Continuing our focus this week on issues surrounding CISPA - more heinous than SOPA, and it just passed the US House of Representatives, DCINFO readers now need to alert US Senators of their concerns.
The Senate’s version of the cybersecurity bill is straying even more off the mark of what should be covered in such a measure than the House version: protecting critical American infrastructure against attacks in the digital realm.
This is not the bill to attempt to address a host of other Internet-related items that various Senators are seeking to include based on differing political considerations.
That will only make matters worse, and even the special interests pushing for some of the expanded provisions stand to be hurt by unintended consequences of such amendments.
Senator John McCain’s (R-AZ) remark this week, that “unelected Digital Homeland Security bureaucrats could divert resources from actual cybersecurity to compliance with government mandates,” should raise a major red flag to all observers of this process.
Since this bill’s purported raison d’etre is to protect security, shouldn’t its “mandatory” provisions be aimed at accomplishing precisely that?
Instead, the way the discussion is heading now, the bill that emerges will be more likely to do nothing to protect vital American interests from cyberattacks, and actually harm privacy - both individual and institutional - as well as add operating expenses to US companies.
And as Preventing Counterfeits (excerpted below) suggests, private sector solutions will leave public sector attempts to legislate remedies here far behind.
Meanwhile, in another example of how challenging this space has become to lawmakers, The Password Protection Act (PPA) was introduced by Democrats this week in both the House and Senate, illustrating the converse problem to CISPA’s growing loss of focus, and that’s the problem of “techno-legislative-micro-management.”
PPA’s stated intent, echoing a Maryland law, is to prevent employers from demanding access to Facebook passwords of employees and job applicants.
Congressmen Ed Perlmutter (D-CO) and Martin Heinrich (D-NM) introduced in the House an identical version of the measure introduced in the Senate by Senator Richard Blumenthal (D-CT), who supported a petition on this subject, which failed to achieve its goal of 60,000 signatures, suggesting that citizens may not want this “help.”
PPA includes provisions intended to prohibit employers from requiring private social network and e-mail account access as a condition of employment and from discriminating against individuals who refuse to provide it. Exceptions include employees with access to national security information and, for inexplicable reasons, students.
Senator Blumenthal’s claim that, “This legislation, which I am proud to introduce, ensures that employees and job seekers are free from these invasive and intrusive practices,” is another indication that legislators are long on seeking politically advantageous credit for their efforts, but in the Internet law arena are short on delivering substantive value.
Moreover, Blumenthal’s assertions that employers requiring such information are perpetrating an “unreasonable and intolerable invasion of privacy” and that “no American should have to provide their confidential personal passwords as a condition of employment,” strike us as demagogic hyperbole.
The bill itself represents an unwarranted “intrusion” by the federal government into the internal workings of private sector organizations. There are numerous instances where the mission or culture of a particular institution wholly justifies heightened transparency and a deepened level of integrity in employer-employee relations, and this should not be prohibited by law.
Circumstances of these relationships vary tremendously; and our point is that, in a free society, neither employers nor employees should have this specific aspect of their association dictated by the federal government.
We tend to agree with Senator Patrick Toomey (R-PA), who said at a related Senate Commerce hearing on privacy protections this week, “It’s premature to begin discussing specific legislative fixes when we don’t fully know whether a problem exists.”
Senator Toomey was speaking against the Federal Trade Commission’s (FTC) bid to expand its powers to interfere with evolving privacy practices of Internet-based companies like Facebook and Google, absent regulatory authorization.
DCINFO readers will recall that the White House last Fall put forward what it called a Privacy Bill of Rights to provide basic online protection guidelines.
Those rights were presented as voluntary codes of conduct, and the DCIA applauded them. Industry in response launched a “Do Not Track” initiative along the lines of the “Do Not Call” list, which even FTC Chairman Jon Leibowitz acknowledged is working.
The eight basic principles included Individual Control, Transparency, Respect for Context (data used consistent with context in which consumers provided it), Security, Access and Accuracy, Focused Collection (“reasonable limits”) and Accountability (appropriate safeguards for data collection).
These are sufficiently broad not to be overly prescriptive, and companies can readily determine those that apply to them and those that don’t. A firm which voluntarily complies but then violates its commitment will be subject to FTC sanction for false and deceptive practices.
The DCIA believes that self-regulation will go a long way here because, among other reasons, social media users are more vocal with their complaints.
"The right to express one’s views, practice one’s faith, peacefully assemble with others to pursue political or social change - these are all rights to which all human beings are entitled, whether they choose to exercise them in a city square or an Internet chat room," the US Secretary of State, Hillary Rodham Clinton, said at the end of 2011 at an Internet conference in the Netherlands.
"And just as we have worked together since the last century to secure these rights in the material world, we must work together in this century to secure them in cyberspace." Share wisely, and take care.