@scrawford on #cyberwar – hurts US, helps consultants. #privacy #netfreedom

Susan CrawfordSusan Crawford in a Jul. 24 Bloomberg column  Cyberwar Hysteria Hurts U.S., Helps Consultants notes how security hype, fueled by consultants spreading FUD couched in military language,  is driving  wholesale compromises of privacy and freedom.

Crawford notes:

The administration’s draft cybersecurity bill released in May would result in regulation of private Internet access providers by the Department of Homeland Security. The DHS approach maps to the framework under which chemical plants handling hazardous substances are regulated, signaling that some sector of the administration views the Internet as akin to an informational toxic-waste dump.

Unrestrained Sharing

Most importantly, the bill would allow unrestrained “voluntary” sharing of any information by private operators with DHS, no matter how it was acquired and no matter how existing law would otherwise restrict disclosure of the information. Such sharing would be justified for cybersecurity purposes, if the operator made efforts to remove irrelevant identifying information and complied with not-yet-written privacy protections. This government- centered structure bypasses the Fourth Amendment’s right to privacy. The stated limitations are no real limitation at all.

The White House proposal would also broaden the scope of the Computer Fraud and Abuse Act, make the CFAA part of a racketeering prosecution (triggering harsh penalties), and generally enhance the sentences available under that statute. The CFAA already is interpreted breathtakingly broadly. All computers connected to the Internet are protected by the CFAA against undefined “unauthorized access,” which has made it possible for disgruntled employers to go after employees who use any information for purposes the employer doesn’t like. Expanding an already unconstrained scheme is the D.C. equivalent of jumping the shark; it calls the entire cyberwar enterprise into question.