Tuesday, April 23, 2013

CISPA: Bad law on bad.

In considering CISPA in the last piece I mentioned SOPA, the last iteration of these efforts to broaden government access and control of personal information. It managed to scare and anger many. And with numerous powerful online and tech interest opposed, it was given a lot of unwanted attention that helped lead to its demise in Congress. 

It was overly broad law. It was bad law. It was unpopular law, with the industrial deep pockets elected figures like to please.

So the lesson the lobbyist and Congressional supporters took away from that fight was to make it more palatable to industry. Nothing else really changed. Bad bill language stayed. Broad powers stayed. It just shows an interesting level of cluelessness.

Now, it was politician smart. They don't want to have to get yelled at by the businesses they rely on for fundraising. So it's a no lose fight to their reelection campaigns.

But this cluelessness does have impact. SOPA would have been bad law, like CISPA before it, and now. But other like law are already on the books. Like CFAA, the Computer Fraud and Abuse Act. This law is outdated 80's law against computer hacking (Hey. Remember all those bad 80's hacking movies? It's that old a law.). But it is badly worded and outdated law. This is the law that was used all too recently to hound a rather young and brilliant civil liberties advocate (and vocal opponent of SOPA) Aaron Schwartz for relatively benign activity. But under this law the DA was trying to put him in prison for decades (Because it was the law...kinda.). (And those efforts sadly led to his suicide.) It was punitive action through bad law.

CFAA is exactly an example about why we do need legislation, new legislation, for cybersecurity. Things do need to change. And PIPA, SOPA, and CISPA are examples of why it has to be GOOD law, SOUND law, and INTELLIGENT law; all things these bills are not. We need change, but these laws based more on paranoia and control will not do the job. Our law crafters have to do better.

CISPA is just too vague in how it will be applied, much like CFAA. It will inevitably be used poorly and people will be made to unfairly suffer. And now before it is law is the time to act. Congress needs to do a better job. Looking at CFAA, even many changes suggested for it focus more on increasing punishments and making the violations of the act a more vague and unclear matter. The legislators making the decisions here are not doing a good. job. They have to do better. We have to make them do better, particularly as all the loud voices with the deep pockets are walking away from the fray. It is up to us.

Get informed. Get involved.


I also wanted to note that in passing CISPA through the House of Representatives, even some good Democratic representatives supported it (like Duckworth). The backers of CISPA are spending a lot and schmoozing a lot to ensure it gets supported. This includes overselling it's national security value. So, I think, it would be a good idea to reach out to your representative in Congress (and contact your senators to) and let them know what you think about CISPA and why you don't want it to pass. We to can make them informed voters (in Congress).
It is likely it won't pass the senate. And the president has said he would veto it. But, as I've pointed out, it will be back. And our representatives need to be ready and understand our concerns when it does. They may even, if informed, be able to amend it to be good law. But it starts with us.



No comments: