American View: New Texas Legislation Encourages Hacking, Extortion, and Intimidation

American View: New Texas Legislation Encourages Hacking, Extortion, and Intimidation

Texas recently did something catastrophically ill-advised on 1st September 2021. No, I’m not talking about making it illegal to discuss America’s history of racism and how it affected (and still affects) law, society, and justice.

That was idiotic and makes us look like terrified bigots on the international stage. I’m also not talking about Texas making it legal for everyone to stroll around in public with loaded firearms even if they have no idea how to use them safely or properly whilst also being violent, unhinged, and/or committed to overthrowing the government. That, too, was staggeringly imprudent and will scare off tourists, transplants, and new corporate headquarters. Those self-owns were fully on-brand for Texas’s burn-in-all-down politicians but are dreary topics for another time.

No, today I want to talk about the inevitable ramifications of Texas making all abortion procedures illegal after six weeks from gestation – effectively ending legal abortion in Texas – while empowering private citizens to rat out their friends, family, co-workers, and neighbours that they believe had an abortion. But wait, there’s more! Under the new law, private citizens are allowed to “turn in” literally anyone else they believe helped a pregnant woman get an abortion … even if it waws just to find a clinic’s phone number, get a ride, or buy painkillers … and get a $10,000 (about € 8,200) cash pay-out as a reward for being a volunteer state snitch.

That right there was some world class political hubris. The point of Texas’s blatantly unconstitutional legislation was to get the inevitable challenge to it taken up by the Supreme Court so that Roe vs. Wade, the landmark case that made abortion legal across the USA, could finally be overturned. It worked: on 1st September, the underqualified justices that the previous president packed into the court refused to hear the appeal, allowing Texas’s new law to stand.

To be clear, I’m not interested into getting into a faux debate with the attention addicted social media crowd on either side of the abortion issue. Chanting slogans and levying death threats isn’t my thing. As a security awareness person, my domain is all about human risk management and this … hoo, boy! … this newest development in Texas’s anti-woman, anti-poor policies has opened a huge new battlefield for managing human risk in a corporate environment.

Most of our work focuses on helping people be great at their job by making fewer preventable mistakes. A major component of that work involves teaching people what sort of “baddies” are targeting them and what sort of threats to watch out for.

I vented on this topic for a bit on Twitter first thing Monday morning over a pot of very angry coffee. De-tweeted and condensed, my excoriation of the legislation read as follows:

Where’s the *#&$ing legal hotline for Texas’s new “Gilead Seems Like a Great Idea” anti-abortion law? I have questions.

Since “random strangers can sue any ‘abettor’ to an abortion anywhere in Texas and collect a minimum of $10,000, plus attorneys’ fees’ (per this article from Slate), what does this mean for my business?

If my employee uses their company phone to call their doctor and that convo later leads to the employee getting an abortion, can someone sue me for abetting the procedure because I let them use our phone service?

What if they use their official company email account to ask a healthcare provider a question? Is that abetting? What if they use my company’s email to arrange a ride to an abortion clinic? Can we get sued for that?

How about if they use the browser on their company PC to look up the address of an abortion clinic? Are we vulnerable to getting sued for providing the employee a web browser?

What if my network team blocks all internet search terms involving abortion, like “pregnancy,” “clinic,” “doctor,” or “appointment” but we miss one? Are we getting sued for not completely stopping an employee from researching the topic?

What about reading an article about how the law itself is draconian, overreaching, and destructive? Would this count as meta-abetting? How deep into implausibility does the stupid go?

What if, in response to our draconian language blocks people come up with new codewords and euphemisms and we fail to block those? Are we still “abetting” an abortion if we don’t stay abreast of all possible linguistic variants in our search term blocks?

What happens if we allow workers to order ride share service from the office and a trip involves a visit to a women’s health clinic? Are we abetting an abortion for letting a worker catch a cab or an Uber?

Heck, what if we approve a worker’s request to take paid time off for a “doctor’s appointment” and it turns out they had an abortion on that paid leave time? Are we getting sued for making that possible?

I’m thinking that the intent of this legislation is to give internet trolls a financial incentive to harass easy targets into obliterating women’s rights. Sure, most of the early, cheap shots will be against women that the trolls don’t like for completely unrelated reasons, but one should never underestimate the creativity and enthusiasm of the online troll community. Some of these these people are fiendishly clever. They’ll work out that women’s employers are far easier and more lucrative to target since it’s impossible for a company to 100% police all user behaviour.

What the means is that we’ll very quickly see a flood of vigilante lawsuits against businesses as the trolls pile on. Do you have any women on your payroll? Guess what: as far as the crowd is concerned, you’re “abetting abortions” which means you’re about to get sued.

Do you have an all-male staff but some of those men have mothers, spouses, sisters, daughters, or (*gulp*) female friends? As far as the crowd is concerned, you’re still “abetting abortions!” so you’re getting sued.

The ultimate winners in this game will be, as always, the lawyers. AmericaTM, baby! WOOOO!

It doesn’t have to make any sense. In fact, it’s better for the trolls if they simply crash the Texas legal system by overloading it with nonsense accusations, Red Scare style. Just pile on the accusations and gamble that one suit in a hundred pays out or settles.

Of course, companies don’t like to get sued. No one does. Normally, companies examine their risk profile and take pre-emptive action to minimize their potential exposure because they’re responsible and want to avoid reputational and financial damage. But how does a company shield itself from being sued by opportunistic and insincere vigilante trolls over the possibility that some means of official communication within their organisation might have once been used to “abet an abortion”? The technical and policy challenge here seems impossible; when taken out of context, nearly any comment made might be accepted by an anti-abortion jury as “proof” of collusion to abet.

If the Texas legislature’s intent here was to motivate businesses to flee the state en masse, I think they’re succeeded. Once all the employers are gone, Texas can return to the “good old days” of subsistence farming and tumbleweed herding. No more “big businesses” that need regulations or social services … just sprawling ranches where the poor are grateful to their betters for a chance to toil all day in the harsh Texas heat. Like a “plantation” system, if you will. You know … like in the “good old days.”

Was I being a wee tad hyperbolic and sarcastic about the legislation drafters’ motives? Yes. Of course I was. Do I think that those drafters are being immensely daft with this cynical pre-election publicity stunt? Also, yes. This is all disingenuous political theatre.

Never trust a politician who invokes “morality” in their public policy statements. That’s a sure sign that they think you’re too stupid to notice their latest grift.

That said, the second-order effects that I brought up are anything but artificial. These issues are going to happen now. You can’t dangle a five-figure pay-out in front of people with free time and an internet connection and believe they’ll restrain themselves. This is now a problem. If your organisation has a presence in Texas and your org’s Legal team isn’t slamming espresso shots like a junior sailor on shore leave, get after it. These next few months are going to hurt.

Anyway. I left my Twitter thread alone so I could actually do some meaningful work, secure in the knowledge that I have so few online followers that I needn’t worry about interruptions. Much to my surprise, one of my online followers DM’d me around mid-day and asked:

“I just saw your threat about the new abortion laws and how it can affect a company. Have you considered a new Texas-specific brand of hacking … where someone compromises a work computer to steal evidence of literally any communication between an employee and anyone who might conceivably have had an abortion? The hacker could then use that stollen info two-fold: either pay me to keep quiet, or don’t and I’ll get paid by the courts.”

That’s brilliantly evil thinking, that is. Real supervillain stuff! Forget stealing trade secrets … just break into a company network somehow and abscond with a single innocuous email, social media post, text message, recorded vo8icemail, search history record … anything that might reasonably construed as “evidence” that someone in a Texas company “abetted” someone else to get an abortion. BAM! Your minimum take is $10,000 and your maximum take is limited only by how desperate the targeted company is to avoid being dragged into the limelight. It’s insidious. It’s brilliant. It’s evil. It’s also inevitable.

It’s been said that Americans are to other people’s money what raccoons are to other people’s food: voracious, insatiable, and morally flexible when they think they can get away with stealing it.

See, that’s what we call an “unintended drawback” under the “law of unintended consequences.” The politicians who exploited their doners’ anti-abortion political beliefs for a popularity boost in the mid-terms clearly didn’t think their gambit through. They obviously wanted a big media splash … some notoriety … “red meat” to stir up their base, bring in donations, and win a few percentage points in the primaries.

What they clearly didn’t think through was the damage this new law would inflict on businesses. By deputizing citizens into a sort of “incentivized posse,” they created a new market for extortion, hacking, and even malicious insider threat behaviour. Yes, really.

Think about it … imagine one of your workers remembering that they were copied on an ‘out of office” email by a co-worker who mentioned “going to the doctor.” All they need to do is threaten to sue their co-worker for having had an abortion based on their “evidence.” It doesn’t have to be true. The flimsy evidence only needs to exist for the threat of a lawsuit to be potentially financially ruinous. That co-worker will likely pay them a nice wedge to remain silent just to avoid the expense of answering the suit and the possible damage to her reputation. It’s easy money … and some people just can’t resist the lure of easy money.

I don’t have advice for fixing this mess yet. I’m still discussing it with my peers in the security awareness world. No one (as of the time of publication) has a plan. We’re all trying to map out how bad this might get. What I can say – with confidence – is that Texas’s politicians have created another completely unnecessary mess out of their typical short-sighted opportunism and it’s all us citizens who will wind up paying the devil to make it stop.

Copyright Lyonsdown Limited 2021

Top Articles

Windows has been the most popular ransomware target, report finds

Windows is being threated by ransomware attacks from different regions, like Irael, South Korea, Vietnam and China being the pack leaders.

The expert view: keeping the hackers at bay

It is important to assess risk appetite, carry out due diligence on third parties and rank them according to risk.

Legitimate Ways to Make Money with Cryptocurrency

There is always a that numerous cryptocurrency are actually scams. But, there are methods you can use to make money with cryptocurrencies.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]