from the nice-one,-guys dept
Nearly 200 senior IBM executives are flying into Washington to press for the passage of a controversial cybersecurity bill that will come up for a vote in the House this week.What they still can't explain is what laws currently get in the way of this information sharing? We've been asking for years and no one has answered. Everyone agrees that information sharing around an attack can be useful in stopping it, but no one has explained why that information sharing (a) requires a new law or (b) can't be done without wiping out all basic privacy protections for personal info currently provided under existing law.
The IBM executives will pound the pavement on Capitol Hill Monday and Tuesday, holding nearly 300 meetings with lawmakers and staff. Over the course of those two days, their mission is to convince lawmakers to back a bill that’s intended to make it easier for industry and government to share information about cyber threats with each other in real time.
Even more ridiculous is that IBM flat out admits that they want to be able to send your info to the NSA. We've pointed out for a while that one of the major concerns with CISPA is that the NSA -- a military agency -- would get access to your info, despite the general prohibition on spying on Americans. Of course, the NSA has twisted that mandate ridiculously, such that it believes it can now spy on anything so long as they claim it may help them in finding a foreign threat. Technically, the law is about the "target" of the information, and the NSA (and potentially the secret ruling from the FISA Court) has interpreted this to mean that as long as the target of the investigation is as foreign threat, then the NSA can snoop through anything in pursuit of that target.
Of course, most folks have been trying to play down the fact that the NSA would get the info. But not IBM. Nope, they're thrilled to send your private info right to the NSA:
[IBM VP of government affairs Chris] Padilla, however, says companies need to be able to share threat data directly with the NSA “because that’s where the expertise is.”While the NSA does have some knowledge on cybersecurity, it's an exaggeration to suggest that they have "the expertise" on the subject. It also does nothing to explain why your private info should be included.
“It really is a simple matter. The expertise in the U.S. government on cybersecurity largely rests in one place, and that's the National Security Agency,” he said. “They tend to know the most, the soonest about cyber threats and I think, frankly, there is a certain amount of feeling in the business community that you should be able to work directly and share information directly with the agency that has the most expertise.”