Wednesday, April 25, 2012

CISPA, "They're Back,"

Several weeks ago, I joined in the opposition to SOPA, The Stop On-line Piracy Act, H.R. 3261, and PIPA, The Protect Intellectual Property Act, S. 988.   I was gratified when the opposition to these bills caused their authors to abandon them.  However, I cautioned at the time that the big money behind the bills was not likely to go away.

So, I was not surprised on last Sunday morning when I saw Senator Christopher Dodd, the President of the Motion Picture Association of America, in an interview with Leslie Stahl, pushing a new bill called CIPSA, H.R. 3523 The Cybersecurity Intelligence Sharing and Protection Act.  While he did not tell us how it differed, he assured us, three times, that CIPSA was not SOPA.  Not only did he say that three times but that is all that he said about it.  That was all that he said about it in half an hour.

That turns out to be the theme for selling this pernicious and deceptive legislation.  Google "not SOPA:"  it returns CIPSA.  "Not SOPA" is one agreed upon talking point.  I found several blogs that assured me that CIPSA was "not SOPA."  Of course, if it looks like SOPA, and smells like SOPA, and comes from the same place as SOPA, I am not reassured.  

Another talking point is that it is "just about the language."  The author of the bill, Rep. Mike Rogers (R-MI) says that he hopes to give all constituencies “language that at least allows them to sleep at night, because I can’t sleep at night over these threats.”  Of course, he has little or no evidence about the "threats,"  Therefore, he cannot know the risk.  He even speculates about the consequences of a successful attack but it this potential outcome that frightens him.  Hype about "cyber war" and "cyber crime" is not a valid basis for sweeping public policy.  

The idea seems to be to use language that is so wishy-washy that it can be defended but still "allow everyone to sleep at night."   Some are fooled but others are not.  Jim Harper writing at Cato@Liberty asserts that "The bill is so broadly written that it is probably unrepairable."

This bill is pernicious because it encourages Big Data to turn over to the state any data that they deem to be "suspicious," and then protects them from any liability for doing so.  This immunity from accountability is one big carrot for Big Data.  Unlike SOPA, which had the support of the publishers, but was resisted by the likes of FaceBook, Amazon, and Google, CIPSA has the support of both groups.  In the name of security, it protects them from the consequences of almost anything that they do with your data.  

Harper goes on to say "Congress does not know how to address the thousands of difference (sic) problems that fall under the umbrella term 'cyber-security,' so it has fixed on promiscuous (and legally immunized) 'information sharing' with government security agencies as the 'solution.'"  I understand the desire of congress to "make things better."  However, this is not a problem that requires, or will even yield to, any law, much less this desperate measure.  

It is deceptive because it pretends to be about "cyber-security" but is really about protecting copyrights.   If the problem is "intelligence," then why complicate the law by throwing in the issue of "intellectual property," copyrights?   Why because that is where the money is.  Of all the constituencies for this bill, most will be satisfied if it does not make things worse.  The publishers are the exception and they are the constituency with the money.  They cannot admit that it is about copyright because then they could not say "not SOPA."
OK, I grant it; it is "not SOPA."  It is SOPA Plus.

It is at least possible that we want to prop up the broken business model of the publishing industry.  We may want to help them drag their twentieth century model into the twenty-first century.  I do not think so but I would be happy to debate it and even to be convinced.  What I am not prepared to do is to pretend that it is even remotely related to the security of the infrastructure or even the Internet.  Nothing threatens the infrastructure or the Internet like the animus of the publishers and the corrupting influence of their money.

Benjamin Franklin's oft quoted admonition still bears repeating and applies here, "Those who would trade essential Liberty for a little temporary security, deserve neither Liberty nor security."   While one might be willing to trade a little Liberty for a great deal of security, CIPSA does not offer such a bargain.  Instead it promises a certain, sudden, significant, and unrecoverable loss of Liberty for the mere hope of a little security.  

I will oppose this bill, as I opposed SOPA and PIPA, but not simply because it compromises Liberty.  I oppose it because it is bad public policy that encourages excesses by government and mischief by Big Data.  I oppose it because it increases risk to our society while pretending to reduce it.  I oppose it because it uses my field, my responsibility, my efforts and my failures to justify itself.   I invite my colleagues to join me.  Of course, defeat of one more bill will still not end this war.  "The price of Liberty is eternal vigilance." In spite of our opposition, perhaps even because of it,  we will continue to be called professionals and be paid the big bucks.