These days, everyone seems interested in getting into the internet surveillance game, regardless of party or personal preference. It's just the popular thing to do – what with piracy, hacking and identity theft, they have to do something, even if they don't have a clue what to do – and according to Reuters, Senator John McCain has decided to get into the game.
The as of yet untitled bill was introduced last week, but it wasn't thrust into the spotlight until earlier today when the ACLU raised concerns about the bill's privacy implications. It is one of two bills aiming to address cybersecurity currently under consideration, but McCain's bill has more Republican support than its rival, which is sponsored by Senate Majority Leader Harry Reid.
The main differences lie in how they try to address the problems. Reid's bill (which is far from perfect itself) is mostly concerned about the potential of cyberattacks on critical infrastructure and takes the approach of putting the ever reliable Department of Homeland Security in charge of overhauling the infrastructure to prevent such a attacks. McCain's bill, though, takes the keys away from the DHS and puts the NSA and Cyber Command in charge of policing the net to try and catch would be 'threats' before they manifest themselves.
How would these threats be identified? Good old fashioned surveillance, of course. Basically, the bill encourages 'voluntary' information sharing between ISPs and the government. When nebulously defined 'network activity' with possible 'malicious intent' is spotted, the ISP would then be urged to transfer this information to a 'cybersecurity center' operated by the Ministry of Truth – uh, never mind, it's only the NSA and Cyber Command.
The corporations that tip off officials would also be protected from any lawsuits, even if the person they've been watching turns out to be innocent.
The ACLU's Michelle Richardson told Reuters that, "this is a privacy nightmare that will eventually result in the military substantially monitoring the domestic, civilian Internet." The main concern is that the scope of the bill is so vague that it has the potential of targeting perfectly innocent – and perfectly private – that set off red flags or just happen to draw the ire of someone with too much power.
The Center for Democracy & Technology's Jim Dempsey warned that the bill's invocation of 'national security purposes,' “is about as broad as you could be. We thought this was an issue that was close to consensus and close to a positive resolution, but seeing the direction this Senate bill went in, I'm more pessimistic now. It runs a real risk of dragging down the whole concept of information sharing."
For his part, McCain is quick to stress that the bill isn't trying to stifle the freedom of information online, telling reporters that:
The only government actions allowed by our bill are to get information voluntarily from the private sector and to share information back. We have no government monitoring, no government takeover of the Internet, and no government intrusions.
Even if it is done with good intentions, the idea of corporations spying on you instead of the government might not bring much comfort to many. Whether it's actually any better than the rival bill, the Cybersecurity Act of 2012, remains to be seen.
The one thing that is certain is that we need to tread very carefully here. While no one wants an attack on infrastructure or even the PlayStation Network, netizens are also very protective of their freedom, and don't react kindly to any legislation that threatens to tread on that. And as blogger Jerry Britto points out, sometimes the worst threats come in the form of oversights and good intentions. "It does appear [that the bill] includes a hole through which the NSA may be able to drive a freight train.”