March 30, 2012 at 9:35 am #157546
From the ThreatPost blog
EFF Says Cyber Security Bills Open Door To Government, Corporate Abuse
he Electronic Frontier Foundation (EFF) is sounding alarms about a collection of overly vague cyber-security bills making their way through Congress.
EFF looked at two bills making their way through Congress: The Cybersecurity Act of 2012 (S. 2105), sponsored by Senator Joseph Lieberman (I-CT) of Connecticut and the Secure IT Act (S. 2151), sponsored by Senator John McCain (R-AZ) . The digital rights group claims that the quality of both bills ranges from “downright terrible” to “appropriately intentioned.” Each, however, is conceptually similar and flawed, EFF said.
With public awareness about cyber legislation high after the dramatic failure of Stop Online Piracy Act (SOPA), interest in- and skepticism of new cybersecurity legislation is on the rise.
All three bills seek to facilitate cooperation among branches of the U.S. government and between the government and the private sector. Their failing, according to a blog post written by EFF Staff Technologist, Dan Auerbach and EFF Senior Staff Attorney, Lee Tien is in failing to define “the threats which are being defended against and the countermeasures that can be taken against those threats.”
A lack of concrete definitions and transparency could give way to expansive interpretations of any bill that passes, leading to government and corporate abuses, which, in turn, could impinge upon civil liberties, EFF warned.
As an example, Auerbach and Tien note that the Lieberman bill defines a “cyber security threat indicator” as any action that might be construed as “a method of defeating a technical [or operational] control.” That overly broad definition, EFF notes, could apply to anything from a DDoS attack to a port scan to the use of encryption or an anonymization service like ToR to protect the privacy of online activity and communications. Everything would depend on how the government and law enforcement chose to interpret it.
March 31, 2012 at 12:47 pm #157552
Some additional comment from the Center For Democracy & Technology
Cybersecurity’s 8-Step Plan for Internet Freedom
by Greg Nojeim
March 28, 2012
Cybersecurity is important to all Internet users because it can make the Internet a safer place to shop, conduct business, and communicate with others.
However, pending cybersecurity bills include provisions that pose major civil liberties risks that must be addressed before any bill is enacted into law. This is urgent: the House is ready to take up legislation as soon as the week of April 23; after that, the Senate will act.1
Here are some “do’s and don’ts,” more fully explained in this analysis for Senate cybersecurity legislation that preserves Internet privacy and freedom:
March 31, 2012 at 12:55 pm #157548
You must be logged in to reply to this topic.