A fascinating thing about this comment is that it reads like it could have been written by someone from either side. After interpretations and clever arrangement of facts, we're all seeing the other doing exactly what they're seeing us do. At least in the abstract. So what do we do about THAT? We've all been turned against each other to a frightening degree. And worse, we've all been convinced that the other side actively wants to harm us, so the divide becomes a matter of basic survival. It's everywhere, and everyone is going to say "Yeah, but my side is ACTUALLY being targeted, and they're just making things up." At what point do we acknowledge that we're yelling into a mirror?

I read that as "foreign alligators."

I would be more inclined to say that the court is right with the law as it is now if the dismissal had been based on standing and a lack of injury. That's well established. With this reasoning for dismissing based on SMJ, only provable identity theft would ever be actionable from the perspective of the consumer whose information was lost. For anything short of that, class actions are utterly useless. A breached company will only have to answer to credit card companies and banks instead of to each person that had their information stolen. And I really don't like this outcome because it takes all of the harm and injury from information insecurity that courts don't yet recognize, and jettisons those ideas in favor of making data breach litigation into a battle between deep pockets. The rich get richer, the rich's lawyers get richer, and consumers get left out of every major decision pertaining to how their personal and financial information will be treated if they want to stay plugged in to modern society.

That's why I clicked on this as well. Not a school connection for me though, I've just met her at a conference or two. She wouldn't remember me, but I like her work on privacy.

1. Critical infrastructure is defined by the Homeland Security Act as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters." 42 USC 5195c(e).

2. To protect national cybersecurity concerns, the government thinks that it has to protect critical infrastructure.
3. Most owners and operators of entities that would be considered critical infrastructure as per the above are in the private sector.
4. Under 47 USC 606(d), the President has the authority to take over communications infrastructure when there is a state of war or a threat of war. They're not claiming that's the case right now.

QED, the government wants to protect critical infrastructure, but it can't just send the military in to private companies to make sure protections are implemented (unless things get worse and we get into something that the President declares to be a "state of war" or "threat of war"), so it's doing some application of existing legal precedent to the current issue and figuring out how some level of government intervention in the interest of national security could be justified. Currently, from my understanding of the recent executive order (which we won't see anything real from until at least October when the first draft of the Cybersecurity Framework must be published), the government will be relying on a voluntary compliance program. That is the type of thing that's authorized by the Homeland Security Act of 2002, and any mandatory compliance program would require congressional action. But congress has been retreating from any kind of mandatory program. CISPA, for example, would create a voluntary information sharing program, and has nothing to do with requiring specific protections, but it's probably going to be dead in the water this congressional term as well.

The emphasis on critical infrastructure needs to be understood here. This is not the government spying on everyone at work, only people working at critical infrastructure providers, many of whom are arguably in a position where malicious software compromising THEIR work computers could then get passed along through a very sensitive network. The important thing is figuring out how to keep malicious code that originates from outside the network from entering these sensitive networks. This is the reasoning being applied by the lawyers and government officials who are focusing on this issue.

This is a shameless plug, but one of my law school section mates did the same thing. Except on the other end of law school. She finished law school a semester early so she and two others could finish the hike by a September start date for a job. She made a documentary about it, called Beauty Beneath the Dirt, which they just released on DVD.

It's only paradoxical if they're idiots about it. Like people who create fandom works and say in one breath "Don't worry about asking for permission to use it, it's easier to ask forgiveness than permission" and in the next breath "I'd be fine with someone using my works as a basis for their works as long as they asked me for permission first." It's paradoxical when they think that copyright law SHOULDN'T protect people whose works are successful, regardless of whether the successful creator is actually abusing the copyright system, but that copyright law SHOULD protect struggling artists. There are plenty of creative commons struggling artists who put their un-money where their mouths are. For example, the creator of Sita Sings the Blues (http://www.sitasingstheblues.com/) ran into so many issues trying to license songs that were not even available in modern media, and after she finished her feature length film, she made the whole thing CC.

Full disclosure, I'm a lawyer, have been studying IP issues since law school, but am more on the academic side than the actual practicing side. I get that people are concerned about equal access to justice. But there are also advocacy groups like Public Knowledge that I'd like to think represent finding the balance that you seem to be referring to between curbing abuses of copyright and supporting small creators.

First, I'm a pacifist doing research into cyber deterrence and self defense, so I'm really interested in this topic and what /. posters have to say on it. I studied international law purely to understand these sorts of issues, so here's some of the information that I gleaned from research.

As others have pointed out, technical attribution is unattainable right now. You'd think this would be a deterrent, but there are some legal theorists out there that suggest imputing responsibility to the country that is hosting the attackers. Think back to the U.S. invading Afghanistan because they were harboring Al Qaeda. Currently, international law permits a state to be held responsible if they have “indirect responsibility” for the actions of third parties within their borders, which means that the state had neglected its duty to prevent persons within its borders from perpetrating crimes against other states. However, if the victim state strikes back, their targets must be limited to the non-state actor attacker unless their lawful cross-border operations are opposed with force by the host state. So, there's still an attribution problem, it's just closer to the legal grey area.

Going back to the original question of when a cyberattack might warrant a kinetic counterstrike, I'm going to delve into the really boring legal terminology here. There are several different areas of law to look at. First, you have the jus ad bellum (or jus in bello, depending on what stage of the conflict you're in) requirements of military necessity, proportionality, and distinction under the law of war. Distinction just means you can, for the most part, avoid targeting noncombatants. Whether the necessity requirement is met involves determining whether a more peaceful resolution would be possible, evaluating the nature of the aggression and each party’s objectives, and estimating the likelihood that intervention would be effective. Proportionality requires the response to be limited to the amount of force that is reasonably necessary to interrupt an ongoing attack or to deter future attacks, but does not require the response to be limited to the amount or type of force initially used by the attacker. So the main things that they would be evaluating, if they're following the laws of war, would be necessity and proportionality.

Then, you have Articles 2(4), 39, and 51 of the United Nations Charter to give additional guidance (insofar as they can). Under 2(4), uses of force are prohibited. Under 39, responses to uses of force have to be approved by the UN Security Council, or they can be justified as self defense under Article 51. But Article 51 also requires the initial attack to have been an "armed attack," which probably means something more than a "use of force," which is ever so helpful since the UN Charter was written only with kinetic attacks in mind anyway. When people are talking about applying these provisions to cyberattacks, a bunch of legal scholars have come up with several different names for the same thing - look at the attack, then figure out if it's the kind of attack that would be prohibited under 2(4) (maybe considering the action itself or its effects), and then decide from there whether self defense is justified under Article 51. So basically, no, I don't have much of an answer, I just have a lot of tests to look at for case-by-case situations. Lawyers suck like that.

One of my sources for some of this information: David E. Graham, Cyber Threats and the Law of War, 4 J. NAT'L SECURITY L. & POL'Y 87

TL;DR - This question (when can cyberattacks justify kinetic attacks in response) is hard. But if a cyberattack went after a country's SCADA system, causing a failure in the electrical grid or dumping sewage into the water supply, I'd say that's probably the easiest situation where a kinetic response would be permitted under the law. Asked another way, if Stuxnet had caused a nuclear meltdown that destroyed more property and injured a lot of people, instead of simply breaking some centrifuges, would a kinetic counterstrike have been justified? Probably. (Not that we know for sure what all of the effects were OR who was behind it, but let's just pretend that we live in a world that has some, or any, degree of certainty)

Totally not a topic I like to think about before sleep. But there's some of it.

Speaking as an intelligent-but-warmish female from the South, my theory on guys and intelligent females is a bit different. I think it actually has more to do with how nice the guy is and how secure he is in his own abilities. I'm a third year law student and I just got married in August, and my husband is a wonderful, brilliant techie with a masters in CS, and he definitely values the intelligence aspect of our interactions, but he's also a genuinely nice person who isn't insecure about his smarts. On the other hand though, my most successful relationship before this was with a guy who was just about the opposite of my husband (except he was also a very nice guy). He WAS the equivalent of dating a hot dumb blond chick. Really good looking, and a really sweet guy, but dumb as a brick. I figure he was accustomed to people being smarter than he was, so it didn't bug him much. He was proud of me. "This is my girlfriend, the smartest person I know!" - It was really sweet. But I needed more of an equal, so I ended the relationship and wound up with a skinny computer geek who rocks my world. If my past experience says anything helpful though, I think it's just a matter of finding a guy who doesn't feel threatened by empowered females. And I don't even mean empowered like "Rawr! I am woman!" - I just mean empowered as in the ones that always do well in academic pursuits and feel no pressure to dumb themselves down to make insecure people feel better about themselves.

It was hard to find guys who were attracted to me who didn't feel threatened by my activities. It's annoying, but a lot of people still think we're in a society where the male is supposed to be smarter, taller, stronger, faster, better, etc, than his female counterpart. I was smarter than my ex, and I'm taller than my husband. Big deal. Having a uterus doesn't dictate the traits of people I can connect with.

The other thing I was told once by a geek friend was that I was more the "marrying type." That guys want to have fun with the hot blonde party chick, but they want to eventually settle down with a smart female with a good personality who values them and that they can have a conversation with. I was flattered except insofar as I WASN'T, since that meant that somehow, there was this type of female around that was only for marrying and she would thus never actually be expected to "have fun." And having fun might actually invalidate her status as being the marrying type!! Ah well, a couple of instances of serial monogamy later, and I'm married to one of the "marrying type" of guys anyway. Haha, I say to the people that wanted to wait and settle down with us after they had their fun.

As to the first, it requires probable cause, not just sound suspicions. On a sliding scale, probable cause requires more than "reasonable belief" (which sounds similar to "sound suspicions") but requires less than "more likely than not." Am I playing a BS semantic game? Quite possibly. But this is exactly the analysis that the courts use when they're trying to find if there was probable cause. No warrant shall issue, but upon finding of probable cause... This is the standard that the courts apply, and that is the sliding scale that the courts use. And I know that Massachusetts would at least require probable cause for a warrant in this instance, because states cannot reduce the protections of the 4th amendment, they can only strengthen them.

As to the second, I'm a judicial activist myself, but there are still other concerns. They have the power to interpret laws (Marbury v. Madison), and this is a big deal. But federal judges are prohibited from making advisory opinions. There has to be a current case and controversy, period. It is against the federal constitution for federal judges (even at the Supreme Court) to say to Congress "Hey guys, um, you might wanna look at this, it looks unconstitutional and problematic." The legislature is proactive, the courts are reactive. However, some state courts may have the power to issue advisory opinions, but that will really depend on the state that you're in. But generally, because of the nature of the courts, they really are restricted to cases and controversies that have already resulted from injuries to individuals or groups. The less activist among the judiciary are likely to wind up with a controversial hot button topic and immediately say "It's not our place to make public policy. Legislature, you take care of this" and punt it back to the legislative branch. Which is, of course, one of the most effective things you can do to paralyze action on a topic, since passing legislation at any level tends to be a very complicated and unwieldy process.

I'd also note that the writers of the constitution didn't WANT to put the bill of rights into the constitution, for the simple fact that they didn't want people to think those were the only rights they had.

I think there is an argument to be made that a web-hosting server might be considered more like a service provider than a content provider. While saying it's the people "providing the pipes" is a good argument, the fact of the matter is not so simple. Backbone providers allocate bandwidth to regional providers. Regional providers allocate bandwidth to individual ISPs. One of those two critters in the center would then allocate bandwidth to web hosting service providers. Those guys allow content to be hosted on their allocated space. So, if our focus is on the people providing the end user with content (as suggested by the Chairman's speech), WHERE do we draw the line for the guys providing the pipes? If you used that standard, the backbone providers would be the only ones "providing the pipes," but the Chairman clearly wants to have these restrictions on service provider behavior to apply to the local and regional ISPs as well, so why wouldn't net neutrality restrictions ALSO apply to web hosting services? Like I said in my comment to this person, make a comment when the proposed rule is announced, and argue about why it shouldn't restrict the activities of web hosting services.

This is technically incorrect. Congress makes statutes. The FCC makes regulations. Courts issue court opinions. However, statutes, regulations, and court opinions are all law.

Agreed - I use a HRM while running too, and it makes my skin crawl to think of swapping out bands with some random person.

I can't imagine a public school would have dropped ridiculous amounts of money on a classroom's worth of garmins or anything. I'd guess it would be something pretty basic.

Honestly, the kids will be learning basic fitness stuff. Figure out the basics of cardiovascular activity, learn about max heart rate, what rate is good for exercise, etc. My Polar F6 tells me how long I've been in whatever target heart rate zone. No big. Aside from which, even if OP's paranoia IS justified, surely we'll have a public option by the time these kids are out of college and out looking for insurance on their own.

And thus the nightmare of libertarians begins anew

I would say don't put in digital files, just because it won't mean as much as slightly age worn hand-written information.

And in addition to all of the other suggestions above, make sure to include a helmet in the time capsule to protect her from all those pesky flying cars.

I've been researching this, and it's certainly interesting that the FAA is looking into this, but I'm really inclined to say NO.

A Predator B drone crashed in the southwest in 2006. They blamed pilot error. The North Little Rock Police Department has been testing an unmanned helicopter over rural airspace, and the helicopter crashed during a test flight in June. They blamed software error. Technology has outpaced law, they say. We have to change the law to keep up with technology, they say. Uh, why don't we wait to say that until the technology is stable enough that it doesn't put innocent lives at risk to let these things dart around in commercial airspace?

Dear Houston and Miami,
Look up and wave. The FAA already approved for police departments in these areas to use unmanned aerial vehicles over populated areas.

Interesting side note: I don't know how many people it takes to operate a normal drone, but the helicopter drone that the NLRPD was operating took 4 people to run it.

I love when life gives you these things that you just can't make up.