Since most Americans are still unaware of the contents of the Cybersecurity Act of 2012, and particularly Section 701, it’s no doubt time to consider what exactly is most offensive about the provision.
Section 701, which Senator John McCain is championing, covers “information sharing” between private entities such as Facebook or Google and the government. Section 701 would allow these private entities to essentially surveil cybersecurity threats or cybersecurity threat indicators (a hacker scanning for a password or Anonymous’s DDoS traffic) without first obtaining a warrant. This data could then be handed over to the government.
What this would do is effectively enlist service providers as government-approved private industry spies. Wondrous. And McCain, whose own version of the Cybersecurity Bill failed, still wants to empower the NSA to have access to such data, then allow the government to do as it pleases once it has it. It’s Orwellian in the extreme, even if McCain sincerely believes that it is necessary in fighting terrorists, foreign state-sponsored hackers or even Anonymous.
Some Senators, however, are fighting on behalf of the people, not government power. Senators Al Franken, Ron Wyden and Ron Paul have filed an amendment that would completely remove Section 701 from the Cybersecurity Act.
Al Franken stated in a Senate floor speech that Section 701 would “give ISPs and other companies a brand new right to monitor communications and deploy countermeasures. That right is very broad. So broad that if a company uses that power negligently to snoop in on your email or damage your computer-they will be immune from any lawsuit.”
Franken, however, does see the value in the legislation. “The Cybersecurity Act is not perfect, but when it comes to striking a balance between cybersecurity and privacy and civil liberties, it is the only game in town,” said Franken. ”It is far more protective of our rights than either CISPA or the SECURE IT Act.”
Senator Patrick Leahy (D-VT), on the other hand, has proposed an amendment that would require the government to first obtain a search warrant based on probable cause every time a law enforcement agency wanted access to private communications.
By late Tuesday the bill had lost its inertia, but that hasn’t stopped certain individuals from dealing the usual hysteria.
“Most outside observers believe that we will only get effective cybersecurity legislation after there has been a crisis of some kind, and that then we are likely to overreact, trampling privacy and putting in place rigid requirements,” said James A. Lewis, a national security expert with the Center for Strategic and International Studies in Washington. “This is an outcome no one on the Hill wants, but it may be inevitable.”
There is already an overreaction, particularly on the part of Sen. McCain. Franken, Wyden and Paul don’t want to completely gut the Cybersecurity Bill, only protect user privacy, thus preventing the US from tumbling further down an Orwellian rabbit hole.