Can CISPA Be Fixed?

from the perhaps-not dept

We’ve been arguing for quite some time now that we’d like to see the actual evidence for why a “cybersecurity” bill is actually needed. We’ve heard fearmongering and warnings of planes falling from the skies, but no evidence that there’s a real problem here — or, if there is a problem, that it needs a legislative solution. And yet, still, CISPA moves forward. Of course, while we still believe that some amendments could fix some of the more egregious problems with CISPA, there is still the big question of whether or not it’s needed at all. Larry Downes has taken on the question of whether or not CISPA can be fixed and has decided that it cannot be, and that it represents a real threat to some key elements of the internet ecosystem. He lists out some key rules for policy makers (and goes into great detail on each, so click through):

  • Don’t legislate technology using definitions that are either too specific or too general
  • Don’t legislate technology until you can articulate concrete and calculable harms
  • Don’t encourage or require information sharing with the government unless it’s unavoidable

All of this seems quite reasonable… which is why it’s an uphill battle to get people to follow through on it.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Can CISPA Be Fixed?”

Subscribe: RSS Leave a comment
41 Comments
Rekrul says:

You’re working on the assumption that CISPA is a legitimate bill meant to address a legitimate concern and that it will be abused for things the creators of the bill never intended.

The truth is that CISPA was intended right from the start to be a general purpose spying bill that the creators wanted to be vague so that it could be used for virtually anything.

Jose_X (profile) says:

Re:

I’m not arguing for more spying, but are people really looking at this from the point of view of a group of people (federal government leadership of the US) who feel personally vulnerable to death plots on a daily basis and who since 911 no longer feel this threat is theoretical?

Besides that, isn’t it likely our military leaders who protect them and also see their own lives vulnerable are also pressing on legislators (and we know it’s not easy for them to say not to these guys)?

To a lesser extent, a lot of major business leaders and wealthy individuals likely are pressing as well since they probably see major financial losses at risk (if not their own necks).

This personal threat aside, how can anyone argue point blank that preserving the state of order at the federal level is not in the best interests of individual Internet users? Do people really think the Internet will keep humming along without fights and blackouts if the federal government takes a brutal hit?

Again, this is not to argue for any specific proposal in this or any bill, but the comments sometimes suggest people aren’t recognizing what can reasonably be an elevated state of fear in the collective mind of DC. Not only are some of their concerns legitimate, but if you don’t understand where they are coming from, you will have a harder time being heard clearly. [I’m fairly sure these major groups opposing the bill have thought about this, and that should be one reason why they might be willing to accept an imperfect bill.]

Jose_X (profile) says:

CISPA is broken because of one fact...

Comment http://www.techdirt.com/articles/20120426/00203318660/can-cispa-be-fixed.shtml#c349 below, including, “this is not to argue for any specific proposal in this or any bill, but the comments sometimes suggest people aren’t recognizing what can reasonably be an elevated state of fear in the collective mind of DC.”

John Fenderson (profile) says:

Re:

Again, this is not to argue for any specific proposal in this or any bill, but the comments sometimes suggest people aren’t recognizing what can reasonably be an elevated state of fear in the collective mind of DC. Not only are some of their concerns legitimate, but if you don’t understand where they are coming from, you will have a harder time being heard clearly.

I think most people understand all that pretty well. But that they have an irrationally elevated level of fear doesn’t mean that we need to tolerate their irrational legislative responses.

Rich Kulawiec (profile) says:

Re:

[…] but are people really looking at this from the point of view of a group of people (federal government leadership of the US) who feel personally vulnerable to death plots on a daily basis and who since 911 no longer feel this threat is theoretical?

Anyone who feels that way is (a) an idiot and (b) a coward. They should be removed from public service immediately and permanently: they’re simply not good enough to serve the citizens of the United States.

Anonymous Coward says:

Re:

If we’re at so much risk why isn’t the first step to improve our defenses? CISPA does absolutely nothing to incentivize basic IT security like patching vulnerabilities as quickly as possible and instead encourages pro-active monitoring of private communications by both third-parties service providers and the government. Does the bill do anything to encourage vulnerabilities are reported to vendors and patched as quickly as possible? No, in fact the nature of the bill is such that these kinds of things will go unreported so that ‘they’ won’t know that the government knows that they exist. Which seems great for the government and their industry partners (but is actually just going to shoot them in the foot in the long run) and at the user level will actually make individuals less safe.

The bill doesn’t preserve the state of order at the federal level. It creates an illusion of order at the federal level that will be disastrous for individual users and will ultimately leave the federal level more vulnerable longer term. That’s without even getting into the major issue that broad immunity from liability presents in any bill.

Rekrul says:

Re:

This personal threat aside, how can anyone argue point blank that preserving the state of order at the federal level is not in the best interests of individual Internet users? Do people really think the Internet will keep humming along without fights and blackouts if the federal government takes a brutal hit?

What’s wrong with writing a narrowly defined bill that can be used for real threats, not used for anything under the sun and which has real penalties for its abuse?

Is a denial of service attack on a web site really a serious enough threat that we need a new law and extra harsh new punishments to deal with it? Especially considering that it’s the online equivalent of the Occupy Wallstreet movement. And should private companies really have blanket immunity for sharing customer’s private data regardless of whether there was a valid reason to do so or not?

If this bill was written so that it only applied to cyber threats that actually endangered lives of threatened the stability of the net, and which included penalties for the abuse of said law, nobody would have a problem with it.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...