Tag Archives: Cybersecurity

Shot in the Dark: Can Private Sector “Hackbacks” Work?

In an era when cyberattacks are becoming ever more prevalent, there is a growing demand for private companies to “hackback” to deter and defend against attacks. But federal law precludes them from doing so. Sam Parker addresses the risks and benefits of allowing companies to respond to cyber-threats by going on the offensive and analyzes three legislative hackback proposals.

Because Parker finds that each proposal is either insufficiently effective or bears unacceptable risks, he recommends a hybrid proposal that would allow federal authorities to authorize and strictly supervise companies to engage in defensive cyberattacks. Parker argues this approach enables private companies to be “force multipliers” against cyberthreats while also mitigating the risks of a feared “Wild West” scenario where the private sector can hackback against anyone without restraint.

A Multiverse of Metaverses

By Sadev Parikh

Eric Ravenscraft’s Wired article shows us the difficulty of defining the “metaverse,” which may be better understood through the lens of Wittgenstein’s idea of family resemblances than through any attempt at clear-cut definition. Metaverse can be seen as a concept made up of family resemblances that include elements of virtual reality, augmented reality, and haptic feedback. While these technical elements may ground the concept, various metaverses could vary along parameters such as the centralization of power, financialization, and degree of anonymity for users. Armed with this framework, we might predict how the metaverse may manifest in the United States.

Considering centralization of power, we see two competing visions: one concentrated around Facebook (i.e., Meta), and the vision of a “Web 3” that might include worlds like Decentraland built around principles of decentralized decision-making and power enabled by blockchain technology.

A Facebook-driven metaverse could become the dominant mode, simply through its incumbent network effects and persistence as a premier destination for advertisers, as well as customer lock-in stemming from adjacent services (such as Messenger, Groups) that are increasingly essential to participating in modern life. The “Future Threats to Digital Democracy” report captures internet harms directly tied to the influence of Facebook and its business model on the internet.

Digitally impaired cognition is driven by social media content algorithms “engineered for virality, sensationalism, provocation and increased attention.” Reality apathy comes from the diffusion of re-shared negative content that is upranked by Facebook’s algorithms. It’s easy to imagine that a Facebook-driven metaverse is therefore likely to replicate the same features given Facebook’s need to monetize.

Only now, Facebook’s paradigm may disintermediate not only our cognitive lives via smartphones but also our physical interactions, from the mundane like work meetings to even intimate moments like hugging enabled by haptic feedback suits. That said, perhaps Libra’s failure and Facebook’s February stock plummet portend a future where Mark Zuckerberg’s dreams no longer translate inevitably to our reality.

Continue reading A Multiverse of Metaverses

Bubbles Over Barriers: Amending the Foreign Sovereign Immunities Act for Cyber Accountability

More and more often, the Foreign Sovereign Immunities Act (FSIA) has protected cyberattack-conducting state actors and their cybersecurity contractors from legal liability and suits brought by victims seeking redress in US courts.

Adam Silow argues that it is time for foreign sovereign immunity to receive an update for the digital era. State-sponsored cyberattacks and their use of cybersecurity contractors are increasing, particularly affecting human rights activists and large companies with key data and trade secrets. The US government’s responses, namely, diplomacy, sanctions, or issuing “speaking indictments” by prosecutors have been inadequate, and statutory language of the FSIA does not clearly allow liability for cyberattacks, even under the new terrorism amendments.

Some experts propose merely amending the language to include liability for all cyberattacks, which Silow argues may inadvertently allow liability for legitimate state action. Instead, Silow concludes that more targeted legislation should protect specific victims of cyberattacks, namely human rights activists and targets of trade secrets, and allow those victims to legally overcome foreign sovereign immunity in US courts.