Cybersecurity Bill Backers Insist This Isn't SOPA... But Is It Needed?

from the think-they're-scared? dept

Lots of folks have been waiting on the Senate's version of the cybersecurity bill that's been talked about for a while, and what's clear from the details and the press release put out by the Senate Commerce, Science & Transportation Committee is that the folks behind this bill are bending over backwards to point out that this bill is not like SOPA:
The Senators stressed that the Cybersecurity Act of 2012 in no way resembles the Stop Online Piracy Act or the Protect Intellectual Property Act, which involved the piracy of copyrighted information on the internet. The Cybersecurity Act involves the security of systems that control the essential services that keep our nation running—for instance, power, water, and transportation.
Indeed, the details make it clear that the bill is much more limited than previous versions (or suggestions). For example it has dropped the idea of a "kill switch" (which was already exaggerated) and made it clear that private companies could appeal any security regulations that they fall under. It certainly appears that the bill is designed to be limited by focusing on core "critical infrastructure" -- such that it only will apply to those facilities where a disruption "would cause mass death, evacuation, or major damage to the economy, national security, or daily life." Of course, that could be interpreted broadly. Hell, the MPAA would argue that file sharing created "major damage to the economy," even if there's little to no evidence to support that.

A bigger question, however, should be whether there is any empirical evidence that we need this cybersecurity bill. I'm not saying that it's absolutely not needed -- and I'm glad that it appears the backers of the bill are trying to bend over backwards to hear from all concerned parties (and to avoid a SOPA-like situation). But one of the key things that we learned from SOPA is that Congress needs to stop pushing legislation without real evidence of the nature of the problem, and the evidence here remains lacking. The article linked above, by Jerry Brito and Tate Watkins, highlights all of the hype around cybersecurity and the near total lack of evidence of a problem, other than ominous "trust us, it's a problem!" scare-mongering. They have three suggestions before moving forward with cybersecurity legislation:
  • Stop the apocalyptic rhetoric. The alarmist scenarios dominating policy discourse may be good for the cybersecurity-industrial complex, but they aren’t doing real security any favors.

  • Declassify evidence relating to cyber threats. Overclassification is a widely acknowledged problem, and declassification would allow the public to verify the threats rather than blindly trusting self-interested officials.

  • Disentangle the disparate dangers that have been lumped together under the “cybersecurity” label. This must be done to determine who is best suited to address which threats. In cases of cybercrime and cyberespionage, for instance, private network owners may be best suited and have the best incentives to protect their own valuable data, information, and reputations.
Good luck seeing any of that happen, of course. The big companies pushing this bill are profiting heavily off of the fear, as the government spends billions on "cybersecurity." This bill would ensure the gravy train continues, even as the evidence suggests that the "hacking" threat may be less and less of an issue. Of course, most of the press loves to just lap up claims of threats and damages without digging into the details. Fear about impending cyberdoom attracts attention. Talking about reality doesn't.

Of course, who knows if this bill will ever actually get anywhere. Already, many in the Senate are pushing back and asking Senator Harry Reid to slow down with the bill.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 14 Feb 2012 @ 9:03pm

    Re classified material, it is a truism that there is a lot of overclassification taking place, though my experience regarding same is that almost always it results from a good faith application of classification guidelines established in accordance with longstanding executive orders.

    This nothwithstanding, time and time again I have seen extremely sensitive information that by anyone's definition reveals matters of serious national concerns, the very type of information those inclined to act against our nationat interests would love to have because of the havoc they could wreak.

    While perhaps some useful information might be able to be declassified and released, I believe it is clear that the last thing anyone wants to do is expose their vulnerabilities to the other side, and that such information is extensive and detailed.

    Moreover, cybersecurity is more than just locking down systems from third party attacks in the conventional sense. It also includes, among many others, what is known as "ruggedizing" to the point that even physical attacks are taken into consideration. This is a quite common term used throughout all aspects of the aerospace industry. both commercial and military.

    Is the magnitude of the threat unbelievably large? I honestly do not know. Is it sufficiently real that prudence dictates its being addressed? Almost certainly.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.