On Jan. 20, this website published a story titled, “If This Is Your Password, Change It Immediately.” The article included a list of the 25 personal passwords — “password” and “abc123” among them — most commonly found in databases of personal account information routinely leaked by hackers. The material came from SplashData, an internet security firm that seeks out vulnerable targets and reports on them to an often endangered public. The list of passwords appeared in various forms on outlets including CBS News, NPR and the BBC, to name a few.
Later that night, President Barack Obama in his State of the Union address made the case for a new proposal to rewrite and tighten federal cybersecurity laws, so that no “foreign nation” or “hacker” would have the ability to “shut down our networks, steal our trade secrets or invade the privacy of American families. Especially our kids.”
Inaction, he said, would leave the country “vulnerable” to attacks like the one launched against Sony Pictures Entertainment. Only by adopting this new language, Obama said, could Congress “continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
But the broad laws he proposed would not simply target shadowy foreign hackers. American bloggers and media companies would also be subject to felony cybercrime charges for disseminating hacked material. The statute would apply to normal Internet users too: If you, dear reader, saw the “bad passwords” article and passed it along to a friend over email, or posted the link to Reddit, or retweeted the article, or shared it on Facebook, then you too could face federal prosecution for “willfully” trafficking “in any password or similar information.”
Does that sound insane? Surely it does. Is it a real possibility? With Republicans and Democrats both backing the bill, it surely is.