At a glance.
- Some in Congress declare ransomware a crisis.
- Notes on Section 230.
Members of Congress call a “ransomware crisis.”
The Washington Post reports consensus among industry experts and members of Congress that the status quo is not cutting it with regard to ransomware, and a “whole-of-government approach” is needed. Palo Alto Networks VP John Davis testified this week before a House cybersecurity subcommittee that preventative security standards should be a top priority, as should the development of a national plan for mitigation, recovery, and response. The Department of Homeland Security, meanwhile, is launching a sixty-day workforce sprint with the aim of onboarding two-hundred cyber professionals, a possible windfall to anti-ransomware efforts.
Regulation might be the next prong. Former Cybersecurity and Infrastructure Security Agency Director Chris Krebs pointed to profitable yet risky critical infrastructure players that should “step up from a corporate citizenship perspective and apply enhanced security requirements,” while warning against overenthusiastic legislation that could smother emerging technologies.
Comment on Section 230.
Wired argues that Section 230 is not, as its advocates maintain, a “wellspring from which everything good about the modern internet emerged,” and that this misconception is a primary barrier to meaningful reform. After reviewing the cases that led to 230’s creation and cemented its current, questionable interpretation, the article imagines an alternative universe where individual judges were allowed to craft nuanced responses to emerging issues. The resulting situation might resemble Canada, where moderators are a little more careful but the exchange of information is “alive and well.” (Objectors raise Ottawa’s lack of home-grown social media giants, but Wired says causality is tricky to establish there, and besides, is that so bad?)
Setting aside the possibility of a time machine, incremental reform is the plausible path forward. The Safe Tech Act would eliminate liability shields for things like harassment and wrongful death, and reorient the law towards speech (away from commerce). Others propose limiting protections to platforms that don’t “curate, amplify, or monetize” content, on the view that running a website shouldn’t be a sufficient condition for 230 safeguards, but an organization’s business model should instead determine its obligations. Airbnb, for example, should be subject to travel industry regulations. A third school of thought would restrict protections to demonstrably Good Samaritans, those that take pains to mitigate abuse. The resulting moderation wouldn’t be perfect, and the First Amendment would still allow mean and false information to fly, but firms would be forced to do more about harms like defamation.
Objectors worry that such reform would hurt the little guys worst, and remove the main advantage of 230: allowing companies to kill suits before they produce big bills. Wired thinks this argument is always “trotted out” against regulatory reform, in arenas as diverse as food safety and campaign spending, and comes with no guarantees. Suing companies will remain difficult for other reasons, and furthermore, regulation can energize peripheral markets—in this case, the market for moderation software. The current state of affairs, Wired concludes, permits platforms “to externalize some of the costs of their business models.”