By Mitchell S. Kominsky*<\/i><\/p>\n
The Threat and Impact of Cyber Attacks<\/b><\/p>\n
Cybersecurity represents one of the most serious national security threats and economic challenges confronting our country.\u00a0 Cybercrime costs the United States approximately $100 billion annually.[1]<\/a>\u00a0 At the same time, the quantity and sophistication of cyber attacks continue to accelerate at a frightening pace.\u00a0 From 2006 to 2012, cybersecurity attacks on the federal government alone increased 782%, reaching 48,000 reported incidents in 2012.[2]<\/a>\u00a0 In a January 2012 hearing before the U.S. Senate Select Intelligence Committee, former FBI Director, Robert Mueller, asserted, \u201cstopping terrorists is the number one priority for the United States, but down the road, the cyber threat will be the number one threat to the country.\u201d[3]<\/a>\u00a0 Until the United States enacts legislative reforms, however, the country may be ill equipped to adequately manage and respond to these threats.<\/p>\n Based on information shared by technology and cryptology experts, combined with the response by both the private market and the federal government, the cyber threat is quickly becoming the top priority for our national defense apparatus and private enterprise.\u00a0 In the meantime, the valuation of data continues to skyrocket at an unprecedented pace.\u00a0 As a result, we are rapidly entering what many\u2014including Eric Schmidt, Executive Chairman of Google Inc.\u2014have labeled the \u201cCode War,\u201d in which foreign entities race to build up their cyber capabilities.[4]<\/a>\u00a0 In this environment, even foreign countries not generally considered global powers, such as South Korea,[5]<\/a> recognize the importance of the impending battles to be fought in the virtual world.<\/p>\n Despite these grave concerns and the sharp increase of security breaches reported in the news almost on a daily basis, Congress has enacted no major legislative provisions relating to cybersecurity since the Federal Information Security Management Act of 2002 (FISMA).[6]<\/a>\u00a0 The failure to act is even more remarkable when one considers how drastically the world has changed during the past decade.\u00a0 For instance, Apple Inc. first introduced the iPhone to the public only seven years ago, and during the last year alone the technology sector has produced significant advancements in areas such as wearable technology and the rise of artificial intelligence.<\/p>\n Current Debate on Capitol Hill<\/b><\/p>\n On the Hill, Members of Congress and Congressional Committees have engaged more intensely in cyber legislative discussions during the past three years than at any time in the past decade.\u00a0 Lawmakers generally agree that comprehensive cyber reforms are necessary to protect both private and government information systems.\u00a0 Yet serious disagreements exist over the details of the development and implementation of policy.\u00a0 For instance, Congressional staff is heavily debating the role of the federal government, the responsibility and capabilities of the Department of Homeland Security (DHS), the role of the private sector, the mechanics of information sharing between private sector and government, standards for protecting critical infrastructure, and cultivating a cyber-security workforce.[7]<\/a><\/p>\n The arguments over the details of legislative reforms are amplified by the limitations of Executive Orders. Under current law, including the Electronic Communications Privacy Act and antitrust laws, companies that wish to share information with the government in order to help thwart cyber attacks face civil and possibly criminal penalties.\u00a0 These existing liabilities prevent the swift flow of information from the private sector to the federal government and can only be reversed by legislative action. The Cybersecurity Intelligence Sharing and Protection Act (CISPA) introduced in both the 112th<\/sup> and 113th<\/sup> Congressional sessions attempted to address these liabilities.<\/p>\n CISPA, however, hovers over an interesting dynamic unfolding in a post-Edward Snowden era: the government needs more information to protect information systems and infrastructure, while the taxpayers express genuine concerns about a seemingly diminishing sense of privacy, and industry balances its relationship with consumers and government.\u00a0 After robust debate, CISPA underwent numerous amendments to enhance privacy protections, and the bill expressly requires a \u201ccybersecurity purpose\u201d for the sharing of information.\u00a0 These changes are evidenced by the more than doubling of Democrats who voted for the bill in 2013 (92) from 2012 (42).[8]<\/a><\/p>\n Staff and Members on Capitol Hill can<\/i> and should<\/i> find areas of compromise.\u00a0 Proposed within the White House\u2019s legislative cyber recommendations from May 2011 (\u201cWhite House Proposal\u201d), there is widespread agreement on the need to create a uniform set of data breach response laws, which are currently an incoherent state-level patchwork.\u00a0 Likewise, there is general consensus among policymakers that the federal government must bolster its cybersecurity workforce and emphasize formalized education on the issue. Where there is<\/i> general agreement, Congress should immediately pass reforms. It is unfortunate that in the current political climate a comprehensive package may not receive the necessary votes for passage.<\/p>\n In the continuing absence of legislation, however, the White House promulgated Executive Order 13636 (E.O. 13636) in February 2013.\u00a0 The Administration designed E.O. 13636 to create voluntary incentives for the private sector to share information with the federal government and to create a framework for the protection of critical infrastructure.\u00a0 Although voluntary in nature, the Executive Order potentially has sharp teeth.\u00a0 If Congressional language is not passed, E.O. 13636 may have the impact of creating regulatory or performance-based standards in the Federal Acquisition Regulations standards by articulating de facto<\/i> regulations for private enterprise, especially in business transactions with the government.<\/p>\n Based on the looming cyber threat, a potential \u201cdigital or electronic pearl harbor,\u201d House Committees continue to discuss legislative proposals. Various Committees of the House of Representatives have held 20 hearings in the 113th<\/sup> Session, nearly on pace to meet the 42 cyber-related hearings in the 112th <\/sup>Session.[9]<\/a>\u00a0 Meanwhile, the Senate has held 7 hearings in the 113th<\/sup> session thus far, compared to the 19 hearings held in the previous session.[10]<\/a>\u00a0 In the case of a potentially debilitating cyber attack on the United States that requires immediate legislative action, Congressional bodies have created a legislative groundwork to address reforms on cybersecurity policy and our protection of information systems.<\/p>\n Legislation<\/b><\/p>\n As threats and overall technology continue to increase in sophistication and size, Congressional legislative proposals have become more outdated.\u00a0 One of the policy reforms needed is the adoption of flexible and forward-thinking language recognizing that technology outpaces the legislative process.\u00a0 Additionally, legislative proposals must take into account the nature of the cyber threat, the role of private sector, and a reasonable balance between security and privacy.<\/p>\n The House of Representatives has chosen to take a step-by-step approach as opposed to the comprehensive view of cybersecurity reforms originally advocated by the White House Proposal. Instead of taking on every issue in one singular bill, the House of Representatives is working to produce a strong vehicle to drive cybersecurity reform by building and assembling legislation one piece at a time.\u00a0 These components include the Cyber Intelligence Sharing and Protection Act (H.R. 624); Federal Information Security Amendments Act of 2013 (H.R. 1163, FISMA 2013); Cybersecurity Enhancement Act of 2013 (H.R. 756); Cyber Economic Espionage Accountability Act (H.R. 2281); the Advancing America\u2019s Networking and Information Technology Research and Development Act (H.R. 967); Critical Infrastructure Research and Development Advancement Act of 2013 (H.R. 2952); National Cybersecurity and Critical Infrastructure Protection Act (H.R. 3696); and Homeland Security Boots-on-the-Ground Act (H.R. 3107).<\/p>\n In April 2013, the House of Representatives turned its attention to four cybersecurity bills that had been marked up and reported by Committees earlier in the year.\u00a0 During this period, labeled \u201ccyber week,\u201d the House voted on and passed CISPA, FISMA 2013, the Advancing America\u2019s Networking and Information Technology Research and Development Act, and the Cybersecurity Enhancement Act.\u00a0 While 11 cyber bills have been introduced on the House side as of early February 2014, the four bills passed by the House of Representatives have been referred to the appropriate Senate Committees and their enactment depends on the Senate.[11]<\/a><\/p>\n During the 112th Congressional session, the Senate had been working on similar reforms, but advocated for them in a comprehensive cybersecurity proposal.\u00a0 However, the Senate seems to be moving forward on an even more piecemeal approach, introducing more individually-tailored bills in the 113th<\/sup> session after failing to pass its comprehensive legislation, S. 3414, in the 112th Congressional session.\u00a0 As of this moment, the Senate has introduced ten bills, including the Cybersecurity Act of 2013 (S. 1353), but none have been voted on.[12]<\/a>\u00a0 If and when the Senate takes up these legislative reforms, the Senate and House will have to agree on what to send to the President for enactment.<\/p>\n FISMA <\/i><\/p>\n As a Counsel for the House Oversight Committee, I have been fortunate to be at the ground floor of reviewing the various cybersecurity bills in an effort to ensure that the Legislative Branch is articulating sound information security policy.\u00a0 Congress must take actions to increase cybersecurity protections.\u00a0 The House has made progress towards achieving this goal.<\/p>\n For instance, in April 2013, the House of Representatives passed legislation updating the Federal Information Security Management Act of 2002 (FISMA), which created a security framework for security federal information systems.\u00a0 For years, FISMA compliance, passed to ensure the integrity of federal information systems, had become a \u201ccheck the box\u201d exercise.[13]<\/a>\u00a0 Based on the ongoing security lapses, Chairman Issa and staff met with experts, including Chief Technology Officers from the private sector and federal agencies, to learn how to tighten these security vulnerabilities.[14]<\/a>\u00a0\u00a0 After carefully evaluating FISMA challenges with technological and legislative solutions, Chairman Issa and Ranking Member Cummings, working together, introduced H.R. 1163, the Federal Information Security Amendments Act of 2013.<\/p>\n To enhance the current framework for securing federal information technology systems, H.R. 1163 calls for automated and continuous monitoring of government information systems.[15]<\/a>\u00a0 Some federal agencies are beginning to implement these security mechanisms.\u00a0 This is a positive step.\u00a0 Other departments and agencies, however, lag far behind.\u00a0 To address the security incidents occurring on federal information systems, which, in some cases touch the private sector, HR 1163 also ensures that control monitoring finally incorporates regular threat assessments to protect federal information systems.[16]<\/a><\/p>\n H.R. 1163 passed the House of Representatives by a vote of 416-0.\u00a0 Overall, the lesson here is that the House of Representatives can find commonality and a way around partisan politics if both parties work together at the initial stages of the bill drafting, communicate, negotiate, and agree on the larger goal.\u00a0 In the drafting of H.R. 1163, Congress did exactly this and the results evidence the success of the bipartisan \u201cchipping away at the iceberg\u201d approach.\u00a0\u00a0 Now, H.R. 1163 has been referred to the Senate and it is my hope and expectation that the Senate Homeland Security and Government Affairs Committee will take up the bill, pass the reform, and send it to the President for his signature and enactment.\u00a0 Otherwise, federal information security systems will continue to be plagued by outdated protections codified by Congress more than a decade ago.<\/p>\n Role of The Department Of Homeland Security<\/i> During the drafting and passage of H.R. 1163, there was a significant discussion over the role of the Department of Homeland Security as it relates to cybersecurity.\u00a0 Experts in private industry and the public sector, including former top-level DHS officers, expressed serious concerns about DHS\u2019s role and operational responsibilities to thwart cyber attacks.[17]<\/a>\u00a0 Although many experts believe that DHS has a role in preventing cybersecurity incidents, the extent of that role needs to be further examined.[18]<\/a>\u00a0 On the one hand, experts indicate that placing many cyber operations within DHS would be optimal due to the existence of a structure and programs such as the National Cybersecurity and Communications Integration Center.[19]<\/a>\u00a0 However, industry has\u00a0 also questioned both the current capacity of the Department to carry out these functions, in addition to noting that the Executive Office of the President should be accountable, in some form, for cyber security operations.[20]<\/a>\u00a0 If DHS is responsible for implementing legislation and cyber strategy, their actions will likely deeply impact the regulatory landscape for companies in the private sector.\u00a0 For example, the powers given to the Department over standards for determining critical infrastructure operators and operations will create new potentially significant obligations on companies.<\/p>\n The Future of Cybersecurity \u00a0<\/b>Cloud Computing<\/i><\/p>\n The cloud computing enterprise has quickly accelerated to the forefront of government contracting and private industry. Both federal and state governments will likely have invested $18.4 billion in cloud computing by 2018.[21]<\/a> Cloud computing is a \u201cmodel for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable resources \u2026 that can be rapidly provisioned and released with minimal management effort or service provider interaction.\u201d[22]<\/a> Cloud computing servers have proved to be an innovative and cost-savings measure for companies and government agencies. However, some questions regarding the security of the cloud still remain.<\/p>\n While concerns of potential security vulnerabilities in the cloud do exist, the federal government\u2019s $600 million contract for cloud computing systems between Amazon Web Services and the Central Intelligence Agency illustrates that the government is heading further in the direction of utilizing cloud computing systems overall.[23]<\/a> The Federal Risk and Authorization Management Program (FedRAMP) recently established a program aimed at \u201cprovid[ing] a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.\u201d[24]<\/a>\u00a0 FedRAMP will be a critical measure for cloud computing system standards used within the federal government.<\/p>\n With the private sector and government moving towards the increasing use of cloud computing servers, however, each must be careful that the use of these systems protects the privacy of individuals and customer specific data.\u00a0 These privacy concerns are enhanced due to the NSA data collection program revelations unearthed by Edward Snowden and, similarly, high profile security breaches, including the recent theft of data relating to 70 million customers from the Target Corporation.[25]<\/a>\u00a0 Government and companies therefore should not primarily focus on just responding to breaches, but proactively implement sufficient policies and measures to attempt to thwart security incidents.<\/p>\n Emerging Technologies: Biometrics, Mobile, And Drones<\/i><\/p>\n The technological sector is one of the most rapidly changing industries.\u00a0 All of these innovations will create an even greater need for sound and clear cybersecurity policy.\u00a0 In the near future, on a universal basis, individuals will be using biometrics to gain access to airport terminals, buildings, and transactions on and off-line.\u00a0 Mobile devices, including Google Glass and wearable technology such as smart watches, will contain exponentially more valuable information.\u00a0 Also, possibly as early as 2015, the Federal Aviation Administration will enact regulations regarding the use of commercial drones, which may have new capabilities of surveillance and theft of digital information, in addition to being vulnerable to cyber theft themselves.[26]<\/a>\u00a0 The creation of evolving and innovative technologies must impact the way lawmakers think about cybersecurity policy, the digital world and how to protect information.<\/p>\n \u00a0Impact of the Code War on Foreign Relations<\/i><\/p>\n There is an emerging and growing distinction between the virtual world and physical one.\u00a0 Simultaneously, data continues to increase in value as an integral part of every country\u2019s resources.\u00a0 As the Internet continues to Balkanize, global powers, as well as countries with less influence or resources in the physical realm, are turning to the online world to initiate and deflect cyber incidents.\u00a0 This includes the collection of intelligence, proprietary information, and intellectual property.<\/p>\n Because of their technological capabilities, global powers will be attempting to gain political and economic capital by providing direct or indirect access to cyber weapons to countries with less access to technical expertise, significantly expanding the possible geographic location of a cyber attack.\u00a0 Additionally, non-global powers will specifically recruit the technical expertise to gain become a global force in the virtual world.\u00a0 Thus, the number of cyber threats will increase exponentially.[27]<\/a>\u00a0 As we enter the \u201cCode War,\u201d a new type of online diplomacy has emerged, as we see unveiling between the United States, China, and other countries.\u00a0 To address these security and privacy concerns on an international basis, global powers will need to come to some consensus and create a cybersecurity-based treaty.\u00a0 At this point, there are no formal talks of forging an international treaty dealing with cybersecurity, although some countries, such as Kazakhstan, have previously advocated for such an agreement before the United Nations.[28]<\/a><\/p>\n As a result, the landscape of cybersecurity policy continues to rapidly change and evolve.\u00a0 Policy makers must keep pace of these advancements with responsive and responsible legislative solutions.<\/p>\n <\/p>\n Disclaimer<\/i>: This article presents my personal views and does not necessarily reflect the views of the House Oversight and Government Reform Committee.\u00a0 It is based on my remarks to the Public Contract Law Section\u2019s Cybersecurity, Privacy and Data Protection Committee and Technology Section\u2019s Homeland Security and Information Security Committees of the American Bar Association panel, \u201cCyber on the Hill\u201d November 7, 2013).<\/p>\n *Mitchell S. Kominsky is Counsel for the U.S. House Committee on Oversight and Government Reform<\/p>\n [1]<\/a> \u201cAnnual U.S. Cybercrime Costs Estimated at $100 Billion<\/i>,\u201d Siobhan Gorman, WALL STREET JOURNAL, Jul. 22, 2014, available at: http:\/\/online.wsj.com\/news\/articles\/SB10001424127887324328904578621880966242990 (last visited Jan. 12, 2014).<\/p>\n<\/div>\n [2]<\/a> U.S. Government Accountability Office, Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented(Feb. 2013) (GAO-13-187)<\/p>\n<\/div>\n [3]<\/a> Testimony, Robert S. Mueller, III, Director, Federal Bureau of Investigations, Senate Select Intelligence Committee hearing, \u201cWorldwide Threat Assessment of the US Intelligence Community,\u201d (Jan. 31, 2012).<\/p>\n<\/div>\n [4]<\/a> Eric Schmidt and Jared Cohen, \u201cThe New Digital Age: Reshaping the Future of People, Nations, and Business,\u201d (Alfred Knopf, 2013)<\/p>\n<\/div>\n [5]<\/a> \u201cSouth Korea to Train 5,000 Cybersecurity Experts<\/i>,\u201d Kwanwoo Jun, WALL STREET JOURNAL, Jul. 4 2013, available at: http:\/\/blogs.wsj.com\/korearealtime\/2013\/07\/04\/south-korea-plans-a-big-boost-to-cybersecurity-staffing\/ (last visited Jan. 12, 2014).<\/p>\n<\/div>\n [6]<\/a> Eric A. Fischer, \u201cFederal Laws Relating to Cybersecurity:\u00a0Overview and Discussion of Proposed Revisions,\u201d\u00a0available at<\/i>\u00a0https:\/\/www.fas.org\/sgp\/crs\/natsec\/R42114.pdf<\/a>.<\/p>\n<\/div>\n [7]<\/a> This Congressional debate has occurred through the lens of legislative proposals made by various House and Senate Committees, the White House Legislative Proposal, and Executive Order 13636.<\/p>\n<\/div>\n [8]<\/a> \u201cHouse passes Cispa cybersecurity bill with support of 92 Democrats<\/i>,\u201d THE GUARDIAN, April 18, 2013, available at: http:\/\/www.theguardian.com\/technology\/2013\/apr\/18\/house-representatives-cispa-cybersecurity-democrats (last visited Jan. 31, 2014); \u201cOne Year Later, Twice As Many Democrats Vote for Cybersecurity Bill and Defy Obama,\u201d TECH CRUNCH, April 18, 2013, available at: http:\/\/techcrunch.com\/2013\/04\/18\/one-year-later-twice-as-many-democrats-vote-for-cybersecurity-bill-and-defy-obama\/ (last visited Jan. 31, 2014).<\/p>\n<\/div>\n [9]<\/a> Statistics, Congressional Research Service (CRS), available at: http:\/\/crs.gov\/pages\/Reports.aspx?PRODCODE=R43317&Source=search#_Toc375318016<\/p>\n<\/div>\n [10]<\/a> Id.<\/p>\n<\/div>\n [11]<\/a> Congressional Research Service, available at: http:\/\/crs.gov\/pages\/Reports.aspx?PRODCODE=R43317&Source=search#_Toc375317993<\/p>\n<\/div>\n [12]<\/a> Id.<\/p>\n<\/div>\n [13]<\/a> Supra<\/i>, note 2.<\/p>\n<\/div>\n [14]<\/a> Id.<\/p>\n<\/div>\n [15]<\/a> H.R. 1163<\/p>\n<\/div>\n [16]<\/a> H.R. 1163<\/p>\n<\/div>\n [17]<\/a> Meetings between Congressional staff and private sector individuals.<\/p>\n<\/div>\n [18]<\/a> \u201cDHS revs up its part of the cyber executive order<\/i>,\u201d FEDERAL NEWS RADIO, Jan. 31, 2014, available at: http:\/\/www.federalnewsradio.com\/473\/3553526\/DHS-revs-up-its-part-of-the-cyber-executive-order<\/a> (last visited Jan. 12, 2014).<\/p>\n<\/div>\n [19]<\/a> Supra<\/i>, note 17.<\/p>\n<\/div>\n [20]<\/a> Id.<\/p>\n<\/div>\n [21]<\/a> \u201cGovernment Sector will Invest $18.48 Billion by 2018 in Cloud Computing<\/i>,\u201d Saroj Kar, CLOUD TIMES, Jan. 1, 2014, available at: http:\/\/cloudtimes.org\/2014\/01\/01\/government-sector-will-invest-18-48-billion-by-2018-in-cloud-computing\/ (last visited Jan. 12, 2014).<\/p>\n<\/div>\n [22]<\/a> National Institute of Standard and Technology, http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-145\/SP800-145.pdf<\/a> (p. 6)<\/p>\n<\/div>\n [23]<\/a> \u201cAmazon Wins $600 Million CIA Cloud Deal As IBM Withdraws Protest<\/i>,\u201d Kevin McLaughlin, CRN, Oct. 30, 2013, available at: http:\/\/www.crn.com\/news\/cloud\/240163382\/amazon-wins-600-million-cia-cloud-deal-as-ibm-withdraws-protest.htm (last visited Jan. 12, 2014).<\/p>\n<\/div>\n [24]<\/a> FedRamp website: http:\/\/www.gsa.gov\/portal\/category\/102371?utm_source=OCSIT&utm_medium=print-radio&utm_term=fedramp&utm_campaign=shortcuts<\/a> (last visited Jan. 12, 2014).<\/p>\n<\/div>\n [25]<\/a> \u201cReport: Target says data breach affected 70 million customers<\/i>,\u201d CHICAGO TRIBUNE, Jan. 10, 2014, available at: http:\/\/www.chicagotribune.com\/business\/breaking\/chi-target-data-breach-affected-70-million-customers-20140110,0,621285.story (last visited Jan. 12, 2014).<\/p>\n<\/div>\n [26]<\/a> \u201cFAA Has plan for drones, but is behind schedule<\/i>,\u201d Bart Jansen, USA TODAY, Dec. 2, 2013, available at: http:\/\/www.usatoday.com\/story\/travel\/flights\/2013\/12\/02\/faa-drones\/3805447\/ (last visited Jan. 12, 2014).<\/p>\n<\/div>\n [27]<\/a> Supra<\/i>, notes 3 and 4.<\/p>\n<\/div>\n [28]<\/a> United Nations, News, \u201cAt UN, Kazahkstan calls for global cybersecurity treaty to deter hackers,\u201d Sept. 21, 2011, available at: http:\/\/www.un.org\/apps\/news\/story.asp\/http%3Cspan%20class=%27pullme%27%3EIt%20has%20become%20increasingly%20clear%20that%20disasters%20are%20setting%20back%20efforts%20in%20development%20%E2%80%93%20they%20can%20cripple%20the%20economy,%20destroy%20infrastructure,%20and%20plunge%20more%20people%20into%20poverty%3C\/span%3E:\/\/www.unisdr.org\/www.iaea.org\/html\/www.wmo.int\/html\/story.asp?NewsID=39652&Cr=cyber&Cr1=#.Usxhw_s7RqM<\/a> (last visited Jan. 12, 2014).<\/p>\n <\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":" Mitchell S. Kominsky, Counsel for the U.S. House Committee on Oversight and Government Reform, discusses the state of cybersecurity legislation and the evolving nature of cyber policy. Image courtesy of Getty Images.<\/i> <\/p>\n","protected":false},"author":20,"featured_media":4302,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4,24],"tags":[],"class_list":["post-4298","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-features","category-online"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/journals.law.harvard.edu\/nsj\/wp-content\/uploads\/sites\/82\/2014\/02\/21990750.cms_.jpg?fit=400%2C300&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/peZtUX-17k","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/posts\/4298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/comments?post=4298"}],"version-history":[{"count":0,"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/posts\/4298\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/media\/4302"}],"wp:attachment":[{"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/media?parent=4298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/categories?post=4298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.harvard.edu\/nsj\/wp-json\/wp\/v2\/tags?post=4298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/b><\/p>\n
\n<\/b><\/p>\n
<\/p>\n
\n