The CISPA circus: Send in the clowns

Watching a clueless Congress attempting to pass a cyber security bill would be entertaining if the stakes weren't so high

Page 2 of 2

Of course, the White House has vowed to veto the bill unless privacy protections are added, but given the Obamanistas' track record on keeping their vows that's hardly comforting.

Let's be clear: More information sharing in the face of cyber attacks is a good thing. Our nation's private and public infrastructure are both deeply intertwined and vulnerable, so it makes sense to ease restrictions on data sharing when a bank gets hacked, because the next target might be the power station down the road.

CISPA springs a leak

The problem with CISPA is that in its current form it's still vague and ripe for abuse. It absolves corporations of being responsible for what happens to the data they've collected. It allows data sharing with the entire federal government, not just the parts responsible for ensuring our safety. It circumvents other laws designed to limit governmental access to private information. And it can be deployed for a wide range of perceived threats that have nothing to do with attacks on our nation's infrastructure. In that it is very much like the Patriot Act, which was allegedly written to combat terrorists but ended up being used primarily against run-of-the-mill drug dealers, money launderers, tree-huggers, and vegetarians (yes, really).

Is North Korea a threat to our nation's infrastructure? Possibly. WikiLeaks, not so much. But to the legislators who came up with CISPA there's little difference.

While computer code may be binary, privacy and security are not. You don't actually have to choose between one or the other. Data minimization is not a new concept. You can enable companies to share information with law enforcement (and visa versa) without exposing everyone's personal information. You can craft a bill designed to enhance our ability to respond to cyber attacks without throwing in other vague threats that turn the law into an invitation for corporations and governments to throw a data party -- or a fishing expedition.

It's just harder. It requires careful thought and compromise -- two things apparently in short supply in our nation's capitol.

What's your stand on CISPA? Climb on your soapbox below or harangue me here:

This article, "The CISPA circus: Send in the clowns," was originally published at Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.

| 1 2 Page 2