In just one week, both the Homeland Security Secretary Janet Napolitano and Defense Secretary Leon Panetta warned that U.S. critical national infrastructure—including water, electricity, and gas networks—were vulnerable to hackers and the U.S. could be hit by a “cyber-9/11”.
Napolitano even urged Congress to pass legislation governing areas of cyber-security so that the .U.S government could share information with the private sector, which may help prevent cyber-attacks on infrastructure critical to U.S. national security.
So, that’s what they’re planning to do. And you can stamp your feet as much as you want, the way it’s looking, the proposals will be brought into law whether you like it or not.
And for the record, I’ll be there stamping my feet with you.
The cyber-security bill, dubbed CISPA—the Cyber Intelligence Sharing and Protection Act— that was shelved once it passed the U.S. House after the U.S. Senate began work on its own set of measures.
It would have effectively given the green card to American private-sector businesses to hand ordinary citizen data (and therefore potential intelligence) back to the U.S. government in order to thwart primarily cyber-attacks—but also what could potentially be terrorist attacks.
This, as you might expect, caused an uproar among the online community who believed that private companies could effectively hand over data—such as cell phone records, email records, and even Facebook and Twitter data—directly into the hands of U.S. intelligence.
Even the White House was concerned, and threatened to veto the bill altogether.
But now, there are two separate reports that suggest CISPA could be heading back to the Congressional table, but also that President Obama may bypass his lawmakers altogether and issue his own executive order.
First off, according to The Hill, ranking member of the U.S. House Intelligence Committee Rep. Dutch Ruppersberger (D-MD) said he plans to reintroduce CISPA back into the House. By working with the White House directly, Ruppersberger hopes to alleviate some of the government’s concerns.
Failing that, however, Obama could issue an executive order on the matter as soon as next week, according to Bloomberg‘s sources. It’s expected to be released just after the State of the Union address this coming Tuesday.
CISPA was a tricky law to get your head around. It defined cyber-security threats as efforts to “disrupt, degrade, destroy or gain unauthorized access to any system or network, whether privately owned (by a company) or owned by government,” said ZDNet’s Violet Blue, who covered the topic extensively and in great detail.
But arguments have been made that suggest such attempts to “disrupt [or] degrade” a network—commonly known as a denial-of-service (DoS) attack—could in fact be a method of online protest.
While some questioned whether DoS or DDoS (distributed denial-of-service) attack are the modern equivalent of a sit-in protest, it is now a matter for the courts to decide, reports Techdirt. The argument is that in some cases it is not a malicious act. There is no malware and nothing is stolen. It is, arguably, when carried for the sole reason of protesting, the same as creating an impromptu flash-mob protest, except using a computer rather a person’s physical being.
There was even a petition to the White House on the topic in the last few days that failed to gain traction. Only 6,000 people signed the petition, while 25,000 signatures were needed during a 30-day period to see it earn an official response. (The White House now needs four-times as many signatures after one petition asked the U.S. government to build a Death Star.)
Privacy activist Asher Wolf told ReadWrite last month: “There is no way in hell the White House will ever legalize DDoS.”
But as CISPA rears its ugly ahead again, as will those pesky activists who fight on our behalf for our online freedoms and privacy protection.
The bill was, however, supported by AT&T, Facebook, IBM, Intel, Oracle, Symantec, Verizon, and others—although, it was strange considering only months before many of the aforementioned firms came out against the Stop Online Piracy Act (SOPA), which led to the effectively shuting down of the Web for a day.
The CISPA threat led to the Internet Defense League—a threat-level group set up after the SOPA revolt—calling to arms, and asking everyone who cares about online freedom and privacy to get involved to prevent CISPA from becoming law. In a statement, the group that these “bills would end online privacy, treating everyone like criminals instead of making us more secure.”
Despite Obama’s warnings that he would veto CISPA the first time around, as the past has dictated, if Congress doesn’t play ball then the President will just take it and sign an executive order anyway.