CISPA

April

CISPA

Following redistricting, I am now a voter of Ohio’s 5th Congressional District. The man currently representing this district is Bob Latta. He can be seen below during a Subcommittee on Communications and Technology hearing, titled “Cybersecurity: Threats to Communications Networks and Private-Sector Responses.”

A quick watch of this video makes it quite clear; Bob Latta doesn’t have a clue what he is talking about when it comes to the internet. Yet as one of 28 members of the Subcommittee on Communications and Technology, he is an important legislator on that very subject. Congressman Latta is also one of 23 members of the House Subcommittee on Commerce, Manufacturing and Trade. This subcommittee’s jurisdiction includes: Interstate and foreign commerce, including all trade matters within the jurisdiction of the full committee; Regulation of commercial practices (the FTC), including sports-related matters; Consumer affairs and consumer protection, including privacy matters generally; Consumer product safety (the CPSC); Product liability; Motor vehicle safety; and, Regulation of travel, tourism, and time.

Mr. Latta is a co-sponsor of CISPA.

CISPA (Cyber Intelligence Sharing and Protection Act), is a bill currently going through the House which aims “To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.”

While there are supporters of the bill among the technology community, I cannot find many who believe this is a good bill. It’s primary objective is the sharing of information related to ‘cybersecurity’ among private entities (corporations) and government. It doesn’t sound bad up front… but the bills definitions of ‘cyber threat’ and ‘cybersecurity’ are simply too broad, and I can see it easily being abused.

‘(2) CYBER THREAT INFORMATION- The term ‘cyber threat information’ means information directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from–
‘(A) efforts to degrade, disrupt, or destroy such system or network; or
‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

‘(5) CYBERSECURITY PURPOSE- The term ‘cybersecurity purpose’ means the purpose of ensuring the integrity, confidentiality, or availability of, or safeguarding, a system or network, including protecting a system or network from–
‘(A) efforts to degrade, disrupt, or destroy such system or network; or
‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

The bill does not require corporations (such as say, Facebook) to provide cyber security information to the government or any other corporation. It simply ‘encourages’ it.

The problem I foresee is this. Hackers such as Anonymous or Lulzsec, and groups such as Wikileaks are the target of this legislation. I think that is obvious. Unfortunately, what our legislators, including Mr. Latta, fail to recognize is that these hackers will always be a step ahead. They know what they’re doing. You don’t. If the government and various corporate entities begin sharing vast troves of ‘cyber threat’ information amongst each other, the information of millions of American citizens will be stockpiled in numerous locations leaving them far more unprotected. This bill will actually cause more problems than it prevents.

Further bills in congress, such as the Protecting Children From Internet Pornographers Act of 2011 (a far worse and duplicitously titled bill), would further stockpile our personal and private information to include such information as every website we have visited in the last year. This bill would require our internet service providers (ISP’s) to retain records for one year including the IP addresses assigned to corresponding customers. This information cannot be compelled to be given by anyone but the government. But wait! CISPA would then allow the government to share that information with any ‘cybersecurity provider’ they want to.

Tim Berners-Lee, the man who invented the World Wide Web, HTML, http, and the first web browser has this to say on the subject, ““[It] is threatening the rights of people in America, and effectively rights everywhere, because what happens in America tends to affect people all over the world. Even though the SOPA and PIPA acts were stopped by huge public outcry, it’s staggering how quickly the U.S. government has come back with a new, different, threat to the rights of its citizens.”

When will it stop? What happened to the fourth amendment? These bills, following so quickly after SOPA, PIPA, and ACTA make it clear that the government is intent on creating a cyber police state. It needs to stop. I encourage everyone to write to their representatives and demand an end to these horrible bills that infringe on our rights. Unfortunately, it seems apparent to me that Mr. Latta’s lack of knowledge on the technological front has caused him to completely fail to notice that he is failing to protect the privacy of US Citizens, failing completely in his duties on both the Subcommittee on Communications and Technology and the Subcommittee on Commerce, Manufacturing and Trade. I certainly hope it’s his lack of knowledge on the subject. That, at least, can be fixed.

Read more: