You'd think the media would make more of a meal of it but only the tech blogs are picking it up so far: CISPA, the American catch-all surveillance law, has passed in Congress. It needs to be passed by the Senate and ratified by the President to make it the law of the land. The question is, will it?
CISPA is "needed to stop the Chinese government from stealing our stuff. They're "stealing the value and prosperity of America." - Rep. Mike Rogers (R-Mich.), in a CNET article.
Okay, but there's no mention of foreign anything in that bill. Here's the latest round of amendments.
...described as limiting the government's power, ... it in fact expands it by adding more items to the list of acceptable purposes for which shared information can be used. Even more astonishingly, it passed with a near-unanimous vote. The CISPA that was just approved by the House is much worse than the CISPA being discussed as recently as this morning. - Leigh Beadon, Techdirt
Nope, nothing foreign there. And that's the problem. CISPA is riddled with FUD and "think of the children" and described as a cybersecurity law when it's actually all about spying on American citizens. Indeed, its author is so aware of its real intent that when Rep. Sheila Jackson Lee proposed an amendment giving Homeland Security sweeping data acquisition and retention powers, Rogers attacked it as "Big Brother on steroids."
"This would be the government tracking communications, your medical records from the Veterans Association, your IRS forms coming in and out of the federal government," Rogers said. "This is exactly what scares people." - Mike Rogers in CNET.
What's wrong with it?
...it would usher in a new era of information sharing between companies and government agencies -- with limited oversight and privacy safeguards. The House Rules committee yesterday rejected a series of modestly pro-privacy amendments, which led a coalition of civil-liberties groups to complain that "amendments that are imperative won't even be considered" in a letter today. - CNET
The vague wording doesn't help.
In a statement that we issued just after the House vote, ACLU legislative counsel Michelle Richardson stated, “CISPA goes too far for little reason. Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.” - ACLU
The lack of accountability and the rushing through doesn't do a lot to assuage public concerns.
What about cybersecurity?
Sensible measures are being adopted, but not in CISPA.
A secure communications channel set up to prevent misunderstandings that might lead to nuclear war is likely to expand to handling new kinds of conflict — in cyberspace.
The Nuclear Risk Reduction Center, established in 1988 under President Ronald Reagan so that Washington and Moscow could alert each other to missile tests and space launches that could be mistaken as acts of aggression, would take a central role in an agreement nearing completion between U.S. and Russian negotiators.
Most key elements of the deal, which could be final in several weeks, are settled, said U.S. officials familiar with the talks. - Washington Post
Now this makes sense. These talks have not been widely reported but they're very important and represent a reasonable approach to online threats. Instead of ramping up FUD, they deal with the issues as they are.
CISPA has got to go to the senate, then the President considers whether or not to sign it into law. President Obama has threatened to veto it, and hopefully he will. It's not a security bill at all, it's a surveillance catch-all, it's unconstitutional and has no place in a democratic society.