It’s been a bad week for anyone who pays attention to security.

Remember CISPA, the bill that would have allowed companies to share pretty much any customer information with the government and each other in the name of “cybersecurity”? CISPA passed in the House, but never made it out of the Senate. Of course, no bad bill ever really dies, and this year’s zombie version zipped through the House with little opposition. In late October, the Senate passed their own version, known as CISA (Cybersecurity Information Sharing Act).

Late last week, Infoworld reported that assorted Congress critters have been meeting to reconcile the House’s CISPA and the Senate’s CISA, and potentially merge them with two other related bills, PCNA (Protecting Cyber Networks Act) and NCPAA (National Cybersecurity Protection Advancement Act).

Is anyone surprised that the changes being discussed relate to removing what few privacy protection measures the bills included? Or that the combined bill would potentially make the NSA–yes, the same NSA whose charter is to spy on potential threats outside the United States–into the lead agency to manage the sharing of information?

Well, this week it got even better. “Better” for anyone who wants to give the NSA more authority to monitor Americans inside the U.S., that is. Worse for anyone who honestly believes they have a right to privacy. The new and “improved” version of CISA, stripped of those weak privacy protections, was–according to Engadget–included in the budget bill introduced Tuesday.

Yes, the budget bill that has to be passed in order to avoid another government shutdown like the one we had in October of 2013. The one that must be passed so quickly nobody’s going to have time to read all 2,000 pages, much less understand their implications.

Joy.

Meanwhile, the Federal Aviation Administration has released its regulations regarding drone registrations. All drones, even those purchased before the rules go into effect on Monday, must be registered. Failure to do so leaves the owner liable for civil fines of $27,500 and criminal penalties as high as $250,000.
Registering a drone will cost you. There’s a charge of $5, and you’ll need to re-register every three years. And yes, the FAA will be taking your credit card information in order to charge you. So, not only will they have your name, address, and other personal information, they’ll have your card information. Shall we start a pool on how long it’ll take for someone to hack the database and start selling the information?

For the record, a “drone” is defined as an unmanned aircraft weighing more than 0.55 pounds but less than 55 pounds, controlled remotely (which exempts paper airplanes* and Frisbees), and operated outdoors. So, if you’re planning to smuggle a remote-controlled airplane into the next basketball game you attend, you don’t need to register it, but you will if you’re going to a football game (no roof on most football stadiums, so they’d be “outdoors” by definition).

* The PowerUp gadget that lets you remote-control a paper airplane with your smartphone is, fortunately, well under the 250 gram lower weight limit. A typical paper airplane with a PowerUp attached will weigh less than 15 grams.

And then there’s the latest example of what security guru Bruce Schneier calls “CYA security”: doing something in the face of a threat so nobody can accuse you of taking any risks.

Tuesday, every school–more than 900–in Los Angeles was closed. Why? Because of a bomb threat. According to an anonymous e-mail, a coordinated attack would be made against every school in the city with bombs, assault rifles, and nerve gas.

Never mind the fact that such an attack would take far more than the thirty-two people the message claimed would be involved. Forget that the letter failed to capitalize “Allah”–a mistake no Islamic extremist would ever make. Disregard the recent episodes of the TV show Homeland which involved an extremely similar threat.

Far better to cancel school for 600,000 students and spend thousands of dollars searching every single school for explosive devices than to allow any perception that the school district is taking chances with the lives of children. Remember, there are elections coming up. (There are always elections coming up.)

At least administrators in New York, who received an identical e-mail, recognized it as a hoax. Maybe the LA school district was swayed by their proximity to Hollywood, where any threat is a credible one.