Cybersecurity Bill Backers Insist This Isn't SOPA... But Is It Needed?

from the think-they're-scared? dept

Lots of folks have been waiting on the Senate's version of the cybersecurity bill that's been talked about for a while, and what's clear from the details and the press release put out by the Senate Commerce, Science & Transportation Committee is that the folks behind this bill are bending over backwards to point out that this bill is not like SOPA:
The Senators stressed that the Cybersecurity Act of 2012 in no way resembles the Stop Online Piracy Act or the Protect Intellectual Property Act, which involved the piracy of copyrighted information on the internet. The Cybersecurity Act involves the security of systems that control the essential services that keep our nation running—for instance, power, water, and transportation.
Indeed, the details make it clear that the bill is much more limited than previous versions (or suggestions). For example it has dropped the idea of a "kill switch" (which was already exaggerated) and made it clear that private companies could appeal any security regulations that they fall under. It certainly appears that the bill is designed to be limited by focusing on core "critical infrastructure" -- such that it only will apply to those facilities where a disruption "would cause mass death, evacuation, or major damage to the economy, national security, or daily life." Of course, that could be interpreted broadly. Hell, the MPAA would argue that file sharing created "major damage to the economy," even if there's little to no evidence to support that.

A bigger question, however, should be whether there is any empirical evidence that we need this cybersecurity bill. I'm not saying that it's absolutely not needed -- and I'm glad that it appears the backers of the bill are trying to bend over backwards to hear from all concerned parties (and to avoid a SOPA-like situation). But one of the key things that we learned from SOPA is that Congress needs to stop pushing legislation without real evidence of the nature of the problem, and the evidence here remains lacking. The article linked above, by Jerry Brito and Tate Watkins, highlights all of the hype around cybersecurity and the near total lack of evidence of a problem, other than ominous "trust us, it's a problem!" scare-mongering. They have three suggestions before moving forward with cybersecurity legislation:
  • Stop the apocalyptic rhetoric. The alarmist scenarios dominating policy discourse may be good for the cybersecurity-industrial complex, but they aren’t doing real security any favors.

  • Declassify evidence relating to cyber threats. Overclassification is a widely acknowledged problem, and declassification would allow the public to verify the threats rather than blindly trusting self-interested officials.

  • Disentangle the disparate dangers that have been lumped together under the “cybersecurity” label. This must be done to determine who is best suited to address which threats. In cases of cybercrime and cyberespionage, for instance, private network owners may be best suited and have the best incentives to protect their own valuable data, information, and reputations.
Good luck seeing any of that happen, of course. The big companies pushing this bill are profiting heavily off of the fear, as the government spends billions on "cybersecurity." This bill would ensure the gravy train continues, even as the evidence suggests that the "hacking" threat may be less and less of an issue. Of course, most of the press loves to just lap up claims of threats and damages without digging into the details. Fear about impending cyberdoom attracts attention. Talking about reality doesn't.

Of course, who knows if this bill will ever actually get anywhere. Already, many in the Senate are pushing back and asking Senator Harry Reid to slow down with the bill.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 15 Feb 2012 @ 11:18am

    Re: Re: Re: Re:

    All of the materials I have read regarding this issue involves private contractors only doing work under USG contracts. The materials also reveal that the companies interested in doing the work are among the most technically advanced...bar none...you will find anywhere.

    Would any resulting contract be large in amount? Almost certainly, but then you have to understand that these companies are faced daily with seemingly impossible tasks governed by incredibly complex Statements of Work having technical specifications that push, if not exceed, the current limits of technology. I have no reason to doubt that a contract associated with this issue would make the same demands.

    Disclaimer: At one time or another I have served as counsel (in-house and outside) for Martin Marietta, Lockheed Martin, SAIC, and L-3. While this does not lead me to necessarily conclude that the work is a mandatory matter of national security, it does give me insight into the complexity of what they do that gives rise to my comments. For example, it is trivial to develop and manufacture a circuit card suitable for commercial use. How many times, however, has the commercial market ever required such a circuit card to withstand an instantaneous acceleration of over 30 G's, temperature specs from deep space to extreme heat, data processing speeds that people can only begin to imagine, etc? The first time I ever read a the technical requirements of a government spec my reaction was "You have got to be kidding me!"

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.