The Law Should Never Be Secret, So Why Will CISPA Debate Be Secret?
from the ridiculous dept
As we mentioned last week, CISPA is scheduled for markup tomorrow, and the markup will be done behind closed doors
without any public scrutiny allowed. This makes no sense. They are
not debating the reason for the law, but rather the text of the law
itself. The law will be public, and any debate about the language and
amendments included should be public as well. As Julian Sanchez points out, it makes perfect sense for intelligence briefings to be held in secret, but it never makes sense to hold debates about what the law should be in secret. So why is Congress doing so?
In the meantime, it appears that the main backers of the bill will be supporting some amendments (and may release a manager's amendment), which marginally limits how the information it gets from companies can be used. However, this does little to deal with the real problems of the bill: the immunity companies get for sharing pretty much any private info with any government agency. At the very least, there's no reason that CISPA shouldn't require that companies strip personally identifiable information from any data they share with the government.
But, really, this deserves to go much further. At no point -- in the many years that cybersecurity legislation has been discussed -- has anyone in Congress explained why we need this. Yes, they've given FUD-like horror stories about planes falling from the sky, or they've pointed to Chinese hackers. But what they have not done is show how (a) current law gets in the way of the necessary information sharing to help combat any threats or (b) how CISPA will help stop such attacks. You'd think that both of these points would be at the top of the list of the things that Congress would be explaining to get support for this bill. Instead, we hear scare stories about evil hackers out to destroy us, and an awful lot of "trust us." It's tough to trust the government, though, when they won't even let you know what they're debating.
In the meantime, it appears that the main backers of the bill will be supporting some amendments (and may release a manager's amendment), which marginally limits how the information it gets from companies can be used. However, this does little to deal with the real problems of the bill: the immunity companies get for sharing pretty much any private info with any government agency. At the very least, there's no reason that CISPA shouldn't require that companies strip personally identifiable information from any data they share with the government.
But, really, this deserves to go much further. At no point -- in the many years that cybersecurity legislation has been discussed -- has anyone in Congress explained why we need this. Yes, they've given FUD-like horror stories about planes falling from the sky, or they've pointed to Chinese hackers. But what they have not done is show how (a) current law gets in the way of the necessary information sharing to help combat any threats or (b) how CISPA will help stop such attacks. You'd think that both of these points would be at the top of the list of the things that Congress would be explaining to get support for this bill. Instead, we hear scare stories about evil hackers out to destroy us, and an awful lot of "trust us." It's tough to trust the government, though, when they won't even let you know what they're debating.
No comments:
Post a Comment