Forget SOPA, You Should Be Worried About This Cybersecurity Bill

from the this-is-not-good dept

While most folks are looking elsewhere, it appears that Congress is trying to see if it can sneak an absolutely awful "cybersecurity" bill through Congress. We've discussed how there's been some fighting on the Senate side concerning which cybersecurity bill to support, but there's a similar battle going on in the House, and it appears that the Rogers-Ruppersberger bill, known as CISPA (for Cyber Intelligence Sharing and Protection Act) or HR 3523 is winning out, with a planned attempt to move it through Congress later this month. The bill is awful -- and yet has somehow already gained over 100 sponsors. In an attempt to pretend that this isn't a "SOPA-like" problem, the supporters of this bill are highlighting the fact that Facebook, Microsoft and TechAmerica are supporting this bill.

However, this is a terrible bill for a variety of reasons. Even if we accept the mantra that new cybersecurity laws are needed (despite a near total lack of evidence to support this -- and, no, fearmongering about planes falling from the sky doesn't count), this bill has serious problems. As CDT warned when this bill first came out, it's way too broad and overreaching:
However, the bill goes much further, permitting ISPs to funnel private communications and related information back to the government without adequate privacy protections and controls. The bill does not specify which agencies ISPs could disclose customer data to, but the structure and incentives in the bill raise a very real possibility that the National Security Agency or the DOD’s Cybercommand would be the primary recipient.
If it's confusing to keep track of these different cybersecurity bills, the ACLU has put together a handy dandy (scary) chart (pdf) comparing them all. And what comes through loud and clear is that the Rogers-Ruppersberger CISPA bill will allow for much greater information sharing of companies sending private communication data to the government -- including the NSA, who has been trying very, very hard to get this data, not for cybersecurity reasons, but to spy on people. CISPA has broad definitions, very few limits on who can get the data, almost no limitations on how the government can use the data (i.e. they can use it to monitor, not just for cybersecurity reasons) and (of course) no real oversight at all for how the data is (ab)used.

CDT has put together a reasonable list of 8 things that should be done if politicians don't want to turn cybersecurity into a new SOPA, but so far, Congress is ignoring nearly all of them. Similarly, EFF is asking people to speak out against CISPA, noting that it basically creates a cybersecurity exemption to all existing laws. If the government wants your data, it just needs to claim that it got it for "cybersecurity purposes" and then it can do pretty much whatever it wants.

This is a really bad bill and it looks like it's going to pass unless people speak up.

Filed Under: cispa, cybersecurity, monitoring, privacy, rogers-ruppersberger, sopa

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    That Anonymous Coward (profile), 4 Apr 2012 @ 2:50am

    Re: Re: Re: Re: Re:

    I've got the right avatar so I'll speak up.

    LulzSec was entertaining.
    LulzSec pointed out the amazing disparity of security out on the web.
    Everyone wants to pillory LulzSec, but how much shit did Sony catch for not patching well documented holes into their systems? Oh thats right they decided to skip the Congressional Hearing on the matter. They get to write off the "credit monitoring" and cry about how much it cost, when they could have spent much less previously to I dunno encrypt the freaking data.

    LulzSec did something people needed to see, there is no great and powerful Oz there is a scared little man behind a curtain.

    Lulzsec gave us amazing headlines of Cybergeddon!!!! Blargh...
    No one has questioned the media and their total lack of reality in their reports.

    Do I think they are the bestest people on the planet, nope.
    But they haven't disappeared anyone into a black ops site somewhere else in the world to torture information out of them.

    Truth - they defaced and took down a front facing website of no real consequence.

    Truth - they defaced and took down a front facing website to prove a point, a hacked website should NOT be considered an act of war.

    Truth - using an unsecured outsourced site should be illegal. Storing sensitive information on those servers should be a crime.

    So other than your demand, why should anyone else who is part of the "anti-SOPA" crowd bother to make a statement on what some gifted kiddies did? They aren't congresscritters who have to get soundbites out to make sure they are on the right side of the issue.

    The FBI arresting LulzSec will be a mistake. It will motivate more people to continue the work. It shows that with all of the corruption and problems in the world the greatest crime is to show contempt for a corporation.

    Oh and Mike isn't responsible for user comments, they are made by OTHER people rather than the other voices you hear in your head.

    While the actions of LulzSec might have sped up the timetable to pretend this bill wasn't already in the planning stages is delusional. The cranky old men have figured out the kids are using the new fangled interwebs thing to plot against them and speak out, and they need to be stopped.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.