• United States



Dear Congress: Please keep your dirty hands off cybersecurity, email privacy

Nov 20, 20124 mins
Data and Information SecurityIT LeadershipPrivacy

Some continue to cry out for Congress to pass a cybersecurity law. But as the latest Tom-foolery over an email privacy bill demonstrates, the best thing Congress can do is nothing.

A recent headline on this very site declared that final attempts to pass cybersecurity legislation this year appeared doomed. The tone seemed mournful. But if anyone was saddened by the turn of events, it sure as heck wasn’t me.

I’ve been railing against the Cybersecurity Act of 2012 and  the proposed Cyber Intelligence Sharing and Protection Act all year. I wrote earlier that the various legislative efforts were unfit for passage — unfit to line the bottom of a bird cage, for that matter.  The simple reason: Every shred of legislation I’ve seen this year overeached. CISPA, for example, was as bad as The PATRIOT Act and the SOPA-PIPA legislation that sparked so much outrage that it was tabled despite early, overwhelming support in Congress. I wrote at the time:

Fear is always the spark that ignites the push for insidious laws. The PATRIOT Act comes to mind. So does the thankfully-tabled SOPA -PIPA legislation in that the entertainment industry was frightened by changes in how we get our music and videos and lobbied for censorship legislation instead of working on a better business model.

Now we’re scared over cybersecurity. We’re not in the state of blind fear we were in after 9-11, but we’re scared enough to do something stupid. 

After 9-11, all we saw on the news were reports of another spectacular attack in the works and how terrorists were looking for nuclear, chemical and biological weapons so they could kill millions more. Frightened numb, we allowed Congress to pass the PATRIOT Act — a law that empowered the government to spy on us like never before.

We didn’t care, because we wanted to be safe.

Now all we hear about are the attacks evil hackers are planning: downing the power grid in political protest, siphoning bank accounts dry; Chinese operatives hijacking American defense systems and, worst of all — terrorists taking down the entire Internet we’ve all become so dependent upon.

–Read the full post: “Need proof that CISPA stinks? Open your history books

In an  atmosphere of fear, Congress will chip away at our freedoms every time.

This week, we have more proof that Congress is woefully inept on this matter.

In a CNet article written by Declan McCullagh, we see Patrick Leahy, the powerful Democratic chairman of the Senate Judiciary committee, dramatically tinkering with his email privacy protection legislation in response to law enforcement concerns. The result is a bill that does the exact opposite of protecting our email privacy. From Declan’s article:

Leahy’s rewritten bill would allow more than 22 agencies — including the Securities and Exchange Commission and the Federal Communications Commission — to access Americans’ e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant. It also would give the FBI and Homeland Security more authority, in some circumstances, to gain full access to Internet accounts without notifying either the owner or a judge.

It’s an abrupt departure from Leahy’s earlier approach, which required police to obtain a search warrant backed by probable cause before they could read the contents of e-mail or other communications. The Vermont Democrat boasted last year that his bill “provides enhanced privacy protections for American consumers by… requiring that the government obtain a search warrant.”

Leahy had planned a vote on an earlier version of his bill, designed to update a pair of 1980s-vintage surveillance laws, in late September. But after law enforcement groups including the National District Attorneys’ Association and the National Sheriffs’ Association organizations objected to the legislation and asked him to “reconsider acting” on it, Leahy pushed back the vote and reworked the bill as a package of amendments to be offered next Thursday.

If that doesn’t convince you that Congress is incapable of dealing rationally with cybersecurity and privacy, nothing will.