Watch For A New Set Of CyberSecurity Laws

SuperDuG writes "According to a story on PCWorld.com the Congressional subcommittee dealing with cybersecurity will be researching and legislating new cybersecurity laws. The Chair, Adam Putnam says 'We want to put something out there that makes sense, that's balanced, that accomplishes the same goals, without it being this headlong rush to prove that we're doing something for our constituents because we were asleep at the switch when there was this digital Pearl Harbor.' Perhaps it wouldn't hurt if we all took a part and Contacted Representative Putnam about how well thought out other cybersecurity laws like the DMCA have 'helped out' and were 'thought out.' At least they're actually thinking before they legislate, and it seems they're open for suggestions."

Re:Kneejerk away

[Motherfucking+Shit]

How many DMCA cases have actually been run through the system?

Very few that I'm aware of, and that's the whole problem.

The DMCA essentially presupposes guilt, so ABC Corp doesn't even have to bother going to court... They just fire off a DMCA takedown notice. ISPs or other third parties little choice but to shutdown the target site - even if there's nothing illegal going on - lest they be found a party to any infringement that might be taking place.

please explain to me

[the_2nd_coming]

how can we have a "digital pearl harbor"

I mean the nature of the internet is decentralised so at most, there would be anoyances rather than devistation.

also, every critical system is on a closed network so our infrastructure will not fall apart.

the only thing I am left with, is that they want to protect corprate profits from script kiddies.

Hey wait! That sounds like Canadian lawmakers!

[edunbar93]

We want to put something out there that makes sense, that's balanced, that accomplishes the same goals, without it being this headlong rush to prove that we're doing something

Our government has this weird tendency towards actually thinking before it acts. And doing it the first time, rather than blundering around with large blunt instruments RIGHT AWAY because people are screaming for the government to protect them RIGHT AWAY.

But I guess someone has to blunder around stupidly to serve as an example to the rest of the world for What Not To Do. :)

Private sector only? What about the rest of us?

[jsmyth]

"Frankly, I'm finding a lack of attention and a lack of understanding by the Congress and the (Bush) administration as to the serious nature of the threat," he said. "It's not nearly as sexy, or as engaging, or as interesting as the threats that are posed by terrorists boarding aircraft, or terrorists threats to the Brooklyn Bridge

Issues that affect us all, but... Forthcoming cybersecurity legislation will be "meaningful regulatory approach to securing private-sector critical infrastructure" says Representative Adam Putnam

Shame it's only for the private sector. Ordinary decent home users would benefit greatly from a similary committee. Currently there is little or no useful media attention, which is a problem
Put it this way: if you were to hold a random sampling of U.S. citizens on cybersecurity, you would likely get a lot of semi- or un-informed views on it. The reason is simple: it's not considered important enough by society at large to have anything more than a knee-jerk reaction to it. If/when the details of cybersecurity (not just the fallout from high-profile cases) becomes a big thing in the media and in government, only then will the population at large (who are being spoonfed by popular media, remember) feel that it is important enough to become an issue.

Congress shouldn't take a "knee-jerk, let's legislate" approach to cybersecurity, Putnam answered. He noted that many people in Congress and in the public don't realize how many pieces of the U.S. critical infrastructure are controlled through networked technology. He used the example of flood-control gates on the Mississippi River or the power grids that serve stock markets.

No mention of the myriad other effects of problematic cybersecurity, such as that mentioned here, and presumably many similar more highly controlled privacy issues wrapped around the TIA and other institutional privacy violations.
Until then, it remains an issue for the interested parties and the various lobby groups, and now for the "private sector" affected by this committee. The average internet user doesn't understand the implementations, the "downsides" discussed ad nauseam on Slashdot, or the current infringements on privacy laws by the Bush administration and their agents, so there will be no popular upswing, no attempt to popularise privacy and security for Mr. Average Midwestern Suburbian, who currently doesn't spend as much time as we do reading up on "niche" issues such as this.
Ultimately, the population is only as interested in an issue such as cybersecurity as they are directly affected by it. Otherwise, it depends how the media portrays it. Think DMCA, think The Geneva Convention, think The Universal Convention on Human Rights. The US media targetted the DMCA issue at the public by suggesting that "hackers" would benefit if it wasn't in place. The Patriot Act was introduced to wide public acclaim because the media suggested "Terrorists" would benefit if it wasn't in place. The Geneva convention is flaunted in Guantanamo Bay, and the US public lets it past because the media doesn't highlight it.
If the general public - the majority of voters - are not negatively affected by the multivarious issues in cybersecurity - including things currently covered by wiretapping laws, TIA etc., and erosion of personal privacy - then it takes too much effort for them to take interest, and too much effort on the media's part to educate them.
Until it becomes an issue of general relevance, the voting public won't care, input will be limited to private sector industries, and their liberties will be further eroded until they have a mode of thought equivalent to "newspeak", with only the single state department/media line to go along with.

Termites ( or why I hate closed source ).

[anubi]

I hate proprietary interfaces and laws protecting them. This is a bit offtopic but I think it illustrates the concept.

I just had my "annual treatment" for termites. The termite guy made a big showing going around my house with a hose connected to his truck which was supposedly dispensing termiticide. Yes, lots and lots of fluid came from the hose, soaking it in pretty good. He told me the termiticide was a pyrethrin based material. Ok. I asked for a jug of it while he had hose in hand for spot treatment should I find a spot missed. No way. He could not, by "law", dispense the material other than as directed. So, it all went onto the ground in front of me.

Ok, now he presents me with the form to sign regarding completion of the treatment. There is a spot on the form where the chemicals used and quantity are supposed to be filled in. But he leaves it blank, because there wasn't an active infestation that was specifically treated. Apparently, under "law", I do not need to be informed as to what chemical he sprayed all over my property.

Now, here's the part that infuriates me, the next day, I go out to feed my cats and there's ANTS all over my cat food bowl. Now I figured that strong fresh dose of termiticide would have done away with all those ants.

Had I been able to recover a sample of whatever he sprayed on my property, I could send it off to a chemist friend who has a gas chromatograph in his garage and ask him to run a spectra on it and look for pyrethrins. I strongly suspect the termite man just made a show of spraying water on my property. To add insult to injury, I destroyed much of my vegetable garden on his advice that the poisons would be absorbed into my edibles.

Its all this closed-source ( not the price, but the reassurance that I know what I am getting ) that concerns me so. I am *personally* responsible for the expenses of maintaining my house, it does me no good to try to blame someone else, so having some termite company to blame it on does not help me. I feel I have a right to know what chemicals and in which strength is placed on my property, and I feel I have a right to verify this.

I am getting really fed up with all these laws prohibiting the understanding ( possibly reverse engineering if the vendor is uncooperative ) of what I am receiving in return for money. This seems so unfair to me because the quality of the money can be so easily verified, but I am supposed to accept, by laws passed by Congress, the word of the vendor on what it is I am buying.

I know I am being a little hot-headed on this issue, but the problem is I am personally responsible. In a large business, it wouldn't make that much difference on whether or not lots of damage resulted from some delegate's failure to perform, as I could delegate the problem and wash my hands of it, while still retaining my employment status and retirement plans. ( This is the main reason in my mind why business executives would choose to go with some system that keeps them ignorant of its inner workings. ) On my level, when I am personally responsible, I want the ability to verify anything. It really cripes me to have my rights to verification annuled by law.