CISPA is dead but cybersecurity legislation will rear its ugly head again

There’s a rush going on in Washington DC right now. It has been going on for over 2 years now and will continue until they get something done. The topic – cybersecurity. The latest failed legislation – CISPA.

US News is reporting that the US Senate will not take up the cybersecurity bill but will draft different legislation to go after cybersecurity – and some would say our privacy as well – in the coming months. Their biggest concern according to Senator Jay Rockefeller (D-WVa) is that the bill’s “privacy protections are insufficient.”

This echoes President Barack Obama’s sentiment and is the reason that the POTUS threatened to veto the bill if it reached his desk. It passed by an overwhelming margin last week in the House of Representatives but will not see the light of day in the Senate. That’s not to say it wouldn’t have passed. It only means that in its current form, it won’t even be brought to the floor.

There are others waiting in the wings, including the Cybersecurity and American Cyber Competitiveness Act of 2013. This piece of legislation is arguably milder in language and heavier in privacy protections than CISPA, but it goes after another area of contention by picking up a tone towards entertainment and technology protection similar to the rallying cries of organizations like the RIAA. Here’s how it currently starts off:

To secure the United States against cyber attack, to improve communication and collaboration between the private sector and the Federal Government, to enhance American competitiveness and create jobs in the information technology industry, and to protect the identities and sensitive information of American citizens and businesses.

If it sounds familiar, you’ve probably read CISPA, PIPA, SOPA, and possibly other pieces of legislation that are geared towards taking away our privacy online and putting too much power into both big business and the US government in the name of cybersecurity.

The biggest problem with all of these pieces of legislation is that they do not allow for enough anonymity of the common user online. This is a mistake, not just from the perspective of the privacy advocates but also in the ways to handle cyberterrorism in the first place. They are wanting to gather and catalog vast amounts of personal data to build online dossiers on US and foreign citizens. That is never clearly stated, but it is always allowable within the loopholes of each piece of legislation. We discuss that concept as it appeared in CISPA here.

Until they bring about legislation that keeps the data completely anonymous and encrypted up until the point that a proper warrant is issued, the loopholes will remain. That’s what it will take to make the legislation palatable and it’s also what it will take to make it effective. Criminals will usually have stronger privacy protocols in place with their online exchanges than average people. As such, the current bills do not address this issue and force the legislation to be most easily used against law abiding citizens than cybercriminals.

Something needs to be done. Cyberwarfare is still an extremely dangerous threat to society. However, the legislation proposed to this point will not address the threats enough and will empower the government with potential for digital oppression.