Forget SOPA, You Should Be Worried About This Cybersecurity Bill
from the this-is-not-good dept
However, this is a terrible bill for a variety of reasons. Even if we accept the mantra that new cybersecurity laws are needed (despite a near total lack of evidence to support this -- and, no, fearmongering about planes falling from the sky doesn't count), this bill has serious problems. As CDT warned when this bill first came out, it's way too broad and overreaching:
However, the bill goes much further, permitting ISPs to funnel private communications and related information back to the government without adequate privacy protections and controls. The bill does not specify which agencies ISPs could disclose customer data to, but the structure and incentives in the bill raise a very real possibility that the National Security Agency or the DOD’s Cybercommand would be the primary recipient.If it's confusing to keep track of these different cybersecurity bills, the ACLU has put together a handy dandy (scary) chart (pdf) comparing them all. And what comes through loud and clear is that the Rogers-Ruppersberger CISPA bill will allow for much greater information sharing of companies sending private communication data to the government -- including the NSA, who has been trying very, very hard to get this data, not for cybersecurity reasons, but to spy on people. CISPA has broad definitions, very few limits on who can get the data, almost no limitations on how the government can use the data (i.e. they can use it to monitor, not just for cybersecurity reasons) and (of course) no real oversight at all for how the data is (ab)used.
CDT has put together a reasonable list of 8 things that should be done if politicians don't want to turn cybersecurity into a new SOPA, but so far, Congress is ignoring nearly all of them. Similarly, EFF is asking people to speak out against CISPA, noting that it basically creates a cybersecurity exemption to all existing laws. If the government wants your data, it just needs to claim that it got it for "cybersecurity purposes" and then it can do pretty much whatever it wants.
This is a really bad bill and it looks like it's going to pass unless people speak up.