Call of the Day: Increase Accountability for the NSA

At some point before last August, the National Security Agency lost control of a secret weapon: its hacking toolset.

Why does this matter?  Because this toolset, among many other things, included knowledge of a Windows Operating System bug that even Microsoft wasn't aware of – and that bug serves as the foundation for the WannaCry ransomware cyberattack currently spreading through thousands of computers worldwide.  WannaCry is especially nasty: it has taken down hospital networks, police departments, railroad operators, even telecom companies.

If this were, say, plans for a missile that had gone missing, a missile that was later used against allies, then there would have been investigations, commissions, and uncomfortable questions being asked.  But none of that is happening now. 

In fact, there's much we don't know about how the NSA makes decisions about cyberwarfare.  When the NSA discovers vulnerabilities in computer code, are they reporting those vulnerabilities so they can be repaired?  Or are they storing that information away, potentially putting citizens and businesses in jeopardy if the knowledge ever fell into the wrong hands?  We just don't know.  It's possible the NSA doesn't even consider this decision part of their charter – meaning there's no way to know how or why the agency hoards dangerous hacking tools, nor is there anybody to hold responsible when things go wrong.

The Senate has introduced S.1157, the PATCH Act, which would establish a board to generate a rigorous policy that the NSA and other federal agencies should follow to address questions about cyberwarfare.  The PATCH Act has bipartisan support in both the House and Senate, but our particular Congressmen have yet to take a stance.  We can change that.

WHO TO CALL:

Senator Bill Cassidy - in DC at (202) 224-5824, and in Metairie at (504) 838-0130.

Senator John Kennedy - in DC at (202) 224-4623, and in Monroe at (318) 361-1489.

Representative Steve Scalise - in DC at (202) 225-3015, and in Metairie at (504) 837-1259

OR

Representative Cedric Richmond - in DC at (202) 225-6636, and in New Orleans at (504) 288-3777

Because of how Congressional districts are drawn, New Orleans residents have either Richmond or Scalise as their representative.  If you don't know who your representative is, you can look it up by entering your home address on the U.S. House of Representatives website.

Reminders: Identify where you're calling from (town and zip code is fine) so they know you're an actual constituent.  Only call your own representative.  Be concise - the office will get through more calls that way.  Be polite and don't argue with the staffer - they don't set policy.  If you get a voicemail, then leave a message.  And if you get a busy signal -- call back later!

Sample script: 

Hi, my name is [Name] from New Orleans, zip code 70118 [or wherever you're from].  I don't need a response. 

I am calling to ask the Senator/Representative to co-sponsor the PATCH Act S.1157.  The NSA is developing and subsequently losing massively damaging cyber-warfare weapons with zero accountability.  This bill is a fantastic start to setting up a framework by which these weapons can be properly vetted and their risks analyzed.

Thank you for your time and your work answering phones.

This call is courtesy of Indivisible Metairie.