Obama: If You Cyberattack the US, We'll Sanction You

Image for article titled Obama: If You Cyberattack the US, We'll Sanction You

President Obama has a message for foreign hackers: You’re grounded. The president declared a national emergency and signed an executive order today allowing targeted sanctions on anyone who is deemed a cyberthreat to the United States.


Obama wrote about the sanction plan on Medium:

Our primary focus will be on cyber threats from overseas. In many cases, diplomatic and law enforcement tools will still be our most effective response. But targeted sanctions, used judiciously, will give us a new and powerful way to go after the worst of the worst.

The sanctions include freezing any assets located in the US, and blocking potential threats from entering the country.

Now, this isn’t totally new territory Obama is wading into; he already tightened sanctions on North Korea after the Sony hack. But this executive order applies to individuals and groups of people, not just nations. This means if it turns out one ornery North Korean who hates James Franco was behind the Sony Hack, the US would be able to specifically sanction that guy. (Although, of course, that’s not what happened, and why would a random North Korean citizen have assets in the US, so this isn’t the greatest example, but you get my point.)

The order pushes sanctions on cyberattacks that jeopardize national security, but it’s even broader than that. Anyone who steals trade secrets from American companies or defrauds regular people by stealing their personal info to the point where their actions screw with the economy could now get officially squeezed by the US government.

And companies that profit from those stolen trade secrets could get sanctioned too. So if, say, South Korean hackers steal Apple trade secrets and Samsung uses them, Samsung would be screwed, its US-based assets frozen.


This doesn’t mean that petty criminals like the dudes who are selling Uber login info for a dollar will get sanctioned. Cybercrimes will have to meet a threshold of causing harm to the whole country’s economy, not just the Visa bill of an unwitting scam victim. So if you’re hoping that the US will put the squeeze on the person who hacked your Venmo, this isn’t the bill you’re looking for. But narrowness here is a good thing for privacy: Obama’s previous cybersecurity initiatives have had privacy supporters frustrated that they’re so broad.

Image via AP




How about “if you do a crappy job securing your users’ data, we will beat your ass and force you to pay massive punitive damages”?