Latest Cybersecurity Bill Could Actually Be A Backdoor To Destroying Net Neutrality
from the bad-definitions-make-bad-law dept
Earlier this year, we wrote about the Senate's latest attempt at a cybersecurity bill, the Cybersecurity Information Sharing Act (CISA), which tries to distinguish itself from the toxic attempts to pass CISPA over the past few years. We and many others have already detailed how CISA, like the CISPAs before it, has a tremendous problem in creating perverse incentives for companies to help the government spy on people, but as a bunch of public interest groups are noting, the definitions are so broad, that the bill could actually be a backdoor way to undermine net neutrality. That's because it has an incredibly broad definition of a "cyberthreat" such that an ISP could declare, say, Netflix to be a cyberthreat, allowing it to throttle Netflix's bandwidth. Here are two key paragraphs from a letter sent by CDT, EFF and a bunch of other groups:Arbitrarily Harms Average Internet Users: The definition of “cybersecurity threat” is overbroad, and includes “any action” that may result in an unauthorized effort to adversely impact the security, confidentiality and availability of an information system or of information stored on such system. Countermeasures can be employed against such threats absent risk of liability. This could lead to use of countermeasures in response to mere terms of service violations. For example, logging into another individual’s social networking account – even with their permission – typically violates the website’s terms of service, and therefore qualifies as unauthorized access under the CFAA, and could be treated as a “cybersecurity threat.” A provision preventing this harm appeared in the July 2012 Cybersecurity Act and should be included in CISA.In other words, under the current broad definition of "cybersecurity threat," an ISP (e.g., Comcast) could argue that another service provider (e.g., Netflix) was "adversely impacting the availability" of information on its network, and thus it was going to take "any action" (e.g., throttling it down to nothing) to deal with the "threat." And, under the proposed legislation, there would be nothing anyone could do about it, as Comcast would be absolved from liability, as long as it could claim that all of that Netflix traffic was the equivalent to a cybersecurity threat according to its own definition.
Infringing on Net Neutrality Policy: Likewise, the July 2012 bill also contained provisions clarifying that nothing in the Act, including overbroad application of the terms “cybersecurity threat” and “countermeasure,” could be construed to modify or alter any Open Internet rules adopted by the Federal Communications Commission. Net neutrality is a complex topic and policy on this matter should not be set by cybersecurity legislation.
The fact that there was language in previous bills that prevented this kind of thing, but is absent from this latest bill seems quite troubling. One hopes it was just an oversight in getting the bill out -- and that seems most likely. But, given how often we've seen nefarious language sneak into certain bills, it's not out of the question that others are recognizing the opportunities to backdoor in a way to get around any possible net neutrality proposal.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cisa, cispa, cybersecurity, cyberthreats, dianne feinstein, information sharing, net neutrality
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
U.S. Government & Backdoors!
Every piece of legislation is nothing more than a damn backdoor to something else the public does not want!
I have no hope of America getting back on track short of a full on rebellion, because the American idiots are still voting in corrupt politicians.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
LOL
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Yeah, you tell yourself that. So much easier to have a handy scapegoat and ignore the real culprits. Hint: try to consider why they needed DRM in the first place.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
They're not totally blameless, but the situation is far more complicated than picking out the biggest voice as a scapegoat would ever let you understand.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
So, unless that ISP from your example is actually declaring the Netflix service "unauthorized", they'd have a hard time defending it as a cyberthreat.
Or am I too naive?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Google doesn't like the bill, so they have one of their stooges at one of their astroturf groups say something stupid to a reporter. Then they hope it goes viral. Same old stale tactics. Snore.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Instead, the only alternative views we have here are paranoid, unverified theories about Google and someone imitating a bird. Take a wild guess as to why certain viewpoints are never seriously entertained by adults?
[ link to this | view in chronology ]
Re:
unauthorized effort
Read another way, anything we decide isn't what we want them doing and can twist to be a violation of our TOS.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Bawk, bawk, bawk.......
[ link to this | view in chronology ]
Re: Bawk, bawk, bawk.......
[ link to this | view in chronology ]
Re: Re: Bawk, bawk, bawk.......
[ link to this | view in chronology ]
correction
In the last paragraph:
The fact that there was language in previous bills that presented this kind of thing,
Should that be prevented ?
[ link to this | view in chronology ]
"One hopes it was just an oversight..."
[ link to this | view in chronology ]
The problem with playing defense
[ link to this | view in chronology ]
[ link to this | view in chronology ]
cyber security is one of the important factor now a days, so we have to concentrate more on that... The intelepth group is one of the best consultant for cyber issues. For more details visit theitp.net
[ link to this | view in chronology ]