Cybersecurity Bill Backers Insist This Isn't SOPA... But Is It Needed?

from the think-they're-scared? dept

Lots of folks have been waiting on the Senate's version of the cybersecurity bill that's been talked about for a while, and what's clear from the details and the press release put out by the Senate Commerce, Science & Transportation Committee is that the folks behind this bill are bending over backwards to point out that this bill is not like SOPA:
The Senators stressed that the Cybersecurity Act of 2012 in no way resembles the Stop Online Piracy Act or the Protect Intellectual Property Act, which involved the piracy of copyrighted information on the internet. The Cybersecurity Act involves the security of systems that control the essential services that keep our nation running—for instance, power, water, and transportation.
Indeed, the details make it clear that the bill is much more limited than previous versions (or suggestions). For example it has dropped the idea of a "kill switch" (which was already exaggerated) and made it clear that private companies could appeal any security regulations that they fall under. It certainly appears that the bill is designed to be limited by focusing on core "critical infrastructure" -- such that it only will apply to those facilities where a disruption "would cause mass death, evacuation, or major damage to the economy, national security, or daily life." Of course, that could be interpreted broadly. Hell, the MPAA would argue that file sharing created "major damage to the economy," even if there's little to no evidence to support that.

A bigger question, however, should be whether there is any empirical evidence that we need this cybersecurity bill. I'm not saying that it's absolutely not needed -- and I'm glad that it appears the backers of the bill are trying to bend over backwards to hear from all concerned parties (and to avoid a SOPA-like situation). But one of the key things that we learned from SOPA is that Congress needs to stop pushing legislation without real evidence of the nature of the problem, and the evidence here remains lacking. The article linked above, by Jerry Brito and Tate Watkins, highlights all of the hype around cybersecurity and the near total lack of evidence of a problem, other than ominous "trust us, it's a problem!" scare-mongering. They have three suggestions before moving forward with cybersecurity legislation:
  • Stop the apocalyptic rhetoric. The alarmist scenarios dominating policy discourse may be good for the cybersecurity-industrial complex, but they aren’t doing real security any favors.

  • Declassify evidence relating to cyber threats. Overclassification is a widely acknowledged problem, and declassification would allow the public to verify the threats rather than blindly trusting self-interested officials.

  • Disentangle the disparate dangers that have been lumped together under the “cybersecurity” label. This must be done to determine who is best suited to address which threats. In cases of cybercrime and cyberespionage, for instance, private network owners may be best suited and have the best incentives to protect their own valuable data, information, and reputations.
Good luck seeing any of that happen, of course. The big companies pushing this bill are profiting heavily off of the fear, as the government spends billions on "cybersecurity." This bill would ensure the gravy train continues, even as the evidence suggests that the "hacking" threat may be less and less of an issue. Of course, most of the press loves to just lap up claims of threats and damages without digging into the details. Fear about impending cyberdoom attracts attention. Talking about reality doesn't.

Of course, who knows if this bill will ever actually get anywhere. Already, many in the Senate are pushing back and asking Senator Harry Reid to slow down with the bill.

Filed Under: cybersecurity, fear, hype, laws, online security, regulations, sopa

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    That Anonymous Coward (profile), 14 Feb 2012 @ 10:52pm

    After the SOPA/PIPA cluster, where the Congresscritters reveled in their total ignorance of of how the net works, shouldn't we demand they get a course from an outside group to explain all of these "doomsday scenarios" in real terms?

    The media loves to run in circles screaming Anonymous (because only those cyberterrorists could ever do it) took down the CIA web page!!! Intelligent people look at it as, an outward facing website of no great significance or import was knocked offline by some script kiddies. That is the lesson we need to impart to them, that most of these "threats" do not exist and will not be solved by throwing more money at the problem.

    One of the most important lessons they should learn is to look at how much money was wasted by DHS/TSA on the tech that was going to answer all of the problems and streamline the process. It is sitting in warehouses, because it does not work and we are still getting the rest of them we paid for. Throwing more money at it will not make them work, the man selling you the magic beans just wants to take your cow... if you can't figure that one out you should not be making laws.

    Obligatory XKCD

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.