Looks like it's back.
President Obama has made this his unofficial cybersecurity week, in which he focuses on broadband in general and cybersecurity in particular. In that there some good stuff and some very bad staff. On the good side, he's
championing community-based broadband, calling for state and local governments to stop restricting the rights of cities and towns to build their own broadband networks. Fantastic idea that would help break the stranglehold big telecom has on internet service.
On the bad side, he's still pushing some deeply flawed cybersecurity measures that should have been abandoned the first time they failed to prevail. The key problems in his revived proposal:
- Potentially more access to your private data by the NSA—companies would get blanket immunity for sharing customer data under poorly-defined and broad circumstances. As in previous incarnations, it would supersede other state and federal privacy laws.
- It creates redundancy in existing information sharing procedures and protections—there's already mechanisms for private companies and the government to share threat information. If there are gaps in these measures, they should be identified and addressed.
- It could make the the draconian Computer Fraud and Abuse Act worse—the CFAA is the law used to prosecute and hound digital rights activist Aaron Schwartz. The law has been used to bully people like Schwartz with over-zealous penalties relative to the threat their actions pose. The current proposal would increase some of the penalities in an already too-stringent law.
- It could supercede strong state privacy protection laws—California, for example, has very strong disclosure laws, requiring companies to notify customers of data breaches. In face, 38 states have these laws, but federal legislation would supersede, and in some cases, weaken these state laws.
- It could limit online civil disobedience against repressive governments or abusive corporations, giving the attorney general more power to go after the botnets used by activists.
The default posture of the administration and of Congress in cybersecurity has been to take a sledgehammer to it, going easy on corporate responsibility for their own and their customers' protection and using it as an opportunity to whittle even further away at privacy protections for regular Americans. Activists have pushed back on these flawed proposals and had good luck so far, but the fight is clearly not over.