Clueless officials hamper cybersecurity law-making

Clueless officials hamper cybersecurity law-making

Summary: Governments need to know what problems the cybersecurity legislation is meant to address, or they will face public backlash over the possible intrusions to their personal rights.


Governments need to determine the purpose of any proposed cybersecurity law and what problems it is supposed to address before approving the legislation. Those that fail to do so will experience backlash from their citizens, which is something countries such as the Philippines and India are going through.

Dan Auerbach, staff technologist at the Electronic Frontier Foundation (EFF), said a good piece of cybersecurity legislation is one that is careful, well-researched, specific, and with consideration for citizens' freedom of expression and privacy.

Lack of understanding detrimental
However, in many countries, there is often a lack of clarity surrounding the issues that the law is supposed to resolve. This is due to the lack of technical understanding on the part of lawmakers, Auerbach noted.

For instance, in today's security climate, there are cyberattacks and online crimes. The former involves sophisticated malware introduced to the networks of mission-critical systems to damage them irreparably, while the latter involve perpetrators using scam Web sites to steal small amounts of money from people.

These are two separate issues that require different solutions, and enacting a bill to try and address both is equivalent to having an open-ended bill entitled "Combating crime: terrorism, shoplifting", he pointed out.

Auerbach also spoke out against laws looking to attribute actions on the Web to an individual, noting it is "absurd" to assume this and how the Internet is a space for people to speak anonymously.

"Such outlandish proposals often come from uninformed politicians looking for easy answers, but the reality is their implementation will be incredibly dangerous to citizens," he said.

Then there is the issue of cybersecurity laws that bestow the government and public sector agencies with wide-ranging powers, which might stir citizens' concerns on how it might be used, noted Koh See Khiang, senior associate of information technology and communications at law firm Baker & McKenzie.Wong & Leow.

Citing the example of Singapore's recently proposed bill to amend the Computer Misuse Act to the Computer Misuse and Cybersecurity Act, Koh said the changes would give the government powers to order pre-emptive measures against planned attacks on critical national infrastructure. Given its range of impact, Singaporeans may be concerned over how the law might be used, and whether it could suppress privacy and free speech, he explained.

Philippines is one Asian country facing challenges in implementing its Cybercrime Prevention Act. The law, which was signed into being on Sep. 12 this year, was originally intended to fight online pornography, hacking, identity theft and spamming after local law enforcement agencies complained they lack the legal tools to combat such crimes.

However, the final legislation included tougher legal penalties for Internet defamation compared to traditional media. It also gave authorities the permission to collect data from personal user accounts on social media and listen in on voice and video apps such as Skype without a warrant.

Since its inception, though, multiple petitions were filed by various groups in the country and these protests eventually caught lawmakers' attention. The Philippine Supreme Court decided on Oct. 10 to suspend the Cybercrime Prevention Act while it determines whether the law violates civil rights.

Some intrusion permissible
Not everyone is against sacrificing some civil liberties to enhance the country's security though. Singaporeans ZDNet Asia spoke to acknowledged that some form of freedom has to be compromised in order to ensure better national security.

Toh Geok Boon, a civil servant said she was "supportive" of governments having the right to use personal online footprints to gather evidence, or conduct analysis of people's online behavior to prevent crime. In fact, she would "feel safer" if the government did so.

However, any government intrusion into people's personal space should not resemble that of the Chinese government, said Peace Chiu. She said China's control over its citizens, particularly on their freedom of speech, is "stifling" so lawmakers need to ensure to balance security needs with discretion.

Ultimately, country's legislators will need to make an effort to canvass the opinions of most citizens before enacting any cybersecurity laws, stressed Auerbach.

"Legislators must listen past the cacophony of fear and constant lobbying of law enforcement [agencies], and instead seek out technologists with subject-area expertise and civil society groups who fight for citizens," he said.

Topics: Security, Government, Legal

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • excuse me?

    What "national security" problems are they having that necessitated this approach? Does Singapore really suffer from that much terrorism?
    • Depends...

      ...on whether you consider a vote against the ruling party to be an act of terrorism.
      John L. Ries
  • maybe...

    They can increase job production by hiring more security hackers to protect said information, to architect ever changing algorithms to keep people out of where they shouldn't be. There should not be laws dictating what people can and can't do. Instead, there should be people dictating that based on policies that reflect the country's security. You get more jobs and a sure path into the technological future. That is a better, more economic solution.
  • American Leaders are FOOLS!

    we are so screwed.
  • They who can give up essential liberty

    to obtain a little temporary safety, deserve neither liberty nor safety. Benjamin Franklin 1775.
    It seems to be as true today as it was then. Gov'ts never temporarily take a freedom, they say it is, but it always turns out to be just the first nibble.
    Let them pass the laws, but let them get their warrants and petitions before they can violate even your most minor liberty. if the need is real, they should be able to get the permisson, but no blank checks.
    • Exactly....

      We can't give up our freedoms in the name of security, as you say, let them get warrants. If it's pressing enough, they can get them quickly.
      • Already Done in the U.S.

        It's called "The Patriot Act". Takes away constitutional freedoms by feigning security.
  • Most of politician are clueless about technologies and the laws they passed

    Can you ask these government officials to explain "cybersecurity" in 3 sentences? I am sure these politicians never read or understand any of these laws before they signed on.
    It is all about face value. We got what we voted for. Vote your hearts out. We did.
    • Cybersecurity

      Efforts made to protect the government.
  • Clueless!

    If you only knew how appropriate this one word sums up the global perception of Cyber Security.
  • Thanks Ellyne Phneah,

    At ZDNet Asia, Ellyne has been warning readers of upcoming security threats, while also covering other tech issues. Just my opinion, but I believe she is hitting the nail square on the head. More and more cyber criminal activity is originating off our own shores, making it more difficult for the U.S. to track, locate and prosecute. A pro-active approach is needed but as Ellyne points out, we need to tread carefully. I admire Ellyne's compassion and dedication to this cause, something that we all should be concerned about. Great article!
    • Thank you

      Hi RichsAC, thank you very much for your encouraging feedback. I'll continue to keep a close watch on trends surrounding cybersecurity, privacy and data protection legislations.
  • Another step toward totalitarianism

    It does appear the trend is for the United States Administrative branch of government to control the Internet and there have been statements to the effect that any protests against administration policy could be considered treason, subject to the Patriot Act.

    It is not a comfortable situation.
  • Available to the highest bidder

    The legislators will pass whatever is handed to them accompanied by the biggest box of cash.
    Some of those clowns couldn't even turn on a computer. Oh wait, I!
  • Government "Solutions"

    The government never solves a problem because it always tries to solve a symptom. Solving a problem is hard and requires the use of analytical skills including logic and reason and listening to and comprehending expert testimony . Politicians react to symtoms, generally with a simple, straight forward "solution" that is wrong and rife with unintended consequences leading to more "solutions" of symptoms.
  • Doctors, Lawyers and Indian Chiefs.

    All require training and commitment. Everything political requires only a vote and other than that, no special skills are required or regularly seen. Maybe some educational minimums need to be met before the law makers, make laws.
  • The Phillipines is facing a lot worse problems...

    Than cyber crime. End to end self-destructive culture is one, violent crime is second, crippling poverty is third, non-existent jobs, poor education, etc etc et al. Cybercrime is pretty low on the list when you can't walk 10 feet in Manila without getting mugged. Also, REALLY, we're going to point to a Lee Kwan Yew policy as anything redeeming? The only reason he even supported the law is it was getting in the way of his business profits... I mean "national economy."
  • Yes, politicians are clueless

    Since they don't understand the subject, the pols tend to enact what industry, police, and state security services say is needed. Thus the bills often expand intellectual property rights and police powers while doing little or nothing for cyber security. Got to be watching them all the time.

    EFF is a great organization, I suggest everyone support it.