The Universe of Disco


Thu, 11 Jun 2020

Malicious trojan horse code hidden in large patches

This article isn't going to be fun to write but I'm going to push through it because I think it's genuinely important. How often have you heard me say that?

A couple of weeks ago the Insurrection Act of 1807 was in the news. I noticed that the Wikipedia article about it contained this very strange-seeming claim:

A secret amendment was made to the Insurrection Act by an unknown Congressional sponsor, allowing such intervention against the will of state governors.

“What the heck is a ‘secret amendment’?” I asked myself. “Secret from whom? Sounds like Wikipedia crackpottery.” But there was a citation, so I could look to see what it said.

The citation is Hoffmeister, Thaddeus (2010). "An Insurrection Act for the Twenty-First Century". Stetson Law Review. 39: 898.

Sometimes Wikipedia claims will be accompanied by an authoritative-seeming citation — often lacking a page number, as this one did at the time — that doesn't actually support the claim. So I checked. But Hoffmeister did indeed make that disturbing claim:

Once finalized, the Enforcement Act was quietly tucked into a large defense authorization bill: the John Warner Defense Authorization Act of 2007. Very few people, including many members of Congress who voted on the larger defense bill, actually knew they were also voting to modify the Insurrection Act. The secrecy surrounding the Enforcement Act was so pervasive that the actual sponsor of the new legislation remains unknown to this day.

I had sometimes wondered if large, complex acts such as HIPAA or the omnibus budget acts sometimes contained provisions that were smuggled into law without anyone noticing. I hoped that someone somewhere was paying attention, so that it couldn't happen.

But apparently the answer is that it does.


[Other articles in category /law] permanent link