Since I wrote my last post on CISPA a few weeks ago, a number of things have changed and my own opinion has evolved some as well. I still feel that the EFF’s interpretation was perpetuation a great amount of FUD, but that doesn’t really justify the merits of CISPA. There are many things to say about CISPA but I thought I would share some random thoughts here:

The Quayle Amendment Changed Things

While there is some debate whether this amendment is good or bad from the perspective of privacy is debatable, the question here is why was that amendment necessary? And why was the vote pushed forward right after including this amendment? In my opinion, this amendment alone is reason enough to hate this bill. I want to get that out first because although I agree with the premise of the bill, the risks of passing it as it stands are just to great. I don’t agree with the FUD involved in fighting this bill, such as saying it is the new SOPA, but I am always very wary of unintended consequences and it since it is so much harder to undo a law, this must be approached with great caution.

How Much are they Spying Already?

I’m not saying they should pass this bill because they already spy on you, I am saying that if this is a big concern we need to put more effort into laws that limit what they are already doing. Most companies already have intrusion detection and spam prevention systems in place to identify and log attacks and other unwanted threats to their networks. Much of this involves deep packet inspection and storing personal information about those who trigger alerts, including the many false alerts. There really aren’t many rules on what these companies can and cannot do with that information and their terms of service open us all up to huge intrusions of privacy. We do need legislation that clearly defines a threat and clearly defines (and limits) what can be done with that information.

And then there’s the NSA. Certainly we can’t even imagine how much information they gather on every one of us. Really, that just need stop, I don’t remember any U.S. citizens getting any say in allowing them to do that.

It appears that this law allows for better coordinated sharing of information but the fact is we are already threatened with huge invasions of our privacy. If you can be called a customer, an employee, or a citizen, you can be spied on.

Terms of Service vs Law is a Big Distinction

One very important thing to remember is that a company spying on it’s users is often covered under it’s terms of service. You agree to allow that in exchange for using their service. However, law enforcement agencies are limited by law which is much more restrictive. A law such as CISPA would allow law enforcement to fall under the umbrella of terms of service which would greatly expand their access. While this is good in the sense that it would make certain evidence legally admissible in court, the potential for unintended consequences are huge.

We Need Buffers for Stretched Interpretations

We have already seen how easily law enforcement can stretch interpretations or employ secret interpretations of laws. As a parent I see that, like children, you need to be very specific about things or law enforcement will go with the absolute most permissive interpretation. CISPA simply does not do this. Laws are difficult to reverse so we must be very careful before allowing laws that could have great potential for abuse.

Who Profits from CISPA?

Many have said that the RIAA and MPAA are clearly behind this bill but I don’t buy that. I certainly hate everything about the RIAA, MPAA, and anything they back, but I just don’t see this bill benefiting them that much without greatly stretching the interpretation and exposing themselves to significant liability. I’m not saying that is out of the question, it just doesn’t seem to fit here.

Nevertheless, whenever Congress passes any bill nowadays I am always suspicious of who stands to profit here. Yes I am sure there are some sincere motivations here but since when has a law been passed based on it’s sincerity?

Don’t Forget Who Makes the Decision, But Does it Matter?

I have seen a number of misleading articles state that CISPA would allow the Government can go trolling for information and take anything they want in the name of cybersecurity. First of all, I think law enforcement already has enough power through the Patriot Act and other laws that they can already demand just about anything. However, it is important to note that CISPA does not allow the Government to demand this information, it only allows companies to volunteer the information.

Now having said that, if the Government starts paying good money for that info, I’m sure that most companies would be happy to volunteer anything that law enforcement asks for.

Long is Bad but so is Short

One thing that always bothered me about the Patriot Act is how in just a matter of days after September 11th, the Justice Department produce such a huge, sweeping bill. In fact, whenever I see a ny100+ page bill introduced to Congress I get suspicious of how many lobbyists had their hand in this. Complexity is the best weapon that special interests have in introducing loopholes that line their pockets. Which is why seeing the short, simple CISPA was so refreshing and reassuring.

But as we have seen, being short has it’s problems too. Complexity introduces loopholes but vagueness can be just as bad. One thing nice about CISPA is that it is probably much easier to fix few pages of vagueness than to scale back a thousand pages of complexity.

There’s a Bigger Message

I think that it is important to look past the words on the bill and see what the opposition here is really about. It’s not so much about who shares what and how, it is that the American people are getting tired of never-ending legislation that continually gives the Government more power and slowly erodes at our rights of privacy. Do we really even need this bill? Yes there are some specific cases where it would be helpful, but we just don’t know how many more doors we are opening.

We are already tired of constantly hearing how law enforcement agencies are stretching and abusing current laws, do we really want to give them even more power? Will using the Internet become just as personally intrusive as the security gates at an airport? Is there greedy some special interest involved here paying off Congress to make themselves even richer?

The fight against SOPA energized many of us and demonstrated that for once the people do have a voice and we are going to use it. Despite any legitimate benefits of CISPA, Congress is voting on a law that most people just don’t want.

Now there is something to agree with.

Yubikey Token        LastPass password manager