The cybersecurity bill making its way through the Senate right now is so broad that it could allow ISPs to classify Netflix as a "cyber threat," which would allow them to throttle the streaming service's delivery to customers.
It would be a backdoor way for ISPs to undermine net neutrality, and it's one of the reasons why the Cybersecurity Information Protection Act of 2014—modeled on the CISPA bill that the internet has rallied against twice already—is so terrible for consumers (the other is the unfettered ferry of information between companies and the federal government, but that's another story).
Given how ISPs have fought to destroy the open internet, they'd likely jump at the chance to sidestep existing net neutrality rules without the Federal Communications Commission needing to do much of anything at all. The bill, as it's written, allows companies to employ "countermeasures" against "cybersecurity threats," but both terms are extremely broadly defined, and video streaming could easily fall within the purview of the latter.
"A 'threat,' according to the bill, is anything that makes information unavailable or less available. So, high-bandwidth uses of some types of information make other types of information that go along the same pipe less available," Greg Nojeim, a lawyer with the Center for Democracy and Technology, told me. "A company could, as a cybersecurity countermeasure, slow down Netflix in order to make other data going across its pipes more available to users."
That's a quick and easy way of setting up a two-tiered internet, with built-in Congressional approval, no FCC rules required. Nojeim was one of the authors of a strongly-worded statement of opposition sent to Dianne Feinstein, the bill's sponsor. In the letter, the CDT, Electronic Frontier Foundation, American Civil Liberties Union, and more than a dozen other civil liberties groups said that the bill "arbitrarily harms average internet users."
"Net neutrality is a complex topic and policy on this matter should not be set by cybersecurity legislation," they wrote.
The group notes that previous cybersecurity legislation considered by the Senate (pre-CISPA—the Senate didn't take up that bill last year, letting it die instead) specifically included net neutrality protections. This one doesn't.
"I think they know it's a problem," Nojeim said.
Nojeim says the general uproar surrounding the bill could have led to the postponement of its markup—it was originally set to be discussed by Feinstein's Intelligence Committee last week, but was pushed back. No word on when it'll be taken up by the committee, but considering that the bill has been in the works behind closed doors for several months now, don't expect it to die without first getting some very serious consideration on Capitol Hill.