Tag: the daily caller

The Senate’s SOPA Counterattack?: Cybersecurity the Undoing of Privacy

The Daily Caller reports that Senator Harry Reid (D-NV) is planning another effort at Internet regulation—right on the heels of the SOPA/PIPA debacle. The article seems calculated to insinuate that a follow-on to SOPA/PIPA might slip into cybersecurity legislation the Senate plans to take up. Whether that’s in the works or not, I’ll detail here the privacy threats in cybersecurity language being circulated on the Hill.

A Senate draft currently making the rounds is called the “Cybersecurity Information Sharing Act of 2012.” It sets up “cybersecurity exchanges” at which government and corporate entities would share threat information and solutions.

Sharing of information does not require federal approval or planning, of course. Information sharing happens all the time according to market processes. But “information sharing” is the solution Congress has seized upon, so federal information sharing programs we will have. Think of all this as a “see something, say something” campaign for corporate computer security people. Or perhaps “e-fusion centers.”

Reading over the draft, I was struck by sweeping language purporting to create “affirmative authority to monitor and defend against cybersecurity threats.” To understand the strangeness of these words, we must start at the beginning:

We live in a free country where all that is not forbidden is allowed. There is no need in such a country for “affirmative” authority to act. So what does this section do as it in purports to permit private and governmental entities to monitor their information systems, operate active defenses, and such? It sweeps aside nearly all other laws controlling them.

“Consistent with the Constitution of the United States and notwithstanding and other provision of law,” it says (emphasis added), entities may act to preserve the security of their systems. This means that the only law controlling their actions would be the Constitution.

It’s nice that the Constitution would apply</sarcasm>, but the obligations in the Privacy Act of 1974 would not. The Electronic Communications Privacy Act would be void. Even the requirements of the E-Government Act of 2002, such as privacy impact assessments, would be swept aside.

The Constitution doesn’t constrain private actors, of course. This language would immunize them from liability under any and all regulation and under state or common law. Private actors would not be subject to suit for breaching contractual promises of confidentiality. They would not be liable for violating the privacy torts. Anything goes so long as one can make a claim to defending “information systems,” a term that refers to anything having to do with computers.

Elsewhere, the bill creates an equally sweeping immunity against law-breaking so long as the law-breaking provides information to a “cybersecurity exchange.” This is a breath-taking exemption from the civil and criminal laws that protect privacy, among other things.

(1) IN GENERAL.—No civil or criminal cause of action shall lie or be maintained in any Federal or State court against any non-Federal governmental or private entity, or any officer, employee, or agent of such an entity, and any such action shall be dismissed promptly, for the disclosure of a cybersecurity threat indicator to—
(A) a cybersecurity exchange under subsection (a)(1); or
(B) a private entity under subsection, (b)(1), provided the cybersecurity threat indicator is promptly shared with a cybersecurity exchange.

In addition to this immunity from suit, the bill creates an equally sweeping “good faith” defense:

Where a civil or criminal cause of action is not barred under paragraph (1), a good faith reliance by any person on a legislative authorization, a statutory authorization, or a good faith determination that this Act permitted the conduct complained of, is a complete defense against any civil or criminal action brought under this Act or any other law.

Good faith is a question of fact, and a corporate security official could argue successfully that she acted in good faith if a government official told her to turn over private data. This language allows the corporate sector to abandon its responsibility to follow the law in favor of following government edicts. We’ve seen attacks on the rule of law like this before.

A House Homeland Security subcommittee marked up a counterpart to this bill last week. It does not have similar language that I could find.

In 2009, I testified in the House Science Committee on cybersecurity, skeptical of the government’s ability to tackle cybersecurity but cognizant that the government must secure its own systems. “Cybersecurity exchanges” are a blind stab at addressing the many challenges in securing computers, networks, and data, and I think they are unnecessary at best. According to current plans, cybersecurity exchanges come at a devastating cost to our online privacy.

Congress seems poised once again to violate the rule from the SOPA/PIPA disaster: “First, do no harm to the Internet.”

The Court Tackles a Hard Case: Implications for ObamaCare?

The Supreme Court hears oral argument today in an important pre-emption case, Bruesewitz v. Wyeth, which asks whether the National Vaccine Injury Compensation Act of 1986 pre-empts state law “design defect” suits brought against vaccine manufacturers. I’ve discussed this complex case more fully in an op-ed at the Daily Caller, but in a nutshell, Congress passed the Act to address the risks inherent in vaccinations through a federal no-fault ”Vaccine Court” rather than through the vagaries of state tort law. It did so because the inability to make vaccines entirely safe, plus uncertainty surrounding causation, coupled with the penchant of state juries to discount those issues in favor of sympathetic plaintiffs, had rendered most manufacturers unwilling to produce needed vaccines at reasonable costs.  

In drafting the statute, however, Congress left things unclear, to put it charitably. Thus, the Court will have to make sense of this language:

No vaccine manufacturer shall be liable in a civil action for damages arising from a vaccine-related injury or death associated with the administration of a vaccine… if the injury or death resulted from side effects that were unavoidable even though the vaccine was properly prepared and was accompanied by proper directions and warnings.

Although the Act allows victims to sue over manufacturing defects, conduct that would subject a manufacturer to punitive damages, and a manufacturer’s failure to exercise due care, nowhere does it define “unavoidable”—and there’s the nub of the matter. In the case before the Court, a three-judge Third Circuit panel decided unanimously for Wyeth, as did the district court. But in another case five months earlier, a nine-member Georgia Supreme Court, facing similar facts, decided unanimously for the plaintiff.

And behind it all is the question whether Congress should have pre-empted state law in the first place. It probably should have here, but that’s a close call. And the implications for ObamaCare are not absent in this case, which could be a portent of the complex and uncertain litigation that lies ahead if the scheme is not repealed. As I say at the outset of my post, hard cases make bad law, but bad law too makes hard cases, and this is one. Does anyone think that ObamaCare is anything but bad law? We’ll know once we figure out “what’s in it,” as the lady said.

Open All of Obama’s Health Care Meetings to C-SPAN

From my op-ed in The Daily Caller:

ObamaCare would dramatically expand government control over health care.

Each new power ObamaCare creates would be targeted by special interests looking for special favors, and held for ransom by politicians seeking a slice of the pie.

ObamaCare would guarantee that crucial decisions affecting your medical care would be made by the same people, through the same process that created the Cornhusker Kickback, for as far as the eye can see.

When ObamaCare supporters, like Kaiser Family Foundation president Drew Altman, claim that “voters are rejecting the process more than the substance” of the legislation, they’re missing the point.

When government grows, corruption grows.  When voters reject these corrupt side deals, they are rejecting the substance of ObamaCare.

If Obama is serious about fighting corruption, he should invite C-SPAN to into every meeting he holds with members of Congress.

Then we’ll see whether he’s lobbying House members based on the Senate bill’s merits, or promising House members judgeships or ambassadorships in exchange for their votes.

What’s going on behind those closed doors, anyway?  Aren’t you just a little bit curious?

Or does corruption only happen when Billy Tauzin is in the room?