CISPA Passed the House. “All Your Info Are Belong To Us.”

Published on April 23, 2013 By DrJBHL In Personal Computing

I’ve written before on this topic (https://forums.wincustomize.com/423486/page/1/#3140935). This is more of an update. The House of Representatives passed the bill last week, and it’s moving on to the Senate.

So what?

“CISPA would allow for voluntary information sharing between private companies and the government in the event of a cyber attack. If the government detects a cyber attack that might take down Facebook or Google, for example, they could notify those companies. At the same time, Facebook or Google could inform the feds if they notice unusual activity on their networks that might suggest a cyber attack.” - http://www.pcmag.com/article2/0,2817,2417993,00.asp

OK… ostensibly that’s a good thing. Cyber attacks are not good things right? Right. However, the EFF has argued that “CISPA would override the relevant provisions in all other laws—including privacy laws.” (https://www.eff.org/cybersecurity-bill-faq#company).

“Right now, well-established laws like the Cable Communications Policy Act, the Wiretap Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act provide judicial oversight and other privacy protections that prevent companies from unnecessarily sharing your private information, including the content of your emails.

And these laws expressly allow lawsuits against companies that go too far in divulging your private information. CISPA threatens these protections by declaring that key provisions in CISPA are effective “notwithstanding any other law,” a phrase that essentially means CISPA would override the relevant provisions in all other laws—including privacy laws. CISPA also creates a broad immunity for companies against both civil and criminal liability. CISPA provides more legal cover for companies to share large swaths of potentially personal and private information with the government…CISPA allows a company to obtain and share "cyber threat information" if it has both a "cybersecurity purpose" and believes it is protecting its rights and property.

A "cybersecurity purpose" only means that a company has to think that a user is trying to harm its network. What does that mean, exactly? The definition is broad and vague. The definition allows purposes such as guarding against “improper” information modification, ensuring “timely” access to information or “preserving authorized restrictions on access…protecting…proprietary information” (i.e. DRM).”

- https://www.eff.org/cybersecurity-bill-faq#company

Worse, under CISP there is essentially nothing you can do even if you are harmed. This is a fundamental violation of our right “to seek redress” since such a suit would be neutralized by “a belief cybers security was violated.” It doesn’t even have to be proven. This is nonsense. Also, companies don’t need to share personally identifying information to have such material removed and neutralized. Indeed, if companies need to share an email, such as a phishing email message, existing exceptions allow the recipient to divulge the information; there is no need for the blanket authority in CISPA.

More, your info once in the hands of DHS can be distributed to any agency it wants, and

“Even though the information was passed along to the government for only “cybersecurity purposes”—the government can use your personal information for cybersecurity, investigating any cybersecurity crime or criminal exploitation of minor, protecting individuals from death or serious physical injury, or protecting the national security of the United States. Under the National Security Act, which CISPA amends, national security interests can include:

(i) threats to the United States, its people, property, or interests;

(ii) the development, proliferation, or use of weapons of mass destruction; or

(iii) any other matter bearing on United States national or homeland security.”

- https://www.eff.org/cybersecurity-bill-faq#company

Who’s supporting it? The list is here: https://intelligence.house.gov/hr-624-letters-support

Google, face book and others who supported prior versions haven’t expressed support for the current version.

You can read more about CISPA here: https://www.eff.org/cybersecurity-bill-faq#company

There are some useful links in the article.

Comments (Page 2)

SpardaSon21

on Apr 23, 2013

I can't speak for any other Stardock forums, but the one I'm on gives zero indication you're a moderator. That needs fixing.

DrJBHL

on Apr 23, 2013

SpardaSon21

reply 16

I can't speak for any other Stardock forums, but the one I'm on gives zero indication you're a moderator. That needs fixing.

SpartaSon21, it doesn't show on SOSE Forum because I'm a WinCustomize Moderator...and not one on any other Forum. All Moderators are site specific as far as I know, and it's always been that way.

Mystikmind

on Apr 23, 2013

Nah, governments would never abuse any new laws given them, authorities would never stretch the limits of new laws beyond what was originally intended, it never happens, oh and while I'm at it, the world is flat, Madonna is a virgin and standing in an active exposed nuclear reactor is perfectly safe, and gives you a good tan!

NB: i cannot quite shake the feeling the last three things mentioned above aren't nearly sarcastic enough!!!!!!!!!!

DaveRI

on Apr 23, 2013

Besides the privacy issues, it seems to me like dumping your data out during or as a result of a cyber-attack would not be a smart thing to do. I'd hope the attackers wouldn't already be sitting out there waiting on the stream. I have no idea how difficult it would be but they are a lot smarter than I am and I'd bet they're already working on the details. Why hack when you can just rattle the cage and wait with a bucket.

Maybe companies already use the policy somehow internally, I really don't know. My instinct would be "lock-down", not "broadcast" though.

tazgecko

on Apr 24, 2013

An attempt to ban US bosses from asking employees to hand over their Facebook login details has been blocked by Congress.

http://www.dailymail.co.uk/news/article-2313367/CISPA-Amendment-US-cyber-attack-law-banning-employers-asking-Facebook-passwords-blocked.html

Last year US companies were taking the Australian Government to the international trade court, complaining the Government would not allow data to be stored onto US servers due to the risk of security ... by the looks on how things are going, I would say it was well founded

DrJBHL

on Apr 24, 2013

Indeed, taz.

Jafo

on Apr 24, 2013

Seleuceia

reply 13

You don't need a culture of fear when the average citizen doesn't even know what legislation is in the works...

Too many words there, old son....

More correctly...

You don't need a culture of fear when the average citizen doesn't even know what legislation is.

Spell checker ....

Alstein

on Apr 24, 2013

I absolutely agree that we need to take our freedoms back. I do think it will happen, we are changing as a culture, and the younger folks are angry over their lack of opportunities- real change is coming.

You can't just blame Republicans for CISPA this time, many Dems voted for it as well. This is one time where I don't blame the Tea Party and the megacorps for what is wrong with America.

Dr Guy

on Apr 24, 2013

Daiwa

reply 7

Back to the future - 1984.

Or terminator and skynet.

jackswift85

on Apr 24, 2013

Dr Guy

reply 24

Quoting Daiwa, reply 7
Back to the future - 1984.

Or terminator and skynet.

I think if Skynet went active today, the line of reasoning would be, "These humans are no threat to my existence, they couldn't even legislate how to properly take a dump without arguing with each other endlessly."

Dr Guy

on Apr 24, 2013

jackswift85

reply 25

My response was semi-sarcastic. Yours is funny! Sadly too true as well.

G_Bison

on Apr 25, 2013

CISPA suffers setback in Senate amid privacy concerns

According to the chairman of a key Senate committee, the cybersecurity bill passed by the House is "important" but its privacy protections are "insufficient."

by Zack Whittaker

April 25, 2013 12:04 PM PDT

(Credit: Shara Tibken/CNET)

The Senate will almost certainly kill a controversial cybersecurity bill, recently passed by the House, according to a U.S. Senate Committee representative.

Sen. Jay Rockefeller (D-NY), the chairman of the U.S. Senate Committee on Commerce, Science and Transportation, said the upper house will not take up the bill," he told U.S. News on Thursday.

It comes a week after Sen. Rockefeller tweeted on the day of CISPA's passing in the House: "CISPA is important first step, but Senate is committed to action on all solutions to strengthen cybersecurity. We have work to do."

He confirmed to the political publication today that staff and senators are "drafting separate bills."

The Cyber Information Sharing and Protection Act, commonly known as CISPA, permits private sector companies -- including technology firms, such as Facebook, Twitter, Google and Microsoft, among others -- to pass "cyber threat" data, including personal user data, to the U.S. government. Civil liberties groups have called it a "privacy killer," and "dangerously vague," and warned that it may be in breach of the Fourth Amendment.

Developing, more soon.

DrJBHL

on Apr 25, 2013

Either the Senate will kill it or it'll be vetoed.

Seleuceia

on Apr 25, 2013

DrJBHL

reply 28

it'll be vetoed.

Are you sure about that? I've been under the impression that the Obama administration is pushing for CISPA's passage....

DrJBHL

on Apr 25, 2013

Nope... they'll veto. Check the sources in the OP.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!