CISPA Wouldn't Actually Solve The Reasons Congress Is Giving For Why We Need CISPA

from the it's-the-little-things... dept

As expected, Representatives Mike Rogers and Dutch Ruppersberger have reintroduced CISPA, exactly as it was when it passed the House last year. Incredibly, we've been hearing that they've brushed off the massive privacy concerns by claiming that those were all "fixed" in the final version of the bill that got approved. This is highly disingenuous. While it is true that they made some modifications to the bill at the very end before it got approved, most privacy watchers were (and are) still very concerned. They did convince one organization to flip-flop, and they seem to think that's all they need.

But, here's the thing that no one has done yet: explain why this bill is needed. With President Obama's executive order in place, the government can more easily share threat info with companies, so really the only thing that CISPA piles on is more incentives for companies to cough up private information to the government with little in the way of oversight or restrictions on how that information can be used. And given how frequently the government likes to cry "cyberattack" when it's simply not true, it's only a matter of time before they start using claims of "cyberthreat!" to troll through private information.

And they still refuse to explain why this is needed. We hear lots of scare stories, but no explanation for how this bill helps. For example, Ruppersberger has written up an oped for the Baltimore Sun in which he lays out the reasons we need CISPA, but it's all scare stories, without a single explanation for how CISPA would help. And that's because it wouldn't.
March: Hackers allegedly steal the credit card numbers from 1.5 million Visa and MasterCard customers by breaking into the computer systems of the company's payment processor in New York. The thieves stockpiled the stolen credit card numbers for months before beginning to use them.
Payment processors already have some of the best security people in the world and have a large and widespread community of folks who do nothing but think about security issues for this industry. At what point would that lead the payment processor or Visa or Mastercard to need to hand information over to the government?
August: Cyber attackers disrupt production from Saudi Aramco, the world's largest exporter of crude oil, taking out 30,000 computers in the process, according to press reports.
Saudi Aramco is a Saudi Arabian company. Not sure why they would be sharing info with the US government or how CISPA would relate to them at all.
January: PNC Bank announces to its 5 million customers that its website is getting hit with high traffic consistent of a cyber attack meant to delay business with its online banking customers.
Again, why would PNC need to give information to the government? And, if they could alert their customers to the threat, they can also alert the government. None of that requires the ability to share customer info.
These are just three reported examples of cyber attacks in the past 12 months. Each could have had a devastating impact on the U.S. and global economies. That's more than a bad dream — that's a full-blown nightmare.
These are just three scare stories of cyber attacks in the past 12 months, none of which would have been impacted by CISPA. So why do we need it again?
Highly trained Chinese, Russian and Iranian hackers are probing, pilfering and plotting every second of every day. They're often after personal data: In November, reports suggested a hacker was able to access nearly 4 million tax returns in South Carolina with a single malicious email. And they're often after the trade secrets of our companies: The media has reported that Coca-Cola may have fallen victim to hackers from a Chinese beverage company.
Again, what does any of that have to do with CISPA?
Many believe that what is happening to American business may be the largest transfer of wealth in the history of the world. It's costing our companies billions of dollars, and it's costing our country thousands of jobs.
Many believe that's pure hogwash. It's not the largest transfer of wealth in the history of the world. It's not costing companies billions of dollars and it's certainly not costing our country thousands of jobs.
Preventing the U.S. government from sharing information about malicious computer code it detects is akin to preventing forecasters from warning citizens about a hurricane.
Except the government already could share a lot of information, and with the executive order can now share more. So why do we need CISPA?
Our legislation doesn't just protect companies. It will also protect every American citizen who, for example, uses electricity or banks online, or whose doctor compiles medical records electronically.
How? It's a serious question. You can talk about all of these hacks, and you can say "yay, cybersecurity bill!" but if you don't explain specifically how that bill does anything to actually stop those attacks or to protect Americans, you're full of it.
It's important to note that under my legislation, your private information will also be kept private from the government. Information-sharing between companies and the government will be entirely voluntary. Businesses do not have to share information with the government in order to receive information from the government. The bill does not authorize the government to monitor your computer or read your email, Tweets or Facebook posts. Nor does it authorize the government to shut down websites or require companies to turn over personal information.
The first sentence is simply not true. Your private information can be shared with the government, so to say that it absolutely will be kept private is simply wrong. The second and third sentences are misleading. Yes, the information sharing is "voluntary" but since there are broad immunity exemptions, if the government is coming to most companies and saying "share this info for cybersecurity reasons, and you can't get sued for doing so," how many companies are going to stand up to the government and say no? There may be a very small number, but for the most part, companies will hand over the info. The fourth and fifth sentences are simply meaningless, because they are unrelated to the legitimate privacy concerns raised.

Once again, we're left in the same boat as before. Lots of scare stories but no explanation of why CISPA is needed or how it actually helps. The whole thing is just way too broad, with vague justifications that simply don't make much sense when you look at the actual threats compared to what the bill would allow.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cispa, congress, cyberattacks, cybersecurity, dutch ruppersberger, mike rogers, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    radarmonkey (profile), 14 Feb 2013 @ 11:18am

    Is congress ever going to learn that to fight the real problem, we do not need more privacy-eroding laws, but more IT professionals to block the intrusions in the first place? Support the first line of defense!

    link to this | view in chronology ]

    • icon
      Tex Arcana (profile), 15 Feb 2013 @ 12:32pm

      Re:

      Nope, because they are not interested in doing the best thing FOR THE PEOPLE; they are only interested in doing what puts more money in their pockets, no matter the source of the bribes. And they are being bribed to do this.

      As said in "History of the World, Part 1": "FUCK THE POOR!"

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2013 @ 11:20am

    Why CISPA

    There is all this data on computers that the security forces want to get hold of. Only we can't admit this directly, so lets dig ups as many scare stories as possible to justify the bill.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2013 @ 11:24am

    I know asking the simple how/why questions seem like common sense, but common sense doesn't write bills, professional bullshitters do.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2013 @ 11:24am

    usual situation, then. politicians want something, that something wont do what they say it will but it will be detrimental to the ordinary people. what more reason do they want? what chance is there of keep doing 'SOPA' defeats? at a guess, not a lot. politicians know that people get fed up of fighting, that's why they keep pushing and re-pushing. they know that eventually, what they want will be achieved, simply because we cant carry on fighting them

    link to this | view in chronology ]

  • icon
    iambinarymind (profile), 14 Feb 2013 @ 11:35am

    True Reason for CISPA?

    To give the people calling themselves "government" more power and control.

    It's as simple as that.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2013 @ 12:29pm

    CISPA is completely unnecessary, disconnect all critical infrastructure from the Internet. Bingo, problems solved.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 14 Feb 2013 @ 1:54pm

      Re:

      Yes. That this solution isn't considered is part of a disturbing trend I've been seeing for a while now.

      1) Develop an obviously dangerous or unworkable solution.
      2) Discover that it's dangerous or unworkable
      3) Get laws passed to make the danger illegal

      .. when the only correct procedure is, if you get to step 2, to stop using that solution.

      link to this | view in chronology ]

  • identicon
    Eykal, 14 Feb 2013 @ 1:27pm

    So, basically CISPA is like telling your neighbor you need access to their house at all times because you heard someone in another state got their dumpster knocked over by some hooligans.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2013 @ 1:59pm

    "Many believe that what is happening to American business may be the largest transfer of wealth in the history of the world."
    Many children believe in unicorns, does that make it any more real? I KNOW this is an incomplete thought, because it doesn't even describe who the transfer or wealth is from and to. It could be transfer of wealth of parents to their kids. I don't know what dollar value you put on inheriting an entire kingdom including the serfs and slaves that go with it, but if a human life is priceless, then inheriting a country full of people kinda blows any modern wealth transfer out of the water.

    "It's costing our companies billions of dollars, and it's costing our country thousands of jobs. "
    This is nicely worded to make it sound like this is a fact, and the other is just a mere belief, when they are both unproven indefensible ideas pulled out of the air.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2013 @ 6:47pm

    It's almost as if the people pushing CISPA don't know what the text of the bill says and don't care.

    link to this | view in chronology ]

  • identicon
    Ox, 14 Feb 2013 @ 7:11pm

    I'm confused on one part on this, possibly cuz i'm tired but he says that this info can be 'volunteered' and is not forced. if that's true then why is this legislation even required at all?

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 15 Feb 2013 @ 12:54am

      Re:

      It's due to those pesky 'privacy protection laws' and whatnot getting in the way.

      See currently, if companies handed over a ton of private information from their customers, they would be open to being sued, which would provide plenty of incentive for a company to refuse to hand over, or at least refuse to do so without a warrant, such data any time the government 'asked'.

      However if they were given immunity, then suddenly the incentive goes the other way, where they might have to worry about potential lawsuits from the government for not handing over the data, but none from their customers if they do.

      link to this | view in chronology ]

      • identicon
        Ox, 15 Feb 2013 @ 4:08am

        Re: Re:

        Ah, thanks Guy. That cleared it up for me. I was only able to brisk through the article as I was on break at work and tired.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2013 @ 8:46pm

    "Preventing the U.S. government from sharing information about malicious computer code it detects is akin to preventing forecasters from warning citizens about a hurricane. "

    This one truly blew me away. What is the Purpose of US-Cert? (http://www.us-cert.gov/) Is this not the organization responsible to post critical vulnerabilities to informed IT people so that they can correct them before they are exploited. I get these emails at least monthly during MS's update Tuesday, and various other times from Cisco, Adobe, Sun, Juniper, etc, etc, etc.... If companies don't update their code, than it's the public's responsibility to shame them into doing so. Just look at Apple during the Dan Kaminsky DNS vulnerability: http://tidbits.com/article/9706. (First one that comes to mind, so not trying to bash anyone.)

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Feb 2013 @ 11:32pm

    Highly trained Chinese, Russian and Iranian hackers are probing, pilfering and plotting every second of every day.


    And we want in!

    link to this | view in chronology ]

  • icon
    Ninja (profile), 15 Feb 2013 @ 1:52am

    If those Senators read this article...

    They'll just start saying: "But... But... The children! Yes, we must do it for the children!"

    link to this | view in chronology ]

  • identicon
    Tyler, 15 Feb 2013 @ 5:54am

    There's a White House petition to against CISPA at http://wh.gov/dmY6 please sign and share.

    link to this | view in chronology ]

  • icon
    nasch (profile), 15 Feb 2013 @ 7:55am

    Hogwash

    "Many believe that what is happening to American business may be the largest transfer of wealth in the history of the world. It's costing our companies billions of dollars, and it's costing our country thousands of jobs. "

    Many believe that's pure hogwash.

    Oh, don't worry, that was not intended to be a factual statement.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Feb 2013 @ 10:58am

    why do they waste their time on these bills? Well, lets see lets do something to help the economy. No, we need to keep protecting the rights of the rich folks who vote for us and put us in office. America, the morality of it all

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.