A bunch of groups are teaming up this week to call for a week of action against CISPA
just as Congress is gearing up, yet again, to push through this cybersecurity bill based on a lot of FUD, with little to back it up. To be clear, there are a lot of challenges around online (can we dump the stupid "cyber" prefix?) security out there, and it's clear that there is plenty of malicious and government-sponsored hacking and attacks. But we need to put this all in perspective. First off, there is already tremendous incentive to combat these attacks, and there are existing methods to do so. Second, no one has given a reasonable response to explain how something like CISPA will do anything
at all to help prevent such attacks in the future. Third, while these attacks may be economically damaging, there is little evidence of them creating real physical harm to date. That's not to say it's not possible in the future, but stories of airplanes falling from the sky are quite exaggerated. Fourth, and most importantly, no one has explained why we all need to sacrifice our own privacy for these vague and undefined benefits.
A bunch of groups are fighting this, and now is the time to take part. EFF and Fight for the Future have put together a simple page to help you take action
. As they point out there are three key objectionable parts to CISPA:
- Eviscerating existing privacy laws by giving overly broad legal immunity to companies who share users' private information, including the content of communications, with the government.
- Authorizing companies to disclose users' data directly to the NSA, a military agency that operates secretly and without public accountability.
- Broad definitions that allow users' sensitive personal information to be used for a range of purposes, including for "national security," not just computer and network security.
None of these are even remotely necessary to allow for effectively combating online attacks, but all certainly would be quite handy in helping the government snoop on the activities of citizens (and non-citizens) without much oversight. Considering how often we've seen other laws passed in a flurry of FUD around other "threats" later turn out to be abused by government officials for the sake of snooping, rather than any legitimate reason, we should be very concerned about these efforts here.