Matt Pogue: 1/Here comes SCOTUS with another kick in the balls. Now they've decided - contrary to 40 yrs of precedent - ALL Fed gov agency regs are within the purview of the courts, rather than deferring to the agency creating the reg. "But Matt, what does that mean?" I'm glad you asked, hypothetical person!

1/Here comes SCOTUS with another kick in the balls. Now they've decided - contrary to 40 yrs of precedent - ALL Fed gov agency regs are within the purview of the courts, rather than deferring to the agency creating the reg. "But Matt, what does that mean?" I'm glad you asked, hypothetical person!

SCOTUS' Chevron ruling could weaken federal cybersecurity regulations, as FCC data breach reporting requirements and other rules are likely to be challenged (Cynthia Brumfield/CSO) Main Link | Techmeme Permalink

2/When Congress passes a law delegating authority to an agency to regulate something - think EPA + clean air/water, FTC + cybersecurity generally - they don't prescribe every single action to be taken. It's left to the agencies to create specific regs that can evolve over time.

3/The authority of agencies was generally upheld in Chevron v. NRDC in 1984 - supreme.justia.com/cases/federa.... I'm not going to argue agencies are perfect. Has there been overreach and bad policy? Duh. But it's a workable system and SCOTUS specifically added that the reg must be "reasonable".

Chevron U.S.A., Inc. v. NRDC, 467 U.S. 837 (1984)supreme.justia.com Chevron U.S.A., Inc. v. NRDC: A government agency must conform to any clear legislative statements when interpreting and applying a law, but courts will give the agency deference in ambiguous situatio...

4/The word "reasonable" left open the ability for courts (and Congress of course) to overrule an agency if it found a reg was unreasonable, but it's a tough row to hoe and was generally only attempted when the reg was egregiously over the top. With this new ruling, that entire process is upended.

5/Now IANAL (teehee), but you better believe that EVERY industry under any type of regulation whatsoever has their lawyers working overtime to bring new cases. Given that nearly every major US industry is a functional monopoly, this ruling seals our fate in terms of imposing ANY accountability.

6/Specifically relating to cybersecurity, there have been a slew of regs over the last few years attempting to set breach reporting requirements and other basic minimum best practices. These will now all be up for appeal, and given the makeup of the Fed courts, many will probably be rolled back.

7/Aside from cyber, this ruling will impact a broad spectrum of society itself. Govt regs are where Congressional mandates crystallize into actual policies that impact industries. Give them props - the conservatives have outplayed liberals in the long game and now we've crossed the Rubicon.

Post