Senator Ron Wyden Slams Cybersecurity Legislation Proposals For Eroding Trust & Privacy

from the privacy-should-be-the-default,-not-the-exception dept

Senator Ron Wyden took to the floor of the Senate earlier this week to speak out against pretty much all of the current cybersecurity proposals out there arguing that “privacy should be the default, not the exception.” While noting that narrowly targeted cybersecurity rules could be helpful in protecting consumers, he stated that it seems clear that these bills are much more focused on opening up the internet for government to spy and monitor activities online:

The full speech is chock full of good points, such as the importance of trust in creating a functioning internet, and how these bills can ruin that by cutting away at our privacy:

Congress’ effort to develop a comprehensive approach to cyber security must not erode that trust. When Americans go online to consume digital services and goods, they must believe and know with some certainty that their privacy is adequately protected. The content Americans consume must be at least as private as their library records, video rentals, and book purchases in the brick and mortar world. Our law enforcement and Intelligence agencies should not be free to monitor and catalog the speech of Americans just because it’s online.

But the bill passed by the other body, known as CISPA, would erode that trust. As an attempt to protect our networks from real cyber-threats CISPA is an example of what not to do. CISPA repeals important provisions of existing electronic surveillance law that have been on the books for years without instituting corresponding privacy, confidentiality, and civil liberties safeguards. It creates uncertainty in place of trust, it erodes statutory and constitutional civil rights protections, and it creates a surveillance regime in place of the targeted, nimble, cyber-security program that is needed to truly protect this nation.

Unfortunately, S. 2105, the bill before the Senate shares some of these defects. Currently Internet services and service providers have agreements with their customers that allow them to police and protect their networks and users. Rather than simply allowing these internet companies to share information on users who violate their contracts and pose a security threat, the House and Senate proposals authorize a broad based information sharing regime that can operate with impunity. This would allow the personal data of individual Americans to be shared across a multitude of bureaucratic, military, and law enforcement agencies. This takes place regardless of the privacy agreements individual Americans have with their service providers.

In fact, both the House and Senate bills subordinate all existing privacy rules and constitutional principles to the poorly defined interest of “cyber-security.”

Wyden goes even further later in the speech noting — as many of us have been arguing all along — that these bills are a massive overreaction to the possibility of an issue, which are much more about ways for government contractors to profit from fear:

As they stand, these bills are an overreaction to a legitimate fear. The American people will respond by limiting their online activities. That’s a recipe to stifle speech, innovation, job creation, and social progress.

I believe these bills will encourage the development of a cyber security industry that profits from fear and whose currency is Americans private data. These bills create a Cyber Industrial Complex that has an interest in preserving the problem to which it is the solution.

There’s a lot more in the speech that’s worth hearing, so check it out.

Filed Under: cispa, cybersecurity, overreaction, ron wyden