Some unsettling new legislation has been quietly advancing in Congress. Called the Cybersecurity and Vulnerability Identification and Notification Act of 2020, the bill passed out of the House Committee on Homeland Security yesterday and will now go to the full House for a vote.
The legislation—like its companion in the Senate—gives the Department of Homeland Security (DHS) more power to subpoena information from internet and telecommunications companies, including subscriber names, addresses, and telephone numbers.
Rep. James Langevin (D–R.I.), one of the bill’s sponsors, describes it as giving the new Cybersecurity and Infrastructure Security Agency (CISA)—created by President Donald Trump in 2018—”the ability to say something when they see something.”
That’s the first sign that something might be off, since “see something, say something” is more or less the motto for DHS-enabled snooping and security theater.
A press release from Langevin’s office insists that subpoenaed data will “only to be used for notification about a risk, not for surveillance or investigation purposes.” Why do I not feel reassured?
The legislation grants that “the director of Homeland Security may issue a subpoena for the production of information necessary to identify” suspected security vulnerabilities in an “information system connected to the internet,” so long as DHS says the potential risk is connected “to critical infrastructure.”
Compelling private information when it involves risks to “critical infrastructure” might sound smart. But it’s important to keep in mind that it doesn’t take much for CISA to deem something critical infrastructure. The agency’s 16 sectors of critical infrastructure extend to such places as casinos, hotels, motels, campgrounds, zoos, shopping malls, self-storage facilities, condominiums, banks, insurance companies, and motion picture studios.
Also relevant: just how loose Homeland Security’s definition of “risk” is. This month, for instance, the agency has been warning about the purportedly high risk of sex traffickers at the Super Bowl—an urban legend that has been thoroughly, repeatedly debunked.
Langevin claims that in the past, potential risks have been identified but “CISA has not been able to identify the owner of a vulnerable system and warn them of their exposure.” The new policy would force “telecommunications companies that may have relevant subscriber information that could make it easier to identify the subscriber assigned an IP address” to share that information with Homeland Security.
That sounds like a good way for DHS to demand identifying information on any systems, services, or subscribers it wants.
The bill was sponsored by Reps. Langevin, Sheila Jackson Lee (D–Texas), Cedric Richmond (D–La.), Bennie Thompson (D–Miss.), John Katko (R–N.Y.), and John Ratcliffe (R–Texas). Its companion bill in the Senate was introduced in December by Homeland Security Committee Chair Ron Johnson (R–Wisc.) and Sen. Maggie Hassan (D–N.H.).
Thompson has said the bill will likely be part of a bigger package of “DHS authorization legislation.”
FREE MARKETS
Another California city is effectively decriminalizing hallucinogenic mushrooms. A new ordinance adopted this week in Santa Cruz says “the investigation and arrest of individuals involved with the adult possession, use, or cultivation of psychoactive plants and fungi listed on the Federal Schedule 1 list for personal adult use and clinical research be among the lowest priorities for the city of Santa Cruz.”
Meanwhile, the feds are still going after marijuana sellers in states where the drug is legal. Michigan resident Danny Trevino was just sentenced to more than 15 years in federal prison for running medical marijuana dispensaries in a state that allows medical marijuana. “He was not allowed to use the state’s medical-marijuana law as a defense to the federal charges,” MLive.com reports.
FREE MINDS
David French on “the growing threat to free speech online”: attempts to overhaul or abolish Section 230. “Hostility against Big Tech may cause our nation to blunder into changing the nature of the internet to enhance the power of the elite at the expense of ordinary Americans,” French writes at Time.
One frightening development on this front has been Attorney General Bill Barr jumping on the anti–Section 230 bandwagon. Section 230 doesn’t apply to federal criminal investigations of the sort Barr is supposed to be worrying over.
For a 101 on Section 230 and its foes, see this ReasonTV video:
[youtube https://www.youtube.com/watch?v=kfOxa7ATkPg?feature=oembed&w=500&h=281]
QUICK HITS
- Good news: U.S. life expectancy is on the upswing again, according to the latest report from the Centers for Disease Control and Prevention.
- Clearview has been marketing its facial recognition technology to law enforcement, promising to find matches in 75 percent of all searches. “That doesn’t actually mean it finds the right person 75% of the time,” notes Tim Cushing. “It only means the software finds someone that matches submitted photos three-quarters of the time.” Meanwhile, BuzzFeed finds that Clearview has been lying about the police agencies it has worked with.
- Elizabeth Warren wants “criminal penalties for spreading disinformation online,” CNBC tweeted yesterday. Read Scott Shackford here for what Warren actually proposed.
Founded in 1968, Reason is the magazine of free minds and free markets. We produce hard-hitting independent journalism on civil liberties, politics, technology, culture, policy, and commerce. Reason exists outside of the left/right echo chamber. Our goal is to deliver fresh, unbiased information and insights to our readers, viewers, and listeners every day. Visit https://reason.com