Latest Cybersecurity Bill Could Actually Be A Backdoor To Destroying Net Neutrality

from the bad-definitions-make-bad-law dept

Earlier this year, we wrote about the Senate's latest attempt at a cybersecurity bill, the Cybersecurity Information Sharing Act (CISA), which tries to distinguish itself from the toxic attempts to pass CISPA over the past few years. We and many others have already detailed how CISA, like the CISPAs before it, has a tremendous problem in creating perverse incentives for companies to help the government spy on people, but as a bunch of public interest groups are noting, the definitions are so broad, that the bill could actually be a backdoor way to undermine net neutrality. That's because it has an incredibly broad definition of a "cyberthreat" such that an ISP could declare, say, Netflix to be a cyberthreat, allowing it to throttle Netflix's bandwidth. Here are two key paragraphs from a letter sent by CDT, EFF and a bunch of other groups:
Arbitrarily Harms Average Internet Users: The definition of “cybersecurity threat” is overbroad, and includes “any action” that may result in an unauthorized effort to adversely impact the security, confidentiality and availability of an information system or of information stored on such system. Countermeasures can be employed against such threats absent risk of liability. This could lead to use of countermeasures in response to mere terms of service violations. For example, logging into another individual’s social networking account – even with their permission – typically violates the website’s terms of service, and therefore qualifies as unauthorized access under the CFAA, and could be treated as a “cybersecurity threat.” A provision preventing this harm appeared in the July 2012 Cybersecurity Act and should be included in CISA.

Infringing on Net Neutrality Policy: Likewise, the July 2012 bill also contained provisions clarifying that nothing in the Act, including overbroad application of the terms “cybersecurity threat” and “countermeasure,” could be construed to modify or alter any Open Internet rules adopted by the Federal Communications Commission. Net neutrality is a complex topic and policy on this matter should not be set by cybersecurity legislation.
In other words, under the current broad definition of "cybersecurity threat," an ISP (e.g., Comcast) could argue that another service provider (e.g., Netflix) was "adversely impacting the availability" of information on its network, and thus it was going to take "any action" (e.g., throttling it down to nothing) to deal with the "threat." And, under the proposed legislation, there would be nothing anyone could do about it, as Comcast would be absolved from liability, as long as it could claim that all of that Netflix traffic was the equivalent to a cybersecurity threat according to its own definition.

The fact that there was language in previous bills that prevented this kind of thing, but is absent from this latest bill seems quite troubling. One hopes it was just an oversight in getting the bill out -- and that seems most likely. But, given how often we've seen nefarious language sneak into certain bills, it's not out of the question that others are recognizing the opportunities to backdoor in a way to get around any possible net neutrality proposal.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 5:50am

    Guess who paid for this law?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 5:53am

    U.S. Government & Backdoors!

    One and the same by now.

    Every piece of legislation is nothing more than a damn backdoor to something else the public does not want!

    I have no hope of America getting back on track short of a full on rebellion, because the American idiots are still voting in corrupt politicians.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 5:57am

    watch how Microsoft just killed no-ip, and wonder how much worse it is going to get.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 6:12am

    "An ISP could declare, say, Netflix to be a cyberthreat"

    LOL

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 6:22am

    I already consider Netflix a "cyberthreat", seeing how they have almost single-handedly pushed for DRM on the web and into the W3C standards.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 6:46am

    I'm all for net neutrality, but I think you're maybe a bit too worried here. See, there is that word "unauthorized" in the definition of a cyberthreat...

    The definition of "cybersecurity threat" is overbroad, and includes "any action" that may result in an unauthorized effort to adversely impact the security,...


    So, unless that ISP from your example is actually declaring the Netflix service "unauthorized", they'd have a hard time defending it as a cyberthreat.

    Or am I too naive?

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    PaulT (profile), Jul 1st, 2014 @ 7:05am

    Re:

    "almost single-handedly pushed for DRM"

    Yeah, you tell yourself that. So much easier to have a handy scapegoat and ignore the real culprits. Hint: try to consider why they needed DRM in the first place.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 7:12am

    Re:

    I think you're being naive. Consider how much damage both Comcast and Verizon have attempted to do simply by not upgrading their infrastructue in accordance with their contracts with municipalities.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Pixelation, Jul 1st, 2014 @ 7:16am

    Re:

    "So, unless that ISP from your example is actually declaring the Netflix service "unauthorized", they'd have a hard time defending it as a cyberthreat."

    unauthorized effort

    Read another way, anything we decide isn't what we want them doing and can twist to be a violation of our TOS.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 7:17am

    Re: Re:

    Demands for control from the rights-holders who are set upon throwing away real money to chase imaginary profits? It wouldn't be the first time that they demanded its insertion.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    PaulT (profile), Jul 1st, 2014 @ 7:44am

    Re: Re: Re:

    Indeed. Blaming Netflix alone is certainly very short sighted, since all they've been trying to do is get away from Silverlight, and the copyright licence holders won't let them use a non-DRM solution.

    They're not totally blameless, but the situation is far more complicated than picking out the biggest voice as a scapegoat would ever let you understand.

     

    reply to this | link to this | view in thread ]

  12. This comment has been flagged by the community. Click here to show it
     
    identicon
    Chicken Little, Jul 1st, 2014 @ 8:07am

    Bawk, bawk, bawk.......

    Oh my God.... the sky really is falling!!!!!!

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 8:21am

    Re:

    Given the way they try to double-dip, it seems the ISPs do consider Netflix unauthorized. "Our customers ordered it" doesn't count as permission, it seems.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    PaulT (profile), Jul 1st, 2014 @ 8:22am

    Re: Bawk, bawk, bawk.......

    I wondered when the trolls would stop pretending to be interested in real discussions and start imitating farmyard animals again.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Michael, Jul 1st, 2014 @ 8:39am

    Re: Re: Bawk, bawk, bawk.......

    This is not a troll, it is a cock.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    twinsdad9901 (profile), Jul 1st, 2014 @ 8:48am

    correction

    Mike:
    In the last paragraph:

    The fact that there was language in previous bills that presented this kind of thing,

    Should that be prevented ?

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 8:51am

    "One hopes it was just an oversight..."

    [echoes of insane laughter fill distance]

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    John Fenderson (profile), Jul 1st, 2014 @ 9:22am

    Re: Re:

    I understand Netflix' motivation, but it's hard to forgive them (and the other big players behind this) for their willingness to poison the HTML standards in order to protect their profits.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Josh in CharlotteNC (profile), Jul 1st, 2014 @ 10:28am

    Re: Re:

    Wouldn't that make ISPs not upgrading their own networks the cyberthreats?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jul 1st, 2014 @ 10:53am

    Re: Re:

    No, he's not being naive, he's being logical. He must be new here.

    Google doesn't like the bill, so they have one of their stooges at one of their astroturf groups say something stupid to a reporter. Then they hope it goes viral. Same old stale tactics. Snore.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    DOlz (profile), Jul 1st, 2014 @ 11:37am

    The problem with playing defense

    They’re going to keep trying to get this crap passed. They only have to succeed once and then even if we manage to get rid of it there will have been irreparable damge done.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    John Fenderson (profile), Jul 1st, 2014 @ 11:54am

    Re: Re: Re:

    You're missing a real opportunity here. If you just showed us any sort of evidence that what you say is true -- or even better, something approaching proof, you'd be able to enjoy reading everyone here badmouthing Google.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    PaulT (profile), Jul 2nd, 2014 @ 2:46am

    Re: Re: Re: Re:

    Indeed. Most people here are genuinely interested in the facts, and a simple alternative explanation backed with verifiable facts would actually change the discussion and even the viewpoints of others.

    Instead, the only alternative views we have here are paranoid, unverified theories about Google and someone imitating a bird. Take a wild guess as to why certain viewpoints are never seriously entertained by adults?

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Jul 9th, 2014 @ 8:03pm

    It looks like the CISPA backdoor has passed the Senate Intelligence Committee.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    richardson, Jul 29th, 2014 @ 2:03am

    Thank you for this important article Mr.mike ...
    cyber security is one of the important factor now a days, so we have to concentrate more on that... The intelepth group is one of the best consultant for cyber issues. For more details visit theitp.net

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.