Why the Latest Senate Cybersecurity Bill is a Joke

No one appears to be happy with the revised Cyber Intelligence Sharing and Protect Act (CISPA) that is about to be voted on in the U.S. Senate. And yet, this version will probably get passed. Count me among the not happy. The new version includes just as much stupidity as earlier ones.

First, we would get a giant, brand-spanking-new pile of steaming bureaucracy called the National Cybersecurity Council (NCC). The NCC’s mission would be to assess vulnerabilities in computer systems of critical infrastructure. (In my house that includes the TV remote.) The council would have representatives from every major related agency, except perhaps the National Park Service. It will be chaired by the Homeland Security Secretary (oh joy) and, as The Hill reports, it will “include members from the Pentagon, Department of Commerce, Justice Department, intelligence community and federal regulatory agencies that oversee critical infrastructure for specific sectors.”

Whether this is a good or bad thing depends largely on how you feel about inefficient and wasteful government spending. I bet it would take this group six months to order a pizza–and it would cost an additional half-billion dollars to add pepperoni.

Some poor soul at the Electronic Frontier Foundation (EFF) read all 211 pages of the Cybersecurity Act of 2012 so you didn’t have to and put out a nice summation. (I can tell you right now the person who wrote this is not getting paid enough.) Among the items the EFF likes about it:

• Civilians, not the NSA, will get to be in charge of illegal wiretapping.
• The government no longer gets access to any data it wants unless it says it is linked to “a cybersecurity crime investigation.”

Broad enough for ya?

To be fair, the EFF also mentions a bunch of ways the new bill addresses some privacy concerns. However, the group spotted at least one major problem:

“Currently, the bill specifically authorizes companies to use cybsersecurity as an excuse for engaging in nearly unlimited monitoring of user data or countermeasures (like blocking or dropping packets).”

That’s not too broad, is it?

The EFF is concerned the bill’s supporters may try to stir up fear over potentially-catastrophic cybersecurity scenarios to strip the bill of its privacy protections.

It sure as hell didn’t take them long to be proven right. On Wednesday NextGov posted a story with the following headline: SENATORS USING CRIME STORIES TO PUSH CYBERSECURITY BILL:

“It’s not a matter of whether a catastrophic cyberattack will happen, but when. That’s the message Senate backers of broad cybersecurity legislation repeated over and over on Tuesday as they sought to highlight what they see as the danger of inaction.”

A report in the The Hill, SENATORS: BILL NEEDED TO PREVENT A ‘CYBER 9/11’, suggests this is understating the tone of the argument.

“… pass the measure before the August recess, arguing it would ensure the United States averts a devastating ‘cyber 9/11’ attack.”

Cry insanity and let loose the imaginary hobgoblins!

The bill is sponsored by Sens. Joe Lieberman (I-DeputyDawg), Susan Collins (R-Moderate) and three others I couldn’t pick out of a police lineup. Here’s what they said when they introduced it:

“The destruction or exploitation of critical infrastructure through a cyber attack, whether a nuclear power plant, a region’s water supply, or a major financial market, could cripple our economy, our national security, and the American way of life. We must act now.”

So if this bill gets passed we will only have to worry about the same old-fashioned methods currently being used to of screw up the financial markets, the ecomony, national security and the American way of life.