The U.S. legislature has cybersecurity on the brain . In the coming months , Congress and the Senate will take a confusing sort of cybersecurity bill — includingH.R. 3523(Rogers),H.R. 3674(Lungren),S. 2105(Lieberman ) , andS. 215(McCain)—all of which purport to keep U.S. company and substructure safe from “ cyberattacks . ” But as Congress continues to librate this legislation and negociate potential amendments , users should ask some serious questions about how these proposals will affect civil autonomy , andtell Congressthat we wo n’t endure for cybersecurity bills that undermine our civil indecorum . Here are four intemperate question that Congressmembers should be take about these bills — the answer to which the bills dissent on or circumvent wholly .
Who will be in charge of cybersecurity?
The Rogers bill ( H.R. 3523 ) proposes to put the military - intelligence community in tutelage of cybersecurity while the Lungren neb ( H.R. 3674 ) keeps it under civilian command by putting it in the hands of the Department of Homeland Security . give the National Security Agency ’s chronicle of privacy and over - classification , military ascendance of cybersecurity is a potentially disastrous outcome for those who are concerned with riposte - balancing craze over “ cyberwarfare ” and “ cybercrime ” with respect for privacy and civic liberties . Civilian control over cybersecurity is essential if there is to be any level of openness and transparency in U.S. cybersecurity insurance policy .
Governmental cybersecurity programs must aim to accomplish security measures through openness and the use of transparent , accountable processes . Governments have a exceptional obligation to their citizens to guard their privacy and civil impropriety , as well as a tariff to be accountable for their use of taxpayer dollars . Government programs are , by their very nature , not contend in a marketplace , where there are sometimes strong financial incentives for the cagy use of closelipped practices . to boot , the sprawling nature of U.S. infrastructure decreases the likeliness of maintain secret against adversaries and increase the potential benefits of constructive examination from all corners . just put : open is unspoiled , and there is no fashion cybersecurity insurance will be open under military control .
What exactly is a “cybersecurity threat?”
At this time , most of the project cybersecurity beak cede the political science broad power in the effect of a “ cybersecurity terror . ” alas , we do n’t know what that means . EFF has raiseddetailed concernsabout the likely harm this vague language could do if the existing legislative proposals are passed into law of nature . In brief , across-the-board definition potentially implicate tool and behaviour that security experts would NOT fairly consider to be cybersecurity threat indicators . Just using a proxy or anonymizing service such Viscountess Astor , encoding to protect your data , or measuring your ISP ’s electronic web performance could all be construed as “ cybersecurity threats ” in some of these legislative proposals . mass who take measures to protect their own secrecy and certificate online in ways that EFF on a regular basis recommend and sustenance could potentially be regale like criminals . And even under a more generous recitation of the language , legitimate security department enquiry would be direct and security measures research worker could find themselves under perpetual scrutiny as potential “ cybercriminals . ”
What does “information sharing” mean?
All of the proposed cybersecurity vizor mandate some kind of “ information sharing ” or “ government assistance ” between the U.S. government and the private companies that have access to so much of our personal data point , including e-mail , World Wide Web searches , GPS data , and our social graphs . company are encouraged to apportion data about “ cyber threats ” or incidents with the government , and to that death it provides them with immunity when partake entropy about threats .
Some of the proposals balance this info - sharing with privacy oversight , to make certain that shared data does not trench on individual privacy or civic liberties , but proposal such as theRogers billcontain no such protective terminology . The Rogers bill make companies a spare pass to monitor and compile communications and share that data with the regime and other companies , so long as they do so for “ cybersecurity purposes . ” Just invoking “ cybersecurity threats ” is enough to allot caller immunity from well-nigh all civic and felonious liability , effectively creating an exemption from all existing police . to boot , the Rogers bill places almost no restriction on what kinds of information can be collected and how it can be used , so long as the companies can take it was move by “ cybersecurity intention . ” S. 2105 ( Lieberman ) and S. 2151 ( McCain ) contain similarly dangerous provisions .
As if that was n’t bad enough , “ selective information sharing ” is often just a euphemism for surveillance and countermeasures , including monitoring electronic mail , filtering content , or blocking admittance to websites .
Will the cybersecurity bills improve our security or not?
Ideally , cybersecurity legislating would benefit U.S. citizen by protecting government system and infrastructure in a manner that is undetermined , accountable , transparent , and venerating of citizens ’ privateness and polite liberties . Unfortunately , there are aspects of the proposed cybersecurity vizor that lead us to think the American multitude will not be come out on top .
There is little incertitude that the net could stand to be a safer stead . Major operating systems have security vulnerabilities , as do plenty of other commercial-grade off - the - ledge package . The Internet could apply moreencryption , more secure protocols , and better authentication schemes . But the cybersecurity bills do n’t do any of these things . or else of make inducement for better justificatory net security , the propose bill take an offensive posture : more monitoring , more surveillance , and more revealing of your private information . Not only will the cybersecurity bill fail to make us safer , they will put substance abuser ’ secrecy and security system at peril .
Help EFF block the tough of the cybersecurity proposals bysending an email to Congress today .
republish with permit from the Electronic Frontier Foundation .
Image byPedro Miguel Sousa / Shutterstock
CybersecurityPrivacySecurity
Daily Newsletter
Get the best tech , science , and civilisation news in your inbox daily .
News from the future tense , delivered to your nowadays .
Please pick out your desire newssheet and state your email to upgrade your inbox .
You May Also Like
