to sell any assets you own on American soil, and to move any money you have in US banks to a safer region before mounting your cyber attacks – that way you wont need to worry about Obama and his cronies taking everything you have.