Omnibus legislation: the cyber sausage gets made
Otto von Bismarck, the master politician who built modern Germany in the late 19th century said that “laws are like sausages, it is better not to see them being made.” The Omnibus bill that Congress is passing to fund the US government through next September is one huge, ugly sausage. Filled with chunks of budget, it is equally stuffed with a number of new laws. One of those chunks is the Cybersecurity Act of 2015, which includes an updated compromise version of the Cybersecurity Information Sharing Act (CISA). And a lot of people do not like the taste of this one bit.
CISA has been kicking around Capitol Hill for a number of years. Proponents say it is about sharing cyber threat and Internet information traffic between the government and the private sector. Opponents have labeled it a civil liberties danger with vast amounts of personal information being controlled and shared among government agencies with little oversight. Now, with a dash of oversight protection by Inspectors General and the Government Accountability Office thrown in, CISA was made part of the omnibus appropriations bill. And thus cyber sausage is made.
To add fuel to the cyber debate, Senate Majority Leader Mitch McConnell has said recently the legislative agenda for next year will include a review of the revisions to the PATRIOT Act from last year – pre-San Bernardino. The cyber industry response was swift and negative with one major lobbying organization calling such actions “reactionary.” An opposing wit compared the cyber industry’s reaction to the National Rifle Association – the Internet does not kill people, people kill people.
So where does this leave us in December 2015? The pressure post-San Bernardino to increase surveillance on the Internet and within social media next year is going to be huge. You can guess how each side will argue the debate based on previous positions. White papers are being drawn up. Metaphorical cyber wagons are being circled. And Presidential year politics will be filled with bombastic arguments on both sides.
Let me suggest, however, that in the middle of this debate the most important thing to keep in mind is what do we need to do to keep our citizens safe — safe from terrorists and safe from massive government intrusion in our lives.
This is a balance and it always will be a balance. If we now err on the side of more collection then it needs to be done with better oversight than we’ve had so far. Frankly, whatever you may think of Edward Snowden, he brought home the ugly truth that massive, legal collection was taking place. Few knew how massive and fewer were providing something beyond rubber stamp oversight.
However, we also need to remember that there is no such thing as 100 percent security. We can collect every cyber haystack looking for terrorist needles and still miss the leads to a pending event.
Still, as heated, as the debate will be in 2016, it is better done in the open with both sides having at it and reaching some form of working agreement that will likely please no one. As Bismarck also said, “politics is the art of the possible, the attainable – the art of the next best.” No matter what we decide, nothing will be 100 percent satisfactory to everyone.