NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Stopping Congress' Cybersecurity CISPA Nightmare

              Stopping Congress' Cybersecurity CISPA Nightmare


In the wake of the 9/11 tragedies, the U.S. Congress rushed to quickly
pass the ostensibly anti-terrorism PATRIOT Act.  While we can
reasonably view their motives as mostly virtuous at the time, over the
years many observers have come to view PATRIOT as a classic example of
bad, knee-jerk legislation, that had far more of an impact in terms of
damaging the civil liberties of honest citizens than it did genuinely
fighting true terrorism.

In their scramble yesterday to pass "CISPA" -- H.R. 3523: The Cyber
Intelligence Sharing and Protection Act of 2011 -- Congress' House of
Representatives has created a framework for attacks on civil rights
and privacy that not only far exceed the abusive potential of the much
despised (and currently sidelined) SOPA and PIPA legislation, but also
that of PATRIOT itself ( http://j.mp/IF7Nvq [U.S. House (PDF)] ).

It didn't have to be this way.  We can all acknowledge that
cybersecurity is a serious issue, and that real cybersecurity threats
do exist.

But as I've noted in "CISPA, Cybersecurity, and the Devil in the Dark"
( http://j.mp/HIO8ud [Lauren's Blog] ) and elsewhere, cybersecurity
has become a new target for exploitation by intelligence agencies and
commercial profiteers alike, and CISPA legislation in particular has
seemed increasingly problematic from the word go.

The rumor was that various amendments would be added to CISPA before
yesterday's House vote, to correct some of the more egregious privacy
problems contained in the main legislation.

Instead, in an absolutely stunning display of disrespect for
legitimate privacy concerns and other civil rights, the House not only
failed to make the legislation better before passing it by a 
248 to 168 margin, but by voice vote they actually made it 
more dangerous and outrageous ( http://j.mp/Istmv2 [TechDirt] ).

The result is one of the most toxic witch's brews against civil rights
and privacy as can be imagined.

Overriding decades of privacy protections in current law, CISPA would
now permit firms and other organizations to hand over to authorities
vast quantities of your personal Internet communications --
essentially any and all of it -- whenever it is felt that essentially
undefined "cybersecurity" events are at hand.  No judges, no warrants,
no probable cause required.

High school student trying to crack a system to download a game for
free?  Cyberattack declared!

Misconfigured hardware or software causing a denial of service
problem?  Cyberattack declared!

Anything that seems at all out of the ordinary and you want to pass
the buck as quickly as possible?  Cyberattack declared!

It's obvious that with only a modicum of imagination it will be
trivial to declare a cyberattack or other "cybersecurity event" to
trigger CISPA virtually on demand.

But wait, it gets better (as Darth Vader might say).  All of this
personal Internet data turned over to the government isn't restricted
to fighting cybersecurity attacks per se.

Not only can it be shared with intelligence agencies, where it will
tickle and enhance vast databases the names of which we couldn't even
imagine without an SCIF clearance, but this data could also now be
used for a vast range of other purposes, even including (somehow you
knew Congress was going to work this in there somehow) fighting child

And any entities sharing your private data with the government under
CISPA are covered by broad liability immunities in the legislation,
that will encourage them to divulge private data first and ask
questions ... maybe never.

We all want to protect against real cyberattacks, child porn, and

But CISPA has evolved -- especially after the House's actions
yesterday before passage -- into one of the most potent spying and
civil liberties adverse pieces of legislation ever proposed, much less
passed by a branch of Congress.

In light of this, firms who expressed support for CISPA in the past
would be wise to reevaluate their positions, and those who have taken
a neutral stance might now wish to at least consider a formal
statement against the legislation in the form passed by the House.

The U.S. Senate has yet to take action on CISPA, and President Obama
was threatening to possibly veto it even before the House's travesties
of yesterday.

But if you objected to SOPA and PIPA, if you care about the privacy of
your Internet communications, this is no time to be on the sidelines.

Tell your Senators and the President in no uncertain terms that you
want appropriate cybersecurity legislation, but that you are unwilling
to flush your civil rights down the toilet in the process.  And do
keep in mind who voted for CISPA in the House.  You may want to
express your displeasure to them as well.

CISPA has become a dramatic demonstration of good intentions on the
part of some being warped by the bad and greedy intentions of others,
and of Congress -- at least the House of Representatives -- seeming to
show a disdain of liberty that is awesome in its recklessness.

Like I said, it didn't have to be this way.  We do definitely need
responsible legislation dealing with serious cybersecurity issues --
no doubt about it.

Yet without major changes to protect our rights, CISPA is a trap, a
pit in the darkness, a nightmare in waiting for us all.

CISPA and its kin must be definitively, absolutely, and unambiguously
stopped in their tracks.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Data Wisdom Explorers League: http://www.dwel.org
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com

nnsquad mailing list