With the massive growth of the administrative state, much of the real decision-making power over the lives of millions of Americans is left to unaccountable bureaucrats deep inside the agencies of the executive branch. Over the last few decades, Congress—designated in the Constitution as the legislative branch of government, responsible for passing laws, and made directly responsible for that job by the American people—seemed very happy to abdicate their role, preferring instead to limit its involvement to largely rubber-stamping massive omnibus budgets under the intense threat of government shutdown.
Of course, the inevitable happens: Members pack these massive funding bills with all their individual priorities, some with merit and some more dubious. Even politicians who lament what’s happened to Congress’ refusal to deliberate on smaller, more transparent legislation inevitably must do what they can to add amendments to these huge bills.
Right now, Congress is working through one of those inevitable too-big-t0-fail budget bills, the National Defense Authorization Act (NDAA). It is in conference, meaning the House and Senate need to integrate their respective visions of the bill before it’s sent to the president. Under threat of a veto, President Trump has told Republicans in Congress to add his own provision—rightly demanding the removal of Section 230 from the Communications Decency Act, which would eliminate protections for social media companies. But not everything in the NDAA is cause for an ideological or partisan slugfest.
What’s been happening under the radar, though, is deliberation in the conference committee on the Homeland and Cyber Threat (HACT) Act, which would alter the Foreign Sovereign Immunities Act of 1976 (FSIA) to make it possible for both American organizations and citizens to sue foreign powers for damages to their business or reputation due to hacking campaigns.
I’ve written before about the importance of the HACT Act, and how it’s as bipartisan as anything in Washington today. Rep. Jack Bergman’s (R-Mich.) bill has got 67 Republican and Democrat co-sponsors—everyone from Reps. Matt Gaetz (R-Fla.) and Paul Gosar (R-Ariz) to Sheila Jackson Lee (D-Texas) and Ted Lieu (D-Calif.). If there’s anything that should be uncontroversial and nonideological, it’s this.
Even as dishonest reporters and talking heads spent years pushing partisan nonsense about Russian hacking in 2016, the issue is still a real problem. We know the threat of cyber-attack and hacking is real, and that Americans suffer with its effects every day—from the theft of proprietary or personal information to being victimized by campaigns of online intimidation and harassment.
The increased reliance on digital communication that came in response to the COVID-19 pandemic, social distancing and closed schools and offices have caused online attacks to reach pandemic levels, as well. A day rarely passes without a report of a major hacking attack or other cyber-crime. Just this week, Baltimore County public schools were hit with a ransomware attack. Also this week, Huntsville, Alabama schools announced canceled classes due to their own ransomware attack. And the Wall Street Journal reports that North Korean hackers targeted at least six companies working on COVID-19 vaccines.
The government, though, lacks both the will and the resources to prosecute them all. With this kind of volume, it’s too much for the Justice Department to handle all but the most high-profile cases—or to get justice for all but the most well-connected victims.
Thankfully—owing to the strong bipartisan support it enjoys in the House—the HACT Act is in the House’s bill in its current form. But in the committee working on the NDAA in its final form, there are a few more reportedly skeptical voices, such as Senator Jim Inhofe (R-Okla.). Inhofe has a long history in the Senate of being attuned to national security concerns. He understands that America has enemies and is rightly concerned about the potential damage they can inflict on our citizens.
Senator Inhofe must know that many rogue states work seamlessly with criminal gangs—especially cyber-criminals—and it’s often difficult or impossible to distinguish where one begins and the other ends. The HACT Act would allow victims to have their day in a U.S. court, regardless of the nationality of the hacker or whether or not that hacker is connected to a foreign government.
Inhofe should support the inclusion of the HACT Act in the NDAA. It’s one of the most reasonable, cost-free and bipartisan proposals on national security I’ve come across in two decades. Even more importantly, this is Congress’ only chance to address the issue of foreign hacking in the foreseeable future. They need to take it.