The Cybersecurity Act of 2012

The US Senate plans to vote on their version of a cybersecurity bill this coming week. This is the Senate's response to the CISPA bill in the House.

I have yet to hear a compelling reason why we need Cybersecurity legislation and am of the opinion that the perfect answer here is no legislation. However, I am also of the opinion that perfect is often the enemy of the good. And there may be a decent piece of legislation coming out of the Senate this week if, and this is a big if, the Franken and Wyden Amendments are added to the Senate's bill.

The Franken Amendment strikes section 701 from the Senate's bill. Section 701 provides companies with the explicit right to monitor private user communications and engage in countermeasures.

The Wyden Amendment require law enforcement officials to procure a warrant before obtaining location data from a person's cell phone, laptop or other gadgets.

This all may be much ado over nothing as I've been told that the House is not going to pass the Senate's bill and the Senate is not going to pass CISPA. So we may end up with nothing anyway. Which would be fine with me.

But, like PIPA/SOPA, my fear is we are ultimately going to get some legislation on this issue. And so figuring out how to get decent legislation instead of awful legislation seems to be a good idea. Adding the Franken and Wyden Amendments to the Cybersecurity Act of 2012 is one way to achieve that.

There will be a bunch of places you can go to let your elected officials know how you feel about these bills. But most of them will launch tomorrow. As of today, this is the best place online to let yourself be heard on the cybersecurity bill. I will update this post tomorrow as more online advocacy unfolds.

#Politics

Comments (Archived):

  1. Rohan

    The empire strikes back.

    1. ShanaC

      but the jedi always return

      1. Rohan

        One would hope so! 🙂

  2. kidmercury

    man, society moves so slow…..my god what will it take for people to wake up, lol. for this comment it seems fitting to pull out my standard automated response:1. governmental power is swimming upstream, from local to national to supernational. ignore this trend and you will be blindsided by UN treaties and crap like that. 2. the executive can force anything through the bureacracies at this point — wars are declared abroad without congressional approval, so there is nothing stopping the president from forcing this through in the name of national security. since the american people are still too psychologically weak to vote outside the two party system they are still very vulnerable to this type of legislation. on a brighter note attached is a picture from a romney convention folks may enjoy. 3. the only sustainable solution is civil disobedience driven by localized revolutions — everything else is just a band aid. this is especially true if americans lack the ability to elect a president that would put an end to this which as we know they lack the maturity to do. 4. also, 9/11 was an inside job.9/11 was an inside job,kid mercury

    1. LE

      I figured you must have been getting makeup in the green room waiting for your chance to go on camera with your thoughts on this one. (How was the coffee and danish?)”the only sustainable solution is civil disobedience driven by localized revolutions”Why don’t you organize one then?

      1. kidmercury

        i’ve been working on it for the past six years.

        1. Richard

          Who exactly is “inside”?

          1. kidmercury

            i’m not sure what you mean?

          2. Richard

            Who knew what? And when did they know it?

    2. Guest

      Oh, Kid your enthusiasm warms this big ol’ heart of mine!What is really interesting is that political debate in the U.S. has shifted, slowly but surely over that last few years from competing visions of what a government can do or should do to one of “same ol’ shit” vs. no government at all.That is not the fuel from which civil disobedience is born and from which change emerges. It is fatigue and fatigue is death.

      1. JLM

        .”no gov’t” looking better and better?.

        1. Guest

          Nope, retirement someplace outside the USA. Leaning toward the Czech Republic.If you think the US government is bad then a whole bunch of Americans with no government scares me even more!

      2. Techman

        Of course we need a government. If we had a society that ruled themselves, it would be complete ciaos in about an hour or less. I can name one situation right now there ciaos would break out.

    3. JLM

      .When the revolution comes, I am hoping for a combat command — Division or better — in the Rockies.No flatlands cause it will be too difficult to steal tanks.Hopefully around Steamboat Springs, great restaurants.Put in a good word for me with the kooks. Thanks..

      1. ShanaC

        Do you think the revolution will come?

        1. JLM

          .It has already started..

  3. Dan Cornish

    I think the fear many of us have is “we are ultimately going to get some legislation on this issue.” Better yet, I think we have enough legislation on everything. How about a two year moratorium on any new law. Our society is regulated enough. Look at any large company who overlays too much bureaucracy. Microsoft has a lost decade because of it. Half the rules from Dodd Frank have yet to be written. Imagine the freedom the private economy would get from the public economy if they would just hit the pause button. Our economy would boom and unemployment would drop.

    1. fredwilson

      I agree with you

      1. Abdallah Al-Hakim

        I agree as well. It is similar to how different online servies provide content to their privacy policy page . Some keep it simple and understandable for general public (i.e user) while still being comprehensive. Others get very legal in nature and very long.

    2. William Mougayar

      Agreed…or draft really really simple legislation- RSL.

      1. JLM

        .An inaccurate observation at best and one of the reasons that legislation is so polarizing. It is often not the law but the rules and regulations implementing the law that are the problem.In addition, it is not the “initial” rules and regulations but the subsequent ones.Case in point — the BP deepwater drilling accident (supposed to fill the Gulf with filth for 25 years and gone in less than 1-2 years really) has spawned thousands of pages of new rules and regulations with no new legislation.In the opinion of many, it was the failure to follow and subsequently enforce the existing rules and regulations which gave rise to the disaster.The drilling moratorium has every deep water drilling rig in the world out of the Gulf and they are not returning any time soon.BTW — you do realize that the BP well was arguably the biggest well in the history of oil, right?Even with the BP fouling of the nest, the safety record for deep water drilling is still quite extraordinarily safe.Case in point — the SEC missed their 5 July 2012 deadline for the implementing rules and regulations for the JOBS Act and Reg D changes. Missed it completely with no penalty and will not even begin to take it up until 22 Aug, if even then.Simple truth is that the SEC does not like the new law and is dragging its feet with no penalty or repercussions.So, some rules and regulations are welcome and some are not.Keeping score between the Dems and Reps does not really make a whole lot of sense and the Congress has absolutely nothing to do with the actual writing — other than the right but not the obligation to review them..

        1. Guest

          That is really a nice overview, except it doesn’t include the fact that the oil and gas industry spent a lot of money and time ensuring that the MMS or what is now known as the Bureau of Ocean Energy Management was incompetent and did not do their job.Sorry, the whole situation with BP and that disaster and its aftermath was totally created by the oil and gas industry and they have no one to blame but themselves. Maybe if the oil and gas industry had spent less time and money creating a revolving door of employment between their industry and government and laid off of supplying MMS staff with whores and drugs they would still be drilling in the Gulf?Penny wise and pound foolish….The reality is we now have a fifth branch of government, its called Lobbyists; they write the laws, they finance the elections of candidates who promote their agenda, and they work very closely with the bureaucracy to ensure their clients get favorable treatment in the implementation of any laws.What is really sad, is that in 1952 John Kenneth Galbraith wrote, American Capitalism: The Concept Of Countervailing Power. Its an interesting read, particularly if you think, “what if his three countervailing powers end up only being two?”

          1. JLM

            .I hate everything related to lobbying and I have done it and do it routinely — only at the State level, mind you.As to BP — a simple blowout protector, a fail safe device really failed. Nothing more.That stupid blowout protector works like it is supposed to and nobody ever knows of this issue.The issue w/ industry influence is the same as the DEA on the border. The solution is for government to grab its nuts and put good people in place and supervise them adequately.And put some oil patch guys in jail..

          2. Guest

            I have lobbied twice in my life and if there are two things I am not good at its lobbying and asking for money!I have met with bureaucrats, both federal and state, in just about every governmental department you can imagine and I would fire 90% of them. One from OSHA and another from the EPA have earned a firing and public humiliation for being so stupid. (OSHA was federal and EPA was state).Personally, I think that PEOPLE need to “grab their nuts” and do their job rather than making everything power play.I can’t defend BP, from the perspective of a business person, they looked like the Keystone Cops to me; but then again that’s my German side coming out.I would last 5 minutes in Government: I don’t do dinner, I don’t take gifts, and I don’t play golf. Business is nothing more than doing your job and doing your best.With my background in Political Science I always wanted to believe that government could make a positive difference. Now I do everything I can to avoid any and all connections I could have with government.

          3. Guest

            I have lobbied…twice, and there are two things in life I cannot do; lobby and ask for money.I can’t defend BP because from my perspective the whole gulf spill situation just looked so like the Keystone Cops to me. I have a little too much German in me to tolerate piss poor execution and bullshit.As far as government goes I have dealt with just about every governmental department you can name both on the state and federal level and honestly 90% of the ones I have dealt with should be fired. Two, one with OSHA and the other with the EPA deserve public humiliation prior to being fired; the desire to prove that you have power is such a pathetic trait in people.With a Masters Degree in Political Science I have to admit that at one time I thought that government could be an agent for positive change but now I do everything I can to ensure that I have as small of a footprint in anything that draws attention to me, my company, and my business interests. I don’t even belong to the local Chamber of Commerce.

          4. ShanaC

            Lobbyists are a pecular breed – it isn’t clear if they are the government, since sometimes they work as the bureaucracy, or the strings behind the government, since sometimes they are doing the writing and the financings. I think one thing I would like to see is a stronger firewall between career bureaucracy and lobbyists. So aides, people who work for different departments, should never see a lobbyist, and should barely know the names of lobbyists.Politicians are another story…

      2. Dan Cornish

        Laws mushroom under any party. More laws mean more power, which then requires more money to influence. Most of us are powerless in the face of the torrent of money buying influence. Hacking the government thru money will always trump good laws. Once a good law is in place, powerful interests with money and paitence will ultimately get their way. If law making were to stop then we as business people could have the stability we need to grow the economy.

        1. FAKE GRIMLOCK

          CONGRESS HAVE VERY SIMPLE CORRUPTION PROGRAM:1. BUSINESS GIVE MONEY TO ESCAPE LAWS2. CONGRESS PASS MORE LAWS3. GOTO 1ME, GRIMLOCK, SAY ONCE ENTER CONGRESS, STRIPPED OF ALL ASSETS. NO CAN EVER HAVE MONEY AGAIN. IF VOTED OUT, LIVE IN RETIREMENT HOME REST OF LIFE.OR MAYBE JUST DEATH PENALTY FOR TAKE MONEY FROM LOBBYISTS.

          1. William Mougayar

            …and that was AVC investigator @fakegrimlock reporting from the Capitol.

          2. Abdallah Al-Hakim

            #3 is key to their longevity of their strategy 🙂 What does GRIMLOCK think of ‘throw them all out’ book? http://www.amazon.com/Throw…I have not read it but my understanding is that Congress members are getting rich from insider tradings

          3. FAKE GRIMLOCK

            HAVE TO CHANGE SYSTEM, NOT PLAYERS.

          4. John Revay

            Give back all $$ paid, plus lose 100% of pension and post -retirement health coverage.

          5. ShanaC

            I still think we should go back to some form of athenian style representation – if we all had to participate we’d all take making laws and regulations much more seriously.

        2. Guest

          You had my total agreement until, “…then we as business people….”I am very old fashioned and as such I take no credit for creating jobs; If there is no demand then I don’t create jobs.I also know that every bad law benefited some business interest and thus I want to separate myself from those “business people.”Its easy to dance around the obvious by using terms such as “powerful interests” to avoid acknowledging that the biggest interest in this country, bigger than any other interest is our fellow “business people.”In 30 years of being in business I have never met a union or a competitor that I feared as much as I fear Wall Street and Crony Capitalism of the big multi nationals.So now I find myself fearing my fellow “business people” more than anything else.

  4. William Mougayar

    I do hope that online advocacy via discussions and forums like this one and others have increasing effects on real legislation. At the very least, these conversations should inform legislation before it is drafted, not after the fact when we seem to be going uphill to reverse a trending situation.According to the Wikipedia page, the list of organizations that are opposing this bill is impressive, but I’m surprised there are so many organizations that are supporting it, adding to the fact that Google hasn’t even taken a position on it yet.”CISPA is supported by several trade groups containing more than eight hundred private companies, including the Business Software Alliance, CTIA – The Wireless Association, Information Technology Industry Council, Internet Security Alliance, National Cable & Telecommunications Association, National Defense Industrial Association, TechAmerica and United States Chamber of Commerce, in addition to individual major telecommunications and information technology companies like AT&T, Facebook, IBM, Intel, Oracle Corporation, Symantec, and Verizon.”It seems these organizations have already made-up their minds and they are part of the uphill, despite the fact that we have heard the alarm bell on this 2-3 months ago.

      1. William Mougayar

        Thanks….but it’s from April 2012. As I said, this thing started 3 months ago. What happened in-between April and July seemed to have happened behind closed doors and in lobbies, and less online.

  5. LE

    “I have yet to hear a compelling reason why we need Cybersecurity legislation and am of the opinion that the perfect answer here is no legislation.”While it may be entirely possible that striking the proper balance in the legislation will be extremely difficult I don’t think it is something that we shouldn’t try to do or that we don’t need.As someone who deals with security issues and actually spends quite a bit of time (and money) on security, I think it is absolutely necessary and I am one of the people that ends up having to clean up the mess if the proper protections aren’t in place. While I would imagine some readers of AVC are in the same place, I don’t feel the majority really understand the threats that are out there. Related, there are stories on a regular basis of companies of all sizes being hacked and losing credit card data and password files. Vulnerabilities are being probed by different levels of threats all the time (script kiddies to the pros..)(I assume) You want a strong NYPD to prevent crime in your own city (ironic that Bloomberg now saying no more needed on that). But that is because it’s in your face and it’s something that you can see and feel that you have a personal connection to. I’m sure you would want everything possible to prevent anything happening to your children at school, anyone would.Cyber security otoh is viewed as someone elses problem to deal with. It’s not in your face like your own personal security is.So of course you want the maximum freedom and privacy. But yet many people who want the maximum privacy are out there in public with all sorts of private information that could put them in harms way at some point.

    1. LE

      “I don’t think it is something that we shouldn’t try”Inspired in part by what @fakegrimlock said the other day in response to something I said:””MAY FAIL” NEVER GOOD REASON FOR “DON’T TRY”.(Note by the way how well the gawk.it worked to bring this up with my fuzzy search.)

        1. LE

          Attached.The search I did was for “fake grimlock not try”. The point being I didn’t remember exactly what he said just roughly.Attached, engagio doesn’t bring up any results. (As an aside the “we can’t find any comments” box isn’t being sized properly it needs to be smaller and/or resize properly. The box requires 1080 pixels (roughly) in order for the box not to be cutoff if your browser window is smaller than that. I’m on a 30″ monitor and even I don’t keep a browser window that large normally.Also even a search for “Fake Grimlock don’t try” didn’t bring up the correct results either.

          1. William Mougayar

            Good feedback. That’s why we haven’t launched it yet. We’re experimenting with it internal, but I leaked out the url just to tease it a bit. I can see the no comments found message right under the input box using Chrome and an 11 in screen. That might be a browser compatibility issue. Which browser are you using?

          2. LE

            I’m using Firefox 14.0.1 on Mac. I also tried with Safari 5.06 on Mac.Look also at the attached grab when you do get results as well. The “Who’s in the conversation about ‘a'” box isn’t sized properly either. The min size you need to display properly is approx. 1297 pixels across in, for example, Safari..

          3. William Mougayar

            Got it. This is being re-designed as we speak. Thanks!

          4. ShanaC

            it is way too busy for a search. I feel like I am not sure where the answer is.

      1. falicon

        My name is Kevin Marshall and I officially endorse this comment. :-)Seriously though…very cool…thanks!

        1. ShanaC

          kevin marshall for startup president?

          1. falicon

            If elected, I promise to institute recess and napping as mandatory for all startups! 🙂

      2. FAKE GRIMLOCK

        BE SECURE WITHOUT CRUSH RIGHTS POSSIBLE.JUST HARDER.AND NECESSARY.

        1. LE

          Serious question here.You’re in DC (I’ve heard). Have you ever attempted to meet with anyone on the hill to get your point of view across? Would you be interested in doing that?

          1. FAKE GRIMLOCK

            MAYBE?IT NOT THING CONSIDERED BEFORE.IF NON-STUPID CONGRESS HUMAN WANT TO LISTEN, ME TALK TO THEM.AND PROBABLY NOT EAT THEM.

          2. Guest

            …Oh, go ahead and eat them, you would make the world a better place….

          3. JLM

            .Congress, Congress, Congress.

          4. ShanaC

            Why only probably, I say you should eat them for not doing their jobs!

      3. BillMcNeely

        5 years ago I worked with David Keyes in Saudi Arabia on their Cybersecurity challenges. Mr. Keyes was a former Senior Execitive in the FBI and on President Clinton’s Blue Ribbon Committee on the subject. here is a link:http://www.nolanmar.com/det

    2. fredwilson

      The NYC Police overstep their bounds all the time. They can’t have overarching powers either

      1. LE

        “NYC Police overstep their bounds all the time”Unfortunately that might be necessary in order to maintain control.Take a look at the picture in this story. The girl. The look. The pants.http://www.nypost.com/p/new…You can of course move to a city which is much safer where police don’t have to overstep their bounds and where the social welfare system didn’t create the part of NY that doesn’t make the national news.

        1. fredwilson

          I use that subway station all the time

    3. ShanaC

      How strong is too strong? As NY’er I disagree with the Rockefeller statues for example, and I find stop and frisk has gotten out of control. There are digital equivalents to the same being written into these bills. At what point is security a deterrent to liberty? Where is the line of secure enough?

      1. LE

        “I find stop and frisk has gotten out of control.”If you were the victim of crime you might not think that way.”At what point is security a deterrent to liberty? Where is the line of secure enough?”Certainly it deserves discussion. I would of course err on the side of caution. The problem is the government is faced with the same problem that an employee of a company is faced with. You will be second guessed if the wrong thing happens (9/11) because the public doesn’t have the intelligence to see the entire picture and agree with what needs to be done.And if you do the right thing nobody ever knows what might have happened so they just complain that it’s to much. In the end you have to do what you think is best to protect what you are trying to protect.

  6. invisible_man

    I agree PIPA/SOPA type legislation is coming to the free world. The vast majority of those inside the Washington beltway thirst for more power. As incumbents – the MSM will rubber stamp censorship legislation with their tacit approval. Where is this garbage legislation coming from? Who are the people writing these laws? What are their names? Also, where are the insurgents!?

  7. invisible man

    I agree Sopa/PIPA is coming to the free world. The vast majority of those inside the Washington beltway thirst for more power. As Incumbents – the MSM will rubber stamp these censorship laws with their tacit approval. Where is this garbage legislation coming from? Who are the people writing these laws? What are their names? Also, where are the insurgents!?

  8. Vineeth Kariappa

    Do any these regulations effect sites hosted outside the US but have visitors from US?

    1. fredwilson

      Good question. I will find out.

  9. Tony Yi

    if you’re not a fan of the warrantless wiretapping under Bush….a similar model online adding all the additional data available online is not going to be your cup of tea. i am a supporter of privacy and small government. we need to prevent major shifts in these philosophies as a society when there are point events. since there is no point event driving this legislation right now, it doesn’t stand much chance. the question will be (god forbid) when we are tested….and how we allow legislators to react.

    1. JLM

      .A bit unfair really as the NSA always had the authority to intercept any communications if at least one party was OUTSIDE the US.The Patriot Act simply reiterated what was the practice. The Patriot Act focused on Al Quaeda — and why not?The NSA interecepts ALL communications whenever both parties are OUTSIDE the US. Every stinking communication, period.The only change was to now be able to intercept communications when one party was outside the US. We are talking about 99% probable mathematical keyword driven multi-screens. This is way reliable stuff.I can live with that when we are at war with terrorism internationally.Here is the bottom line — it apparently works like a freakin’ champ..

      1. John Revay

        HUMM”The NSA interecepts ALL communications whenever both parties are OUTSIDE the US. Every stinking communication, period. “So if two people are taking in London ( re: Outside US) over a land line, is the NSA interecepting that call?I like your line ” it apparently works like a freakin’ champ.”

        1. JLM

          .Ummm, hate to put too sharp a point on this but outside the US, the NSA and CIA have no laws to follow when it comes to espionage.So, yes, I suspect there is not a landline in the world they WANT to listen to that they do not.Imagine having an unlimited budget — spies, hackers, phone mechanics, satellites, microwave — and what you can learn with it.In the Internet and cell phone age, they don’t need Viagra and they are hard at it 25/8.What they do not process in real time, they have on tape FOREVER.There is a reason why we have not been attacked in the Continental US since 2001.We pushed the FEBA (forward edge of the battle area) back out across the ocean where it originally was.Thank God these guys are on our side..

          1. John Revay

            25/8 I don’t know where you come up w/ these…but they are great#366

          2. Aaron Fyke

            This may be too meaty for this blog topic (well, maybe not), but then what was the failure with 9/11? And what has changed? I find this stuff fascinating, so I’m seriously interested. Was it that no one thought the risk was credible? If now many risks are deemed credible, how are they not swamped in noise (ie, you amplify the signal – all communication monitored, you also amplify the noise – false positives thought important, but weren’t).

          3. JLM

            .In some ways, 9-11 was the Perfect Storm. They should have caught those SOBs in Florida or in another flight school. Local FBI guys had the right tip and failed to follow up on it. Good intel, bad follow up.A bunch of guys who are not making normal progress toward a private, single engine ticket are spending money on a 737 simulator? We had them and we let them slip through our fingers.Almost all of them were in the country illegally. They should have been deported.Look at the genius of the weapon that the 9-11 shitheads employed — they rode the weapon. America’s naivete gave them the weapon.Part of the problem is that we suspended disbelief because we did not pick up on the suicide component. If a guy is going to blow himself up in the process, you are extremely vulnerable until you embrace that fact. Now we get it.Now, we have an executive order which allows the CIA to kill shitheads worldwide and we have a spec ops capability that is enormous. We can find them, fix them and kill them anywhere.And, that is exactly what is happening.This is why you really don’t want to know what the “guys in the shadows” are doing. Better not knowing and not disturbing your sleep at night..

          4. JLM

            .One last note, you are thinking “passive” systems and now we have “active” systems.Someone on our team puts $1MM in a shithead’s Swiss bank account and then monitors everyone he calls to find out where the money came from.All those shitheads call their networks wondering why they did not get $1MM.Our team gathers up all the phone numbers — that NSA bunch at work here — and goes calling.We are no longer in a world in which America is waiting to be kicked in the nuts, we are doing the kicking..

          5. Aaron Fyke

            That makes more sense. Randomly (ie, “passively”) monitoring communication seems to be drinking from a firehose. Maybe the computing power is there to make it worthwhile, but it really seems like it would be full of useless information. Targeted fishing, and tracing back communication, seems like a much more efficient approach. Too bad what the public mostly sees is the TSA.

      2. ShanaC

        No, it doesn’t always work. They’ve screwed up proxy servers to hide the fact that they eavesdrop on certain kinds of communication (h.323 based ones primarily). You can see the IP addresses they use to do spying depending on your provider and technology involved.

        1. JLM

          .Darling, trust me on this, you never see anything these guys don’t want you to know. Trust me.Disinformation is more effective than secrecy..

  10. FAKE GRIMLOCK

    BEST WAY TO BE EXCLUDED FROM FUTURE IS ATTEMPT TO CONTROL IT.TOR, DARKNETS, P2P. TOOLS ALREADY AT HAND FOR DEFEAT THIS. ALL LAW WILL DO IS MAKE THEM STRONGER AND USED BY EVERYONE.

    1. fredwilson

      Yup

      1. LE

        “TOR, DARKNETS, P2P. TOOLS ALREADY AT HAND FOR DEFEAT THIS. ALL LAW WILL DO IS MAKE THEM STRONGER AND USED BY EVERYONE.””Used by Everyone”Absolutely!By everyone!Even the people who shop at Walmart!As soon as there is a web friendly interface it’s a done deal!(attached courtesy of peopleofwalmart.com)(Intended to post this below FG, not here)

    2. Abdallah Al-Hakim

      well said

    3. ShanaC

      Someone once said that because of the way electronic money works, even TOR no longer is a credible way to fight the good fight of anonymity. Many of these tools are much further above people’s head already – most people do not fully understand how a torrent works, or that a torrent can be filtered/provided lower packet speeds by your ISP. I have yet to hear of a true Darknet either.The big question I have is what about anonymous cell phone browsing. Could prepay + a mobile version of tor + bill to prepaid phones be an answer to getting around control?

    4. Techman

      That, or different forms/versions would come out of it if the law tries to ban these technologies.

  11. Barabare

    Anybody have a link to a good overview of the bill and the issues involved?

    1. fredwilson

      I will get you one

    2. Nick Grossman

      @willykaram:disqus posted some great links below. Also, here is an outline of the major changes between when this was originally introduced in February (as s2105) and now (as s3414): http://www.aclu.org/blog/na

  12. JamesHRH

    Police shows on TV make it seem as if these types of requirments are idiotic claptrap.It is, in fact, much better for all of us to have the ‘good guys’ jump through th hoops. If they don’t have to do so, when the good guys go bad, they run fast.

  13. invisible man

    Can we as an online community put together a list of names/emails where on one side of the screen are those who are for Internet regulations and on the other side of the screen/line are those who sign up as people opposed to Internet regulation? I think the visual impact of this (probably) lopsided list would be telling.

  14. T. Davis

    If I were a cyber criminal, the Franken and Wyden Amendments would be music to my ears!

    1. Techman

      Lol good one.

  15. ClhX011

    I would really like to agree withe the basic premise of the blog. It would be wonderful if every organization took appropriate steps to secure their systems. However, as with so many ideal worlds the real world has complexities and risks that impinge on what we might like or want to be. Perhaps the organizations the author deals with really don’t need much in the way of cyber security and that’s fine but that does make good public policy. The scope of the bill would not extend to non-critical sectors of the economy and in that context it would help to reduce the chance of disruption to the other sectors.As someone working on security issues in two of the critical sectors the threat is real and those organizations with solid controls in place would see little if any impact. As I read the proposed legislation, only those organizations in critical sectors of the economy that did not have credible cyber security programs and controls in place would be affected.The legislation has one major market based argument going for it – it would help to establish a baseline of expectations that would end market incentives for taking risks that extend beyond the fate of individual companies, risks that endanger not just the company taking the risk, not just that company’s customers, but America and all our fellow citizens.

  16. JLM

    .There should be an industry group which monitors, educates and disseminates this kind of info.You can bet these issues are not going away..

    1. fredwilson

      We are working on that. We call it the early warning system

  17. pointsnfigures

    nothing that evil will ever die. the money behind it (hollywood etc) is just too persuasive. the only constant is that when the feds regulate, they never under regulate. entire markets get screwed up. all you have to do is look at farming, finance, health care, insurance…….winners and losers picked by people rather than the market.

  18. christopolis

    more laws. for sure that is what we need. and more people spending more time trying to figure out what the thousands of pages means and more time speculating on potential negative consequences, and more amendments and more addendums that are unrelated to the main purpose of the bill, and then some more laws on top of those laws because we need laws that dictate what the scope of other laws are. Oh yeah we need more committees whose jobs is to think of what laws are missing because without all these laws people would be forced to be responsible for their decisions and that is unfair, obviously.

  19. ShanaC

    what should a reasonable cyberlaw look like then?

  20. Nick Grossman

    That’s a great question. Albert just posted this yesterday, which gets at part of it. http://continuations.com/po