As the nation's attention was on the Boston Marathon bombings last week, The U.S. House of Representatives quietly passed a cybersecurity bill that is nothing more than a license for the government and private entities to spy on citizens and customers. It faces a tougher path in the Senate and at the White House, but plenty can go wrong as the bill makes its way to the other end of Pennsylvania Avenue.
On the surface, The Cyber Intelligence Sharing and Protection Act (CISPA) is about fighting back against those who would attack our online infrastructure. It's stated objective is to bolster sharing of Internet traffic intelligence between the U.S. government and technology and manufacturing companies.
We've heard about the government's call for more information sharing quite a bit. Here's the problem: Many in private industry already share their data. The government doesn't share back. I've heard from many a CSO in the past year about this. They'll send nuggets of information to the FBI, for example, only to hit a wall when trying to get the agency to return the favor.
Information sharing only works when the information flows from both directions.
But that's not why I consider this legislation bogus. The main problem is that this bill, if made law, will be a civil liberties killer.
Privacy groups correctly point out that CISPA would let private companies share a broad range of customer data with each other and with government agencies. It does not require companies to scrub unnecessary customer information from what they share, and it includes too much protection from lawsuits for companies that share.
People love to complain that Congress is an impotent institution that can't get anything done. The Senate is often criticized for being too slow. That's not such a bad thing when you have legislation like this. As a friend recently noted on Twitter, legislative gridlock is necessary to protect the public from laws that can harm us.
President Obama is threatening to veto CISPA if passed as written by both houses of Congress. For now, he is siding with civil liberties advocates. But I don't trust a president who has been willing to use military drones against Americans.
And so we all need to make our voices heard.
Read the whole bill, which I link to above. If you disagree with my assessment, feel free to tell me so. But once you've read this thing, I'm confident you too will be left wondering how such a law will protect us from those who inevitably misuse data they're not entitled to.