US Cyber-Security Bills

Home Forums Technology US Cyber-Security Bills

This topic contains 2 replies, has 1 voice, and was last updated by  Henry Brown 5 years, 8 months ago.

  • Author
    Posts
  • #157546

    Henry Brown
    Participant

    From the ThreatPost blog

    EFF Says Cyber Security Bills Open Door To Government, Corporate Abuse

    he Electronic Frontier Foundation (EFF) is sounding alarms about a collection of overly vague cyber-security bills making their way through Congress.

    EFF looked at two bills making their way through Congress: The Cybersecurity Act of 2012 (S. 2105), sponsored by Senator Joseph Lieberman (I-CT) of Connecticut and the Secure IT Act (S. 2151), sponsored by Senator John McCain (R-AZ) . The digital rights group claims that the quality of both bills ranges from “downright terrible” to “appropriately intentioned.” Each, however, is conceptually similar and flawed, EFF said.

    With public awareness about cyber legislation high after the dramatic failure of Stop Online Piracy Act (SOPA), interest in- and skepticism of new cybersecurity legislation is on the rise.

    All three bills seek to facilitate cooperation among branches of the U.S. government and between the government and the private sector. Their failing, according to a blog post written by EFF Staff Technologist, Dan Auerbach and EFF Senior Staff Attorney, Lee Tien is in failing to define “the threats which are being defended against and the countermeasures that can be taken against those threats.”

    A lack of concrete definitions and transparency could give way to expansive interpretations of any bill that passes, leading to government and corporate abuses, which, in turn, could impinge upon civil liberties, EFF warned.

    As an example, Auerbach and Tien note that the Lieberman bill defines a “cyber security threat indicator” as any action that might be construed as “a method of defeating a technical [or operational] control.” That overly broad definition, EFF notes, could apply to anything from a DDoS attack to a port scan to the use of encryption or an anonymization service like ToR to protect the privacy of online activity and communications. Everything would depend on how the government and law enforcement chose to interpret it.

  • #157552

    Henry Brown
    Participant

    Some additional comment from the Center For Democracy & Technology
    Cybersecurity’s 8-Step Plan for Internet Freedom
    by Greg Nojeim
    March 28, 2012

    Cybersecurity is important to all Internet users because it can make the Internet a safer place to shop, conduct business, and communicate with others.

    However, pending cybersecurity bills include provisions that pose major civil liberties risks that must be addressed before any bill is enacted into law. This is urgent: the House is ready to take up legislation as soon as the week of April 23; after that, the Senate will act.1

    Here are some “do’s and don’ts,” more fully explained in this analysis for Senate cybersecurity legislation that preserves Internet privacy and freedom:

  • #157548

    Henry Brown
    Participant

You must be logged in to reply to this topic.