A Daily news digest by Jasper van Santen

The House Will Consider a Disturbing Cybersecurity Bill | The Nation

In News, Really?!? on April 11, 2012 at 17:54

The House Will Consider a Disturbing Cybersecurity Bill 

The Rogers-Ruppersberger bill creates a “cybersecurity exception” to every federal and state law that allows private companies to share Americans’ private communications with the National Security Agency, the Pentagon, the CIA and basically any other federal agency that requests it. The Lungren bill, by contrast, limits all of the sharing to the Department of Homeland Security, a civilian agency—and this is an important distinction. The DoD’s Cybercommand, along with the NSA, are notoriously secretive and not subject to many of the transparency rules in place at DHS.

This takes the nation’s cybersecurity efforts—and all of the very delicate monitoring that goes with it—and transfers it to the military and away from civilian control.

Even more troubling, the Rogers-Ruppersberger bill doesn’t limit the type of information that can be shared to specific cyber-terrorism threats—the language is vague to the point where virtually any communication could be shared. The information simply needs to be “pertaining to the protection of” a system or network—not related to a known attack or threat. And all networks are included—not just, say, computer networks that run the power grid or control flight patterns. Since hackers often use routine Internet, this would allow ISPs to share virtually all Internet traffic with the government.

Once the government has possession of that information, it can use it however it wants—it does not necessarily need to pertain to a cyber-terrorism investigation. (The Lungren bill limits the use to “related law enforcement).”

It’s not hard to see how, if passed, the Rogers-Ruppersberger bill would allow private companies to share basically any private electronic communications it wanted with any government agency, for virtually any purpose. The ACLU, the Electronic Frontier Foundation and the Center for Democracy and Technology are launching major campaigns to stop it.

Rogers has defended his bill on the grounds that information-sharing by private companies is completely voluntary under his proposed law, which is true. But he doesn’t mention that, in exchange for sharing the information, the companies receive help from the NSA in identifying a cyber-attack—and more importantly, under Rogers’ bill the companies receive blanket immunity from any lawsuits pertaining to the sharing.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s