This article is presented here unchanged except as noted at the end of the article.

by Andrew Couts

May 15, 2012

With CISPA pushed to the back burner, the Senate is set to consider two alternative cybersecurity bills, both of which are far more expansive than CISPA — and each with many of the same problems, according to privacy advocates. Here is everything you need to know about the Cybersecurity Act of 2012 and the SECURE IT Act before they hit the Senate floor for a vote this month.

Despite all the fears surrounding CISPA — a bill that would make it easier for the Federal government and businesses to share information (including users’ private communications) — the rumblings from Capitol Hill suggest that CISPA won’t even make it onto the Senate’s agenda, thanks to broad opposition from Senate Democrats and a veto threat from President Obama. Instead, the Senate is expected to take up two alternative bills, the Cybersecurity Act of 2012 (CSA) sometime this week; and the SECURE IT Act, sometime this month.

Here is a rundown of what these bills are, and why civil liberties advocates say they, too, threaten our individual privacy.

The Cybersecurity Act of 2012 (officially known as S. 2105, and often referred to in the press as the “Lieberman-Collins bill”) seeks to establish robust security standards to protect against “cyber threats,” with a particular emphasis on the protection of “critical infrastructure” networks in the U.S, such as electrical grids and air traffic control systems. Companies that operate such systems, assets, or networks would be required to prove to the government that they have certain safeguards in place to protect against cyberattacks.

Like CISPA, CSA also removes certain legal barriers to allow for greater information sharing between the government and the private sector. Finally, CSA establishes the Department of Homeland Security (DHS) as the Federal government’s lead agency for controlling the cybersecurity infrastructure.

CSA was introduced to the Senate on February 14 by Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (I-CT), Ranking Member Susan Collins (R-ME), Commerce Committee Chairman Jay Rockefeller (D-WV), and Select Intelligence Committee Chairman Dianne Feinstein (D-CA). Only one other senator, Sen. Sheldon Whitehouse (D-RI), has co-sponsored the bill since its introduction, though it has explicit support from Senate Majority Leader Harry Reid (D-NV), and the Obama White House.

What is the SECURE IT Act?

Officially known as S. 2151 in the Senate, and H.R.4263 in the House, SECURE IT is a direct response to CSA. Like CSA and CISPA, both the Senate and House versions of SECURE IT remove legal barriers to allow for greater sharing of information between the government and businesses. Unlike CSA, however, SECURE IT does not establish a governmental regulatory system to oversee cybersecurity threats or to make sure that security standards are in place for critical infrastructure. Instead, SECURE IT provides a number of incentives to companies that choose to share “cyber threat information” with the Federal government.

Furthermore, SECURE IT establishes criminal penalties for a wide range of cybercrimes, from “trafficking in passwords” to causing damage to critical infrastructure networks or systems.

SECURE IT was first introduced by Sen. John McCain (R-AZ), and has seven co-sponsors in the Senate, all top-ranking Republicans. In the House, SECURE IT was introduced by Rep. Mary Bono Mack (R-CA), and has one co-sponsor.

Read the full text of S. 2151 here, and the full text of H.R. 4263 here.

What is the difference between the Cybersecurity Act of 2012 and SECURE IT?

Two words: government regulation.

The fight over these two bills is classic Washington bi-partisanship. The Democrat-backed CSA establishes a governmental regulatory apparatus that would put in place certain mandatory security measures that private companies (specifically those that deal with critical infrastructure) would have to meet. While some say that CSA doesn’t go far enough towards enforcing these standards, Republicans don’t like this “big government” approach to cybersecurity at all. SECURE IT’s chief sponsor, Sen. John McCain, has called CSA a “regulatory leviathan.” And critics in the private sector insist that CSA would put harmful burdens on businesses.

---

From this point, Andrew Couts describes the differences between these two bills in greater detail, which I have not included here. We don’t know which of the two bills, or combination thereof, will be considered by the Senate. Click here to read the entire article.

***************************************

What can you do—you are only one person? True, but you are only “six degrees of separation,” on average, from any other person on Earth. You become powerful when you share information with your friends and ask them to share it with their friends—it becomes a global revolution. As Stephen King suggests in The Long Walk, when these “society-supported sociopaths” come, step aside, and find the strength to run…

Click here to vote for President Obama’s American Jobs Act

Who wants the FBI looking over your shoulder as you post a message on Facebook? Nevertheless, “The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.”

Perhaps the FBI has not seen WarGames. Lightman asks Jim what backdoors are. Jim replies, “Whenever I design a system, I always put a simple password that only I know about. That way, whenever I want to get back in, I can bypass whatever security they have added on.”

When you circumvent software security protocols, you devalue them. A Washington Post article states, “I can’t imagine a better way to kill US competitiveness in the tech sector abroad. What European, Asian, or South American will want to use a US product such as Google+ or Facebook knowing that the US government has easy access to whatever is said, shared, uploaded, or done there? This could accelerate massive migration away from predominantly American tools and networks.” Networks the FBI would have no control over.

It’s unlikely the FBI wants these companies to intentionally create a hole in their security fence. They can’t possibly think that they are the only ones who would be getting into these backdoors, can they?

Other consequences would be the increased expense of developing new communications software in the future. TechDirt concludes that “The end result won’t make it any easier for the FBI to track down real criminals, but it will put plenty of non-criminals at risk. It will do this while making things much more expensive for tech companies that want to let its users communicate.”

Maybe the FBI doesn’t understand what it means to devalue security protocols. Hackers do. They have repeatedly demonstrated that they are capable of penetrating even the most secure corporate and government networks, and you can be sure that they would consider it an appropriate challenge to find the backdoor to FBI computers.

That would be “the story” in the news—hackers love publicity.

What greater incentive do the hackers need to find and exploit these vulnerabilities that are so conveniently placed in the code? Even without purpose-built methods for law enforcement to circumvent the security built into communications software, we know plenty of instances where developers have unintentionally left security holes that were subsequently widely exploited.

Not only that, but who is legally responsible when data thieves hijack one of these back doors and steal sensitive personal data? Lawsuits would abound from social networks (Facebook, Twitter, Google+) and VolP (Voice over Internet Protocol such as Google Voice and Skype) who offer interconnectivity services. This is not to mention lawsuits from text chat services such as Yahoo and AOL IM. I don’t think the FBI would want these headaches. Nor does the US government have the money to waste on attorneys defending the FBI.

Fortunately, even if this bill becomes law, the FBI is not going to have carte-blanche ability to snoop whenever it wants. Sec. 105 of the Communications Assistance for Law Enforcement Act states, “A telecommunications carrier shall ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of an individual officer or employee of the carrier acting in accordance with regulations prescribed by the Commission.”

Does the FBI really want backdoors?

More importantly, do you?

***************************************

What can you do—you are only one person? True, but you are only “six degrees of separation,” on average, from any other person on Earth. You become powerful when you share information with your friends and ask them to share it with their friends—it becomes a global revolution. As Stephen King suggests in The Long Walk, when these “society-supported sociopaths” come, step aside, and find the strength to run…

Click here to vote for President Obama’s American Jobs Act

Click here to Stop FBI Surveillance of Social Network Sites

NOTE: this article was updated on 6/14/12: with a reprint from Congressman Darrell Issa at http://keepthewebopen.com/digital-bill-of-rights

Click here to ask President Obama to veto CISPA.
Mr. President, the American people are asking you to sign the Digital Bill of Rights if it is passed by Congress. However, please veto CISPA if it comes to your desk.

A Digital Citizen’s Bill of Rights

I believe that individuals possess certain fundamental rights. Government should exist to protect those rights against those who would violate them. That is the revolutionary principle at the heart of the American Declaration of Independence and U.S. Constitution. No one should trample our right to life, liberty and the pursuit of happiness. That’s why the Bill of Rights is an American citizen’s first line of defense against all forms of tyranny.

But where can a digital citizen turn for protection against the powerful? This question lay at the heart of the fight to stop SOPA and PIPA and keep the web open. While I do not have all the answers, the remarkable cooperation we witnessed in defense of an open Internet showed me three things. First, government is flying blind, interfering and regulating without understanding even the basics. Second, we have a rare opportunity to give government marching orders on how to treat the Internet, those who use it and the innovation it supports. And third, we must get to work immediately because our opponents are not giving up.

We need to frame a digital Bill of Rights. This is my first draft. I need your help to get this right, so I published it here in Madison for everyone to comment, criticize and collaborate. I look forward to hearing from you and continuing to work together to keep the web open.

-Congressman Darrell Issa

The Digital Bill of Rights:

1. The right to a free and uncensored Internet.

2. The right to an open, unobstructed Internet.

3. The right to equality on the Internet.

4. The right to gather and participate in online activities.

5. The right to create and collaborate on the Internet.

6. The right to freely share their ideas.

7. The right to access the Internet equally, regardless of who they are or where they are.

8. The right to freely associate on the Internet.

9. The right to privacy on the Internet.

10. The right to benefit from what they create.

***************************************

What can you do—you are only one person? True, but you are only “six degrees of separation,” on average, from any other person on Earth. You become powerful when you share information with your friends and ask them to share it with their friends—it becomes a global revolution. As Stephen King suggests in The Long Walk, when these “society-supported sociopaths” come, step aside, and find the strength to run…

Click here to ask President Obama to veto CISPA.