TNW has reported over the past months on cybersecurity, including the passage of CISPA in the House, failed attempts to pass a bill in the Senate, and most recently the talk of the President of the United States putting forth an executive order on the topic. The President doing so would allow for some cybersecurity issues to be addressed, along the lines of the failed Senate bill; Congressional progress, it is largely accurately assumed, is kaput on the issue until 2013.
The pressure on the leader of the Executive Branch from his own party is not inconsiderable.
“Europe's leading digital technology conference”
It's happening, Join 15k digital minds to shape what's next for your business
However, the party of his political opponents are in no way fans of such a move. Three Senators, McCain, Hutchison, and Chambliss penned an op-ed for the Wall Street Journal opposing the proposed Presidential executive order. For details on the version that is currently out for comment, head here.
The op-ed is worth highlighting as it represents one of our two political parties’ views on not just cybersecurity, but privacy and how the Internet should function; they could take back the Senate and the Presidency yet, so their views frankly matter.
Instead of responding to every section of the piece, I’ve selected its most salient and downright unsettling bits. However, we’ll begin with an untruth:
The White House is preparing an executive order on cybersecurity that unilaterally imposes more mandates and regulations on the private economy.
Well, no, the executive order, in its most current reported form in fact depends on voluntary standards and cooperation. As The Hill noted recently:
“The draft order proposes to create a voluntary program where operators of critical infrastructure would elect to meet a set of sector-specific security standards crafted by the government, with input from the private sector.”
Thus, that bit and the claim that “the Obama administration is readying plans to tighten the government’s grip” are at best overreach, or are lies, depending on how you think. Let’s go again:
The Senate needs to follow the lead of the House and pass a bipartisan bill that includes clear authority to do so, and provides liability protections to allow the private sector and government to better share cyber-threat information.
We’ll get to the sharing part in a minute, but that sentence is also untrue. As TNW reported on the passage of CISPA:
CISPA, the Cyber Intelligence Sharing and Protection Act, has just passed the House by a vote of 248 to 168. The vote was largely along partisan lines, with some leaking.
Yep, not bi-partisan, or anything close to it. In fact, calling that vote anything less than ‘completely partisan’ is a lie. Even more, the paean to ‘bipartisan’ action itself is untrue. CISPA was pushed through the House by the GOP so quickly it lost cosponsors, including four Democrats.
Thus, to call upon the Senate to act like the House on cybersecurity, we would have to ask the Democrats to ram through a bill that the President promises to veto (as with CISPA), to ensure that it is a partisan law (as with CISPA), and also make certain that the minority party votes against it (as with CISPA). What are these Senators talking about?
That’s all political bullshit, essentially, the usual lies that we allow as part of discourse because we don’t unelect people whose connection to the truth has been severed and replaced with a cocoon of spin. Now, to the scarier parts.
If you recall, one of the reasons that CISPA was a bill that left many uncomfortable was that it built a conduit for private information to end up in the hands of the country’s intelligence agencies. I once again turn to Lifehacker’s succinct summary:
If passed, CISPA would amend the National Security Act of 1947 to allow government agencies to swap customer data from Internet service providers and websites if that data is a threat to “cyber-security.” On a basic level the bill is meant to provide a means for companies and the government to share information with one another to fight against cyber threats.
TechDirt, tell us why that’s scary:
[W]hile the reps insist that the bill only applies to companies and not individuals, that’s very disingenuous. CISPA states that the entity providing the information cannot be an individual or be working for an individual, but the data they share (traffic, user activity, etc.) will absolutely include information about individuals.
[T]he government is also allowed to affirmatively search the information for those same reasons—meaning they are by no means limited to examining the data in relation to a specific threat. If, for example, a company were to provide logs of a major attack on their network, the government could then search that information for pretty much anything else they want.
Ding ding, that’s why privacy advocates vitriolically opposed CISPA: it would give free rein over private information to clandestine parts of the government. Not so good. We now return to our Senators and their piece:
[The President’s approach is wrong as] it cannot fully address the one area most critical to improving cybersecurity—enhancing the sharing of cyber-threat information among private firms and with the government.
This is very upfront: The Senators are calling for more data sharing, the exact thing that was worrisome enough about CISPA that the President promised to can it, and cost it 6 cosponors on its way to passage. Let’s keep going:
Today, sharing is significantly constrained because of legal hurdles. These include antitrust laws that preclude companies from working together to prevent cyber threats, and statutory limitations on when and what kind of information can be shared with government.
Companies must first check with their lawyers before sharing information for fear of litigation, not just from customers or shareholders but from federal and state governments as well. The net impact is that critical cyber-threat information is not shared in a timely manner or worse, not shared at all.
Responsibly removing these legal hurdles is at the core of the SECURE IT Act, which provides essential liability protections for companies that share cyber-threat information.
I quoted that without excision because I want it to sink in.
What is being argued here is the tearing down of the walls between your private information and the government. Even better, the SECURE IT Act would provide legal cover for firms that get sued by individuals for breaching their privacy.
This was published yesterday in one of the leading newspaper of the United States, by three exceptionally senior and influential Senators of one of our two parties. Untruths and bad policy are what it contains. Think on that.
Top Image Credit: Dave Newman