The CISPA Circus Goes To Baltimore With Another Misleading 'Local Pride' Editorial
from the maryland-versus-china dept
Recently, I responded to an editorial by CISPA author Mike Rogers in the Detroit News, wherein he took some blatant China fearmongering and targeted it at Michigan's specific industry concerns to rouse the local rabble in CISPA's favor. Now Rep. Ruppersberger—the other driving force behind the bill—is applying the same tactic in Maryland, with an editorial in the Baltimore Sun that focuses on the supposed cyber-threat to the life sciences industry:
Here in Maryland, for example, our growing life sciences sector has generated one-third of all job gains over the last 10 years. It's now supporting more than $9.6 billion in salaries for Maryland families and contributes nearly $500 million to incomes and sales tax revenues each year.
The 500 bioscience companies in Maryland are developing ground-breaking therapies for diseases like muscular dystrophy, inventing state-of-the-art medical devices and testing cutting-edge vaccines. These innovations are valuable and worth protecting. Indeed, just like designer handbags or secret family recipes, many want to imitate — and even duplicate — such successes.
For decades, countries like China have been using every means possible to steal the ideas of American corporations. Today, thousands of highly trained Chinese, Russian and Iranian hackers are pilfering our trade secrets by breaking into the computer networks of U.S. corporations. And we're leaving the door unlocked for them.
Something seems off about comparing the desire to copy new disease therapies with the desire to make knockoff handbags, but I guess that was just meant to clarify things for anyone who didn't understand why ground-breaking medical research is valuable. Of more concern is his statement that the door is left "unlocked"—a blatant exaggeration that makes it sound like CISPA's data-sharing provisions are the difference between airtight security and no security at all, even though security experts question whether CISPA would have any real impact. He then goes on to do exactly what I criticized Rogers for doing, by focusing in on the one (supposedly) useful and genuine cybersecurity aspect of the bill while ignoring the rest:
Currently, the U.S government can identify malicious computer code that could be an incoming cyber attack on a government or corporate network. But the law won't allow us to share this information with private companies so that they can protect themselves.
That's why House Intelligence Committee Chairman Mike Rogers, a Michigan Republican, and I have crafted the Cyber Intelligence and Sharing Protection Act (H.R. 3523), which the House overwhelmingly passed this month in a bipartisan vote. This common-sense bill will simply allow the federal government and American companies to share suspicious computer code. Despite recent media reports, the bill does not authorize the government to monitor your computer use or read your email, Tweets or Facebook posts. Nor does it authorize the government to shut down websites or require companies to turn over personal information.
This is just a bunch of half-truths, semantics and disingenuous statements. Firstly, while there may be some data sharing the government wants to do that is currently blocked by the law, there are also existing mechanisms that allow some sharing to happen. Rather than carve out specific exceptions to the specific laws that are getting in the way, CISPA creates broad immunity provisions that wipe out all existing privacy concerns.
Secondly, the bill does not "simply" allow what Ruppersberger says it allows. CISPA's definition of the information that can be shared allows for much more than just "suspicious computer code," instead potentially including all sorts of tangential data related to a network attack—which, yes, could include lots of personal information. CISPA also does not limit the government to using this information for merely technical purposes related to cybersecurity—it permits them to dig through whatever data they collect for evidence of certain types of crime. You'll notice that investigating violent crime and child exploitation (both specifically listed in the text of CISPA) are not mentioned anywhere in this editorial.
Thirdly, while both of Ruppersberger's assertions about what the bill "does not authorize" the government to do are technically accurate, only the latter is giving the full story. It's true that CISPA does not permit the government to shut down websites or require information from companies—but as for monitoring people and reading their communications, as I just described, it's a bit more complicated. No, CISPA does not allow the government to go out and monitor whoever they wish, but it does allow them to thoroughly mine whatever data is given to them—data that will undoubtedly include private information.
For good measure, Ruppersberger throws in some more fearmongering about terrorist hackers taking down power grids (even though CISPA doesn't include anything that would let the government put a common sense regulation in place, like, say, don't connect power grids to the internet) before circling back to the talking-point of Maryland's valuable medical research. Like Rogers, he plays up the imminence of the threat, claiming "it wouldn't take years from China to steal it all from us" and in fact "it could happen in mere keystrokes"—as if at any moment someone could just select "U.S. Economy" and press delete.
I have a feeling this won't be the last of these locally-focused editorials from the pro-CISPA camp. I'm rooting for a Las Vegas feature on the need to protect casino secrets, because while it would surely still be inaccurate and misleading, it might at least be interesting.