The Supreme Court isn’t going to require Congress to provide more funding for the judicial system. Neither Congress nor the judicial branch have the resources to deal with these kinds of issues. The federal court system is going to be just as gridlocked as Congress is, giving corporations a free pass to do whatever they want. I have to assume this was the intended result.
While I'm not sure exactly what to make of Chevron ruling, I have to say from Ops side, I would be happy to see decrease in the number of cybersecurity regulations/certifications. I think it's causing more harm than good. Why? Because InfoSec is spending more time on making check marks instead of actually improving our security posture.
Also, almost every regulation allows business needs to override security by just writing up something. Last 3 companies I've been hacked despite being SOC2/ISO27000 certified because there was that out of date, internet facing system due to be replaced in 2020, we promise.
Companies have some incentive to check the boxes, because they are often required to.
Do companies have any incentive to improve their actual security posture? Has a company ever been harmed by having a poor security posture?
I get your argument, there's some truth behind it. Being able to focus on actual security and less on security theater could be a good thing. But cynically, I think we're replacing a real incentive (security checkboxes), with non-incentives (actual security).
I work in the industry and partially disagree with OP.
There is credentialling BS but it's not regulators that push that.
Regulators like the SEC instead require disclosure of breaches when they happen, and agencies like CISA have stepped in to remediate and fix deficient organizations after an attack (Hartsfield-Jackson Atlanta International Airport is a notable example)
Now with Chevron removed, a breached entity could sue against mandated disclosure or government mandated remediation.
It's such a farce. You got a 70% on a multiple choice test and now you are "certified" in information security, nevermind that you don't know how to actually produce anything (neither a "dev" nor an "op"). But hey, the c-suite who hired you can only read pie charts and bar graphs, and is paid top dollar to make sure those boxes get checked, not to know how anything actually works.
So you buy a bunch of automated scanning tools, pester the sysadmins to install multiple root-kits on all the servers, generate a bunch of PDF reports, and email them to those same sysadmins. You know, to help out the people who have been _achieving_ security (not just talking about it) for years. You rely on them to implement or document everything for you, but it never occurs that they could teach you a thing or two because they are not "certified". What they would consider their nuanced opinion tempered by years of experience comes across to you and your c-suite boss as complacent and change-resistant excuse-making.
Chevron deference came from a case in 1984, so any "sky is falling" argument should explain why the sky didn't fall before then.
Note that the Natural Resources Defense Council was the LOSING litigant in that case. (I don't understand why Chevron, the evil oil company, was defending the EPA's authority, but ....)
I mention that because many of the groups arguing now that eliminating Chevron deference is horrible argued the exact opposite in 1984.
What are you taking about? A river literally started on fire because it was so polluted, which prompted the formation of the EPA. The sky absolutely “was falling” prior to 1984, it just took folks way longer than it should have to figure out how badly corporations were destroying our lakes and rivers.
> I don't understand why Chevron, the evil oil company, was defending the EPA's authority
Because in 1981, Reagan was sworn in and the EPA began deregulating. NRDC sued to block the EPA’s then-updated interpretation of the word “source” in the Clean Air Act, which provided companies a way to bypass certain regulations. Chevron liked this, and liked the direction Reagan was taking the EPA, so it suited them to argue for deference to the agency’s interpretations.
Now that the administrative agencies have been adopting more aggressively left-wing interpretations, it suits the right wing to remove that deference.
Presumably, the Supreme Court will just change its mind again if Republicans hold government again and it becomes expedient for them.
So because of the high amounts you can sue for in the US, we are now seeing the dangers of the type of regulation that the EU has just enacted with the Cyber Security Resilience act as well ?
The simplest thing you can do do is to make Federal agencies' tightfisted regulations into a guideline with a hook: a hook tied with Federal fundings contigent with such "guidelines".
> On June 28, 2024, the Supreme Court struck down a legal principle known as the Chevron Doctrine (or Deference). This doctrine dates to a 1984 Supreme Court ruling (Chevron v Natural Resources Defense Council) that allows federal agencies to use their own expertise to interpret ambiguities in the law.
On July 4, 1776, the Continental Congress struck down the legal principle known as the Divine Right of Kings. This doctrine dates to 3300 BC and allows the King to use his wisdom and expertise to make the law.
This loss of this principle will make creating and enforcing rules on people much harder as there will no longer just be a single person who must be convinced but will often involve long negotiations between different factions of the governed to obtain their consent.
It will lead to the destruction of the administrative state, which was the intended result, and which people have apparently forgotten helps keep a lot of people alive and cancer-free. I mean, how many rivers need to catch on fire again before we learn this lesson a second time?
It is an unassailable fact that the New Deal and Great Society initiatives did not require Chevron deference. It is odiously brazen to claim otherwise.
No honest person can credit Chevron for the existence of the administrative state, because the administrative state was at its height before Chevron was ever decided.
The power doesn't stop with the courts though, the courts will merely decide whether the power is with the agency or with congress.
In the rare case that congress can function and act on issues as subtle as cyber security, congress passes laws. Those laws may then be struck down as unconstitutional based on things that are not written in the constitution, and in the end the laws are executed by the President who has no incentive to regard the laws in his official duties.
I mean, we didn't really allow them to. Presidents who lost the popular vote appointed them, after other appointees were politically blocked under false pretenses in the Senate ("can't do it in an election year, unless you're a very specific president"). In aggregate, Americans poll much further left than this activist, rightwing court, but that doesn't matter when the electoral minority keeps on winning.
Don't worry, though. The Court has made their decision, now let them enforce it.
