We've noted already that the big telcos love CISPA
, as it gives them widespread immunity to violate the privacy of users in handing over all sorts of information to the government. It appears that the efforts by various organizations like the ACLU, EFF and others to push back on CISPA as a blanket tool for the abuse of privacy is beginning to get to the telcos, because they've sent out their big guns -- former Congressmen and now both big telco lobbyists, Steve Largent and Rick Boucher -- to post a ridiculous, fact-lacking op-ed piece for CNN (with very little disclosure) arguing that CISPA is good for privacy
We'll get to the argument in a moment, but first, while the article correctly notes that Largent leads CTIA, and that CTIA is a DC-lobbying group for telcos, it does not note that the telcos stand to benefit by getting broad immunity under CISPA. Worse is the disclosure around Boucher. Back when Boucher was in Congress, he was actually one of the good guys
, especially on copyright issues. Yet, since losing his seat, he went to work for Sidley Austin, which is basically AT&T's legal caddie in DC. His disclosure leaves out Sidley's ridiculously close relationship with AT&T or how AT&T benefits from CISPA. Great work, CNN, making sure that your credibility continues to be at the scraping-bottom level.
As for the actual argument, let's sum it up this way: "CISPA is good for privacy, because CISPA will mean more security and security means more privacy." That's really is the argument, and it's misleading in the extreme:
The debate on cybersecurity has produced a sideshow centered around the belief that added security means a reduction in privacy.
Such views are nonsense. Quite simply, digital privacy cannot exist without cybersecurity. Weak security equals weak privacy. Want better privacy? Raise your security game to prevent hackers from stealing private data. Let the experts from the private sector and government communicate with each other so when they see threats, they can alert others and work together to create a solution.
Except... no one is complaining about experts in the private sector and the government communicating with each other. So their whole argument is based on a lie. The worry
is that CISPA also gives companies blanket immunity
for sharing personal information
of their users/customers with the government, and then allows the government to do whatever the hell it wants
with that information. That's the opposite of "good security." In fact, it guarantees that it's more likely that this information will leak and be available to bad or malicious players.
Critics don't like the fact that CISPA enables information sharing between the federal government and the private sector in order to prevent cyberattacks and to pursue cybercriminals, hackers, fraudsters and others intent on harm. As they see it, such cooperation constitutes a potential privacy invasion that is so egregious as to merit no further consideration.
That's a blatant misrepresentation of the complaints. The concern is the sharing of personal information
. Many were perfectly happy with the executive order
, which allows for greater communication -- because it does not involve companies violating the privacy of its users.
Their concerns are, no doubt, well intended. But they are also out of touch with reality and risk unintended consequences that only serve to allow cybercriminals to operate with impunity.
Who's out of touch with reality? Those of us who accurately
note the problem, or the two big telco lobbyists (who fail to note whom they're speaking for in the op-ed), who flat out misrepresent the concerns of privacy advocates?
The breadth and scale of the threat of cyberattacks on our nation's critical infrastructure -- financial institutions, electric and water utilities and air traffic control systems, to name just a few -- to say nothing of consumers' personal data, is no longer in debate
Great. If it's no debate, please point us to the evidence that there's a real risk (i.e., what is the actual harm and why can't it be taken care of currently via information sharing allowed under existing law?). We'll wait. We've been waiting. I imagine we'll be waiting some more.
Meanwhile, the avenues and opportunities by which hackers have to penetrate our networks are growing hand in hand with our increasingly mobile communications ecosystem. On the consumer side, for example, a recent study concludes more than 40% of U.S. smartphone users will click on unsafe links this year, potentially spreading malware that can steal data and dollars to their friends, family and colleagues.
And how will CISPA stop this?
Does that sound like a dynamic we would be well served to leave unaddressed? Should we keep our fingers crossed and hope things go OK? Or should we work together to provide the nation with the most effective reality-based cybersecurity we can achieve?
Again, what is the problem with existing laws that prevent us from tackling this "dynamic" today? Why does everyone refuse to answer that basic question. No one
is suggesting that companies and infrastructure providers should just "keep our fingers crossed and hope things go OK." To pretend that's what privacy advocates are saying is simply a misrepresentation of reality by two lobbyists who know exactly
what they're doing in smearing privacy advocates with lies.
Clearly, the latter is what we need: a cooperative approach, one that allows for lawful sharing of information on where, how, from whom, and in what guise cyberattacks and other forms of cybercrime are emerging so defenses can be prepared.
And... why should that involve personal information of users? And... what laws are currently blocking the necessary information sharing today? Please, do let us know. Because that's important and (not surprisingly) every CISPA supporter wants to ignore it.
At its heart, good security starts with good communication. When it comes to securing our critical infrastructure, shouldn't all parties be able to communicate with one another about what they are seeing and how attacks can be repelled?
Same questions as above.
Of course they should. That is why it so critical that Congress passes CISPA and the President signs it into law.
So... you completely misrepresent the position of privacy advocates, fail to explain why the bill is needed, pretend that the alternative to CISPA is to twiddle our thumbs and wait... and then insist that we need to pass the bill. Wow. You can take the politician out of his Congressional seat, but you can't stop the political doublespeak emanating from his mouth, apparently.
Debate is useful when it advances a discussion and removes obstacles to positive outcomes. However, to be constructive the debate must be based on reality, not abstractions.
Funny you point that out when your entire op-ed is not reality based.
Continued stasis serves no one, except hackers and those who would seek to do us harm.
"And passing blanket immunity protects our clients after we pass along private info of our clients. But let's ignore that part."
Why does CNN allow publication of such obvious crap?