CISPA Is A Really Bad Bill, And Here's Why

from the time-to-speak-up dept

Update: There is now a new draft of CISPA that has rendered some (though unfortunately not all) of this analysis obsolete.

The forces behind HR 3523, the dangerous Cyber Intelligence Sharing and Protection Act which is going to move forward in Congress at the end of the month, are beginning to get cagey about the growing backlash from the internet community. In an attempt to address some of the key concerns, the bill’s authors, representatives Mike Rogers and Dutch Ruppersberger, hosted a conference call specifically geared at digital reporters. The invitation was for “Cyber Media and Cyber Bloggers” (seriously) and took place at 7am Silicon Valley time—thus demonstrating that they are totally in touch with the tech community. During the call, the representatives were intent on hammering certain points home: that the bill respects privacy and civil liberties, is not about surveillance, is targeted at actions by foreign states, and is nothing like SOPA.

Unfortunately, none of that is really true. The text of the bill, even with the two key amendments made since (all pdf links and embedded below), is still full of extremely broad definitions which fail to create the safeguards that the representatives insist are present, and which leave room for dangerous unintended consequences.

CISPA at a Glance
In broad terms, CISPA is about information sharing. It creates broad legal exemptions that allow the government to share “cyber threat intelligence” with private companies, and companies to share “cyber threat information” with the government, for the purposes of enhancing cybersecurity. The problems arise from the definitions of these terms, especially when it comes to companies sharing data with the feds.

Is CISPA the new SOPA?
This is the notion that the reps behind the bill are most desperate to kill. Their primary response is that CISPA has nothing to do with seizing domains or censoring websites, but that’s only true on the surface. The bill defines “cybersecurity systems” and “cyber threat information” as anything to do with protecting a network from:

‘(A) efforts to degrade, disrupt, or destroy such system or network; or

‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

It’s easy to see how that definition could be interpreted to include things that go way beyond network security—specifically, copyright policing systems at virtually any point along a network could easily qualify. And since one of the recipients of the shared information would be Homeland Security—the department that includes ICE and its ongoing domain seizures—CISPA creates the very real possibility for this information to be used as part of a SOPA-like crusade to lock down the internet. So while the bill itself has nothing to do with domain seizures, it gives the people behind such seizures a potentially powerful new weapon.

The reps insist that when they refer to intellectual property, they are not thinking about media piracy or even counterfeiting, but about foreign-based attacks on domestic companies to steal their research and development (they tout examples like the plans for jet fighters). Unfortunately, the bill’s definitions create no such restriction, leaving the door wide open for more creative interpretations.

How can the government use the information?
The original text of the bill was really bad, simply saying the government cannot use the information for “regulatory purposes.” This was amended to be more restrictive, but not by much: now, the same broad “cybersecurity” definition applies to what they can use the data for, and as if that wasn’t enough, they can also use it for “the protection of the national security of the United States.” I don’t need to tell you that the government is not exactly famous for narrowly interpreting “national security.”

So is CISPA a surveillance bill?
The bill specifically prohibits the government from requiring anyone to hand over information, or offering any sort of “quid pro quo” data sharing arrangement. Sharing information is voluntary, and as far as the bill’s supporters are concerned, that should end the debate. Of course, as we’ve seen with things like the warrantless wiretapping scandal, complicity between companies and the government, even when legally questionable, is common and widespread. But even if the safeguards work, CISPA will undoubtedly allow for invasions of privacy that amount to surveillance.

Firstly, while the reps insist that the bill only applies to companies and not individuals, that’s very disingenuous. CISPA states that the entity providing the information cannot be an individual or be working for an individual, but the data they share (traffic, user activity, etc.) will absolutely include information about individuals. There is no incentive in the bill to anonymize this data—there is only a clause permitting anonymization, which is meaningless since the choice of what data to share is already voluntary. Note that any existing legal protections of user privacy will not apply: the bill clearly states that the information may be shared “notwithstanding any other provision of law”.

So we’ve got the government collecting this data, potentially full of identifying information of users in the U.S. and elsewhere, and they are free to use it for any of those broadly defined cybersecurity or national security purposes. But, it gets worse: the government is also allowed to affirmatively search the information for those same reasons—meaning they are by no means limited to examining the data in relation to a specific threat. If, for example, a company were to provide logs of a major attack on their network, the government could then search that information for pretty much anything else they want.

Can CISPA be fixed?
Most of the new provisions currently being considered for CISPA have to do with adding oversight and liability to prevent the government from violating any of the terms—but that doesn’t address the problems in the bill at all, since the terms are already so broad. CISPA would require significant new restrictions to come anywhere close to being a good bill—a fact that points to Congress’ inability to effectively design internet regulation. Moreover, there isn’t even clear evidence that new cybersecurity laws are necessary. This is a bill that needs to die.

The EFF has a tool to help you contact your representative about CISPA and the broader issue of cybersecurity legislation. The bill is going to the House the week of April 23rd, so now is the time to get involved. As with SOPA, this is not an issue that solely effects Americans: the data may come from U.S. companies, but it will involve people from all over the world—and, indeed, foreign entities are one of the bill’s prime targets. It’s once again time for the internet to speak up and send a clear message to Congress: don’t mess with something you don’t understand.






Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “CISPA Is A Really Bad Bill, And Here's Why”

Subscribe: RSS Leave a comment
109 Comments
:Lobo Santo (profile) says:

Re: .. .. .

Hello Coward!

On the spot with that vitriol, I see.

Very good, have a cookie.

Have you thought about getting yourself a name? I’m thinking: On-the-spot-troll (or something to that effect).

It’s nice to see how much you’re enjoying our Techdirt community, and you apparently have a fervent desire to be a contributing member, what with your witty criticisms offered up in such a timely manner…

Anyhow, hope you’re having a good day.

weneedhelp (profile) says:

Re: Re: Re:2 .. .. .

Um, the only one that looks like an ass… is.. well you. Now believe me, when Marcus messes up I will be right there with you to chastise him. (Hugs and kisses M) But it is really getting boring watching stupid insult after stupid insult. At least be creative.

Try this. How about actually countering his points with points of your own?

Now go get a cookie from Lobo. I hear he has Oreo’s and chocolate chips, pour yourself a glass of milk, and try to do better next time. K? OK.

rubberpants says:

Re: Re: Re:2 .. .. .

Seconded.

Hey AC, when is your blog going live?

What will it be: a gritty, dirty look at the dealings of K Street, a sad, pathetic view of an artist who’s glory days are long gone, or a peek into the sleaze and sychophancy of a content industry middle-manager? (Did I just invent a word?)

Either way, I plan on insulting you personally when I don’t have a counter to your arguments, once I find out who you are and get a look at your picture.

Anonymous Coward says:

Re: Re: Re:3 .. .. .

His blog is live…..it’s called the crap which comes out of congress. It’s his companies that are spewing that crap, Human Centipede-style, through themselves, then our gov’t, and finally, out to the public, telling us that this output is good for us and we should eat it up.

Anonymous Coward says:

Re: Re: Re:2 .. .. .

“I would love to read your blog re: how the sky is not falling on internet and personal freedoms but is surely falling on the content industries.”

Oh, but I do think the sky is falling on “internet freedoms”, because they are the ones that ignore the law, ignore personal responsiblity, and ignore the rights of others. Those things are all certainly going to have the sky fall on them.

The “pro internet” types (hi Marcus) would like to have the internet ruled by the lowest, least restictive law sets on the planet. That is to say, if the copyright laws are slack in Spain, he wants the whole world to have to work with Spain’s laws. He doesn’t give a crap about the rights of people in different countries to have different laws and views. He wants the internet to force the citizen of sovereign nations to suffer under the law making of the weakest countries.

Normally we try to get rid of the weakest link – Marcus wants us to live by the rule of the weakest link.

So yeah, the sky is falling on internet freedom because it’s really just anarchy, and that cannot be tolerated in our society.

rubberpants says:

Re: Re:

Thank you for showing up and commenting on every article immediately with insults and attempts to down-play and discourage both writers and readers.

It’s a testament to how important these issues are and how much some powerful people don’t want them discussed or disseminated.

If all was as you say it is, you wouldn’t even be here. You’d have better things to do.

So, thank you. I mean that.

[citation needed or GTFO] says:

Re: What's REALLY going on in AC's head:

“Ooh, Marcus! I’m so jealous of your passionate relationship with Mike! I don’t care what anyone says! I’ll stalk you and insult your articles to cover this burning lust I have for you in my loins! Please respond to me! Your replies are like the nectar of the gods! Yes! Your personal attention to me satisfies my yearning for your words! Take me, Marcus! Penetrate my cravings with your dirty, forbidden talk of piracy and freetards!”

Also, “FIRST!”

Anonymous Coward says:

if this and other Bills are only meant to/going to implement and allow certain things to happen or prevent certain things from happening, why not write Bills that are specific, that are clear and unable to be interpreted in any unintended way at all? the answer is easy. when done like they are, any and every interpretation is not only possible but will be used in any way that the particular law enforcement at the time wants! that means more than ever that the people can be screwed over as much and as often as possible and to as hard a degree as possible!

Anonymous Coward says:

Just read through it, and...

I was wondering if my interpretation of the bill was somewhat appropriate. Reading through the text, it seems like the premise is to contract out cyber-security to private firms.

While the Government does have a tendency to contract things off to private companies, is that their intent here, or is it blatantly different from other bills/laws?

Anonymous Coward says:

"Cyber Bloggers"? What the heck?

I just can’t wrap my head around the mindset of these guys. They never do any research on the subjects their laws cover, and yet they still believe they can pass themselves off as well-informed. They should’ve been asking questions during that conference call, not giving answers.

Silver Fang (profile) says:

Legislators are old and out of touch

I think the problem with our legislator and the Net is they are old! Most of them are over 50 and grew up with black and white TVs with dials, rotary phones and old stuff like that. To them, the concept of a digital world is foreign. Thus, they tack the prefix cyber- onto anything referring to the Net in order to attempt to sound like they understand and only make themselves look more foolish in so doing.

Because of this, I propose that no one over 50 be allowed to propose any laws for the Net. If you don’t know how it works, you’ve no business trying to regulate it.

Since I know that won’t happen, I think all Net users need to declare the Internet a sovereign nation, entity, etc., which circumvents the globe, bypasses all borders and unites all peoples in a way unprecedented in history and thus cannot be bound by any terrestrial laws.

I know that won’t happen either…

Anonymous Coward says:

What is with your boy Darryl Issa, patron saint of the anti-SOPA movement? He’s a co-sponsor, so how can this bill possibly be as bad and SOPA-like (as EFF and others claim) if he’s a sponsor?

Seems to me a knowledgable guy like Issa sees it for what it is and hasn’t succumbed to the whole Chicken Little narrative.

John Fenderson (profile) says:

Re: No patron saints

Patron saint? Hardly.

Here’s the thing — an awful lot of us actually form our own opinions by reading and thinking about the issue at hand. I’ve never adopted (or rejected) an opinion based on whether or not someone else has. It doesn’t matter who that someone else is.

“Issa thinks it’s OK, so it’s OK” is a logical fallacy, not an argument.

Anonymous Coward says:

Re: Re: No patron saints

Here’s the thing — an awful lot of us actually form our own opinions by reading and thinking about the issue at hand. I’ve never adopted (or rejected) an opinion based on whether or not someone else has. It doesn’t matter who that someone else is.

Please, you’re one of Masnick most vocal parrots and loyal sycophants. This entire board is an echo chamber save the handful of AC’s who chime in from time-to-time. No, you’re a charter member of Masnick’s goofy personality cult and strictly adhere to the bylaws prohibiting independent thinking.

DandonTRJ (profile) says:

Re: Re:

Recall that Issa was initially on the wrong side of the Research Works Act until the Internet informed him of its flawed nature. Contrary to how you may like to frame things, our community’s supporters are just that — supporters. Not saints. We have no problem calling them out when they go astray. It’s kind of part and parcel of the whole “staying principled” thing. Other factions may want to try it out sometime.

ThumbsUpThumbsDown says:

Re: Darryl Issa & CISPA

Darryl Issa can not explain or justify the degradation of Constitutional rights at the heart of CISPA. A cursory reading will show, and should have shown Darryl Issa, 1) that by providing for broadly defined reciprocal sharing of other than technical cybersecurity Information between American Intelligence agencies and their DOMESTIC counterparties (ISPs, Insurance Companies, Banks, etc. and ad infinatum), CISPA was giving NSA, CIA, and the other Foreign Intelligence subtenants of Homeland Security, new latitude (never hitherto constitutionally possessed by American Foreign Intellegence agencies), to effectively annull ANY right to privacy of EVERY American,
2) that by explicitly including Intellectual Property broadly defined (rather than as pertaining to any specific cyber security threat) in its subject matter listing of protected infrastructure assets, CISPA was giving American Foreign Intelligence agencies a changed charter with indirect custody, but direct oversight, over ALL Intellectual Property used DOMESTICLY by every individual American citizen in the formation of every independent and informned judgement relevant to political, moral, and cultural life, 3) that by explicitly includihg broadly defined Intellectual Property within its mandate, CISPA was rechartering American Foreign Intelligence Agencies, not nerely for the protection of Intelectual Property in the abstract; but, for protecting the specific alliance of corporate copyright distributers from whose current perpetual custody and control of Intellectual Property individual Americans express constitutionally protected political dissent, 4) that by granting broad blanket Immunity to ALL counterparties, CISPA was annulling any due process opportunity for ANY American to challenge or be compensated for the grievances which will be inevitably be inflicted by the broad scope and brutal costitutional over reach of CISPA.

In this context, I don’t care if Darryl Issa is the patron saint of Benjamin Cardozo, he can not justify this legislation without first addressing his support for such a disgraceful degadation of the constitutional rights of ALL Americans.

Anonymous Coward says:

Basically what AC is doing is trying to cast disrepute on anyone else who uses the AC tag. That way, witty or sardonic comments that really hit the nail on the head will be more or less ignored because they have the AC tag and might be related to the hateful troll posts. It’s a method of discouraging people posting here about important issues. Like burning books to keep people from reading them. More or less someone trying a ‘spanish inquisition’ move but coming from someone who is more or less a worm.

John Fenderson (profile) says:

Re: Re:

Basically what AC is doing is trying to cast disrepute on anyone else who uses the AC tag.

Oh, that ship sailed a long time ago. Although many ACs here actually make intelligent points (whether or not I agree with them), most don’t and never have. As a result when I’m skimming, I ignore ACs. The signal-to-noise raito is pretty low among them.

It’s why I’ve long urged people to use a name of some sort. It helps the conversation quite a lot.

Anonymous Coward says:

Re: Re: About Anonymity

I disagree.

Anonymity insures the equality of ideas, removes prejudice that comes from identifying the author and is the only guarantee against intimidation in democratic venues.

Remove anonymity and you get bias (in other words, prejudice) and increased possibility of either personality cult or character assassination. Common human weakness.

Deimal says:

Innovation kill-switch

The government already can’t handle the fucking data it already has, what the hell does it think it’s going to be able to do with this? What would the costs imposed on companies having to supply the information do to their ability to hire employees for ACTUAL productive work? What about the companies that would never be created because of having to comply with this law (facebook, myspace, any of a hundred sites involved with people sharing things, every email service you can think of, your ISPs, fuck your google searches) and the never-created jobs (by the hundreds of thousands) that people would not be able to have? Just so the government can have more data it cannot handle.

When you’re looking for a needle, the last thing you need is 50 more bales of hay added onto the pile.

Oh the government can’t “require” the data, and there’s no “quid pro quo”, yea, sure, right. “Hey there service provider, since you didn’t think you had anything that we needed, but we know you have it, my friends over there reviewing your bid for that government contract, ya, that bid was accidentally shredded, sorry about your luck, hope you can resubmit in time.”

“Hey, ya, you won’t give us what we’re asking for, we know it’s not required, we understand. Hey our friend there over at the SEC, he and his buddies need to bring in some forensic accountants and audit your books for the last 24 months.”

No matter how much the writers of a bill try to lock things down to specifics (and really, how often do they ACTUALLY try?), there are over two hundred and fifty million adults in this country, easily tens of million of them are far more intelligent and creative than those lawmaking idiots (and probably several million children as well). They’ll find plenty of ways to make the law say what they want it to say (just talk to the department of justice, they seem to be experts at it).

Add on top of that the governments consistently piss poor IT design, and that big ol’ database they’re putting together, ya, it’s like an all you can eat buffet for data thieves (both inside and outside). I can’t see how this wouldn’t violate fourth amendment stuff to be perfectly frank. Just because it’s online doesn’t mean it exists outside of all logical thought regarding privacy.

How about escalation? Rarely does something like this ever stop here. It’s always more and more and more (think TSA screening, when was the last time the TSA actually caught someone trying something nefarious? [listening to the crickets…]).

Congress needs to fuck off, period. They have no idea what the fuck they are doing. I am sick and tired of a bunch of out of date fucks who live off the government (and lobbyist) dole making laws about shit they haven’t a goddamned clue about. I’d be surprised if any of them have even seen a database, let alone know how one is constructed. Seriously congress, FUCK OFF.

Anonymous Coward says:

It’s once again time for the internet to speak up and send a clear message to Congress: don’t mess with something you don’t understand.

Funny how Darryl Issa was so lauded on these pages as the guy who “gets it” during the SOPA debate. Now, apparently he doesn’t understand it at all. Interesting how someone’s knowledge or expertise is wholly dependent on how closely it fits within the Techdirt narrative.

Watchit (profile) says:

Re: Re: They are trying to wear us down

in order to prevent these corporations from interfering with such things it would require us to change the rules and laws that govern the government, the problem is that these corporations are the ones paying the politicians who create and rewrite laws, and the corporations don’t want that to change.

Anonymous Coward says:

It’s just going to happen again, and again, and again. History repeating itself. They come up with a bad bill, the public outcry is too much, bill fails to get passed. Who’s going to tire of it first? The government or the people? Which one is more likely to come down with an iron fist and say ‘knock it off, we need this passed, if you say anything against it, you’re a terrorist and anti-American and you’re a threat to national security…’

If you really take an honest look at all the anti-communist films that were put out during the ‘commie’ paranoia era, with all the ‘this is what would happen under communist rule’, are those scenarios more or less likely to happen in the U.S. today than they were in the 50’s?

Instead of quoting from or paraphrasing articles written on the subject, you have the chance while Google is still running, to search for information regarding what life is like under communism and how that’s different from life in America. I’m not going to say it’s the same, and I’m not going to say it’s different. Just because it’s a democracy doesn’t mean the government doesn’t have an iron fist it will use in times of war or peace to do what it thinks must be done, regardless of what the people say.

Then again, if CISPA is passed, and it turns out as bad as all the predictions point it out to be, who’s going to have the finger pointed in their direction? They’ll be known affectionately as ‘The Politicians Who Broke The Internet’. Not a pleasant moniker to have, but if you’re the sort of person who likes villain nicknames, then there’s something for that. All I know is that there’s iron and clay in the feet, and iron and clay don’t mix well.

There isn’t a point for this issue in this post. It’s just a sobering thought.

Psyphurr says:

Agree to Disagree

Two points….

1) Don’t bitch unless you have a solution. As an IT security guy working directly in the Critical Infrastructure space, as well as a former military intel guy, I do have a clue. Most of you don’t, even though you will spam me with insults for suggesting it. Regardless, I disagree with most of your opinions on this matter (in general).

2) Too many laws, restricting too many freedoms is certainly bad. Therefore I agree with condeming proposed laws that weaken those freedoms… UNNECESSARILY.

However, ask yourself this… Just suppose for a second that the bad things the Gov is saying are happening for REAL. If things really are as bad as the feds say, and getting worse, mostly from direct State or indirectly by State level actors, then it is going to take a great deal of effort to protect U.S. interests at home, and where appropriate abroad. Not an easy thing… you can’t just station troops are all the possible entrance points on the ground anymore and call it secure. We’re talking about the Internet. This is actually a fairly new game, one our Gov is trying to figure out how to secure. No matter what the Gov does someone will hate it and scream. Again, IF what they (the Gov) say is true, how are they going to protect us? It is one of their REAL core constitutional duties remember (having a military).

Go ahead and scream now. Not really listening to it anyway. Trying to protect my companies systems as best we can….

Leigh Beadon (profile) says:

Re: Agree to Disagree

Sorry to disappoint, but I’m not going to scream at you for that.

I appreciate the inside view on cybersecurity. I cannot personally say for certain whether new information sharing laws are necessary – some say they are, some don’t. Some say cyber threats are exaggerated, some say they are real. But I’m absolutely willing to entertain the idea that they are.

However, if we are to create such laws, there are some sensible precautions that should exist to make sure they don’t unnecessarily violate people’s privacy and freedom. Requiring anonymization of data in most cases, for example. Placing clearer restrictions on what constitutes cyber threat information (not things like copyright infringement). Placing more detailed limitations on what the government can do with the data and how long they can retain it.

I think it’s completely fair that people who have an inside view of the cybersecurity situation should play a major role in determining the need for, and drafting the details of, cybersecurity legislation. However, since we’re dealing with a law that overrides all other laws and has broad implications for things way beyond cybersecurity, it seems only fair that citizens and the broader internet have a seat at the table too.

Psyphurr says:

Re: Re: Agree to Disagree

You have stated it quite well and I cannot disagree. However, my only caution or concern really, is around things like copyright infringement as it relates to intellectual property theft (Networked World: U.S. Businesses Vulnerable to Espionage Without Cybersecurity Legislation – http://tinyurl.com/82tfxdn). One nameless government far, far to the east has been stealing this kind of information for a long time, replicating much of it, and then flooding the market with significantly lower priced products. These people have some amazingly skilled/talented hackers and engineers that are leaps and bounds beyond *many* of the existing people here at home, both in the private sector as well as the public sector. Or maybe a better way of putting it is that they have the means, the motive, and the knowhow along with the backing of their government.

On the private sector side look at all the breaches over the past two years alone, some of which have been found to have been ongoing for several years (APT). One company recently in the news was deemed to have lost close to a bi$$ion dollars? worth of intellectual property due to their network being compromised for close to TEN years. Some argue that it?s the individual companies fault and if they fail as a result then so be it. This is so wrong in my thinking. These firms do not have the skill or knowledge to deal with this stuff any more effectively then Lockheed Martin, Boing, or RSA were, each of which have huge cyber security staffs and access to some of the most sensitive cyber security data AND WERE STILL BREACHED! The skill level on both sides is really quite imbalanced IMHO. It is almost like entering a gun fight?. they show up with armor piercing bullets and we show up with a rubber ducky water gun! I am generalizing here so nobody get their panties in a bind.

What I believe our Gov is trying to do, admittedly very sloppily, is use regulation where human skills and technology continues to fail. There are significantly more attacks against private sector entities then Gov entities. Unfortunately, due to current privacy laws private sector entities cannot (WILL not) release that information due to the legal consequences they might face from both individuals and the defense attorney mafia prevalent in the U.S. The threat data that the private sector holds from these many attempted breaches would be incredibly valuable to the feds when it is aggregated with data they get from their systems. Together that data helps tremendously in painting a more complete picture desperately needed to not only catch the bad guys, but to fully analyze exactly WHAT and HOW they are doing it. Defenses can then be designed to reduce the success rates. This is part of that skill gap I mentioned earlier. Yes, the U.S. and our private sector are still on the defensive and will be for the long term.

There was an interesting article related to this topic that came out on April 10, 2012 (Networked World: http://tinyurl.com/76k3pl8) that described how the U.S. Army cannot find people with the necessary cyber security certifications to fill vacancies. Current regulations specify these certification requirements. The Army?s response to the lack of certifications is? reducing the certification thresholds required to fill the openings. ?To cope with the shortage of certified personnel, the Army is altering its guidelines so that not as many individuals working in areas it calls “an enclave boundary” — defined as a specific set of routers and firewalls — will have to meet the previous requirements?? Seriously? I used to work in that environment not too long ago and I am telling you now, you do NOT want to do this. Also, let’s not get into the debate on certifications and how they give a false sense of skill/capability.

So in conclusion, until the U.S. and the private sector takes the necessary steps to produce more advanced skills in its up and coming cyber security people, we will continue to play the defensive role. Coupled with lack of sufficient cyber data from all sources containing sufficient information (not sanitized to the point of worthlessness) to be useful, the U.S. overall is kinda screwed at the moment. It is my opinion that this current legislation is an attempt to get access to that private sector data by protecting private entities from legal repercussions, so they can do as I described above. As a country, we will continue to play defense until we take the necessary steps to significantly change the rules of the game with the adversaries.

Note: I am a private citizen with no current, direct or indirect connections or affiliations with the U.S. Government or any related public/private firm. My opinion is my own and does not reflect that of any company, business, or entity I have had dealings with, either past or present. Dam Mafia!

Watchit (profile) says:

Re: Re: Re: Agree to Disagree

Hmmm, I like you Psyphurr, unlike most people who come into the comments section with a differing point of view, you presented your opinion in a clear and concise manner without resorting to ad hominems or declaring our arguments wrong without any support.

I don’t know only the basics of online security, so I’m not the best person to ask on whether or not a cyber-security bill is really needed. But, if something must be done, I would rather run the risk of some sort of cyber threat, then rush a bill that may or may not prove useful, or may in fact be used for entirely different purposes that I do not support. I have seen too many bills where the backers insist the bill will “only” be used a certain way, in order to leave out measures to protect against misuse, and then have the bill used in the exact way the backers insisted it wouldn’t. Some fine examples include the Pro-IP act, Canada’s failed “Protecting children from Internet Predators Act” that was really an online surveillance bill whose only mention of Child Porn was in its name, and who could forget the Patriot Act.

If there is to be a Cyber-Security bill passed that may affect me, I want that bill to be as specific as possible, thoroughly researched, and to give only as much power as necessary to the government to reduce the collateral from misuses that will inevitably happen.

My problem with this particular bill, CISPA, is its broad undefined wording, how it overrides any state legislation on the matter, the exemption from FOIA, and the thought of worrying my private data being shared without my knowing not only by hackers but by the government as well.

[citation needed or GTFO] says:

Re: Re: Re:2 Agree to Disagree

If there is to be a Cyber-Security bill passed that may affect me, I want that bill to be as specific as possible, thoroughly researched, and to give only as much power as necessary to the government to reduce the collateral from misuses that will inevitably happen.

I’ve gotta ask, was there ever such a bill (ANY bill, not just cyber-security) that was thoroughly researched and gave the government only necessary power that couldn’t be abused?

Hmmm, I like you Psyphurr, unlike most people who come into the comments section with a differing point of view, you presented your opinion in a clear and concise manner without resorting to ad hominems or declaring our arguments wrong without any support.

And I’ve gotta agree, it’s refreshing to hear an opinion that actually backs up what they have to say without resorting to “Marcus/Mike,” “freetards,” “piracy,” “Google,” or gay jokes.

Based on his comment, it’s obvious he knows what he’s talking about instead of acting all uppity and thumbing his nose at the rest of us.

Hope Psyphurr sticks around and shows what REAL counter-points are supposed to look like.

Watchit (profile) says:

Re: Re: Re:3 Agree to Disagree

I’ve gotta ask, was there ever such a bill (ANY bill, not just cyber-security) that was thoroughly researched and gave the government only necessary power that couldn’t be abused?

another “sad but true” button moment… unfortunately it happens all too often. Fortunately, as proven by SOPA, the public can actually have an effect on lawmaking. And, hopefully, in the future we will be able to stand up and be heard over the giant lobbying organizations that buy out politicians.

Dennis says:

Re: Re: Re:2 Agree to Disagree

I agree completely Watchit; I’d rather continue to be “unsafe” for a while longer than rush something like this into law, especially with the broad definitions and dangerous implications it may have; possibly turning everyday music pirates into cyberterroists.

I’m not trying to hijack the thread, but the root of this problem really is piracy. The powerful companies that sponsor and promote legislation like this and buy off our representatives aren’t doing it because they want to destroy privacy any more than the SOPA sponsors wanted to destroy free speech. They just want to protect their profits.

They’re trying to get more power over consumers that can steal their stuff basically at every turn. These companies are fearful and feel powerless to stop the masses from pirating any content they come out with, so they draft up legislation like this with their purchased Washington representative. The users feel powerless against these companies who take advantage of them at every turn trying to get them to pay more for less, so they turn to piracy in greater and greater numbers. It’s a self perpetuating cycle of powerlessness and power grabs.

If we REALLY want to stop legislation like this, both groups need to start empowering each other. Companies need to make it easier to purchase, and adjust the prices of their media content to take into account the deflation that’s occurred because of the internet; my 10,000 song iPod should not cost me $10,000 to fill.

Conversely, consumers need to start seeing piracy as the crime that it is and change the culture around it. It may not be stealing per se, but as long as people think they’re losing profits from the content they create, they’ll take aggressive measures like this to protect themselves.

CISPA, SOPA, PIPA, they all stem from fear. It’s like a momma bear attacking you because she thinks your a threat to her cubs. All you see is a bear claw coming at you, but in her mind, YOU are the intruder.

PW (profile) says:

What our gov’t has failed to appreciate is that as it has continued to violate our trust in how it applies various laws and how its representatives have behaved, we can no longer provide it a free pass on interpretations. To date, we cannot get the Dept. of Justice to provide its interpretation of the Patriot Act, which has been law for quite some time now. We also have seen threats of applying the Espionage Act in overly broad manners.

Yes, it’s clear there are issues that need to be addressed in order to properly deal and coordinate on “cyber” threats, but providing our gov’t carte blanche cannot be an option, they have proven themselves unworthy of the trust endowed upon them.

Cheesus says:

can't we all just... get a fong?

so let me get this straight… Government owned companies of another country are stealing secrets from private companies that the US government outsources to because it’s cheaper and with more kickbacks then government ownership…?

i guess that’s privatization coming back to bite you in the ass…

nonetheless removing culpability for false/mistaken accusations?… that’s crap. if you’re gonna accuse me of something and you’re wrong, i want to know i can be at least compensated and that the threat of retribution will keep you from using your powers carte blanche.

Finally, this seems like a two way street, as in not only will the private companies pony up info to the government but will have government backing for their own ulterior motives…. and frankly, no way. I voted in the government…. well the government was voted in. Private companies were not, and i’ll not have private companies dictating law without repercussion. hell, even having a law protect them whilst they do it. yes i know they dictate laws now to an extent, but laws are in place to limit that and public humiliation of being caught gets them in hot water too, but once laws protect them, where would it stop?.. buy our product or be a terrorist?.. elections won and lost by financial margins

okay i’m being dramatic and fatalistic. But still, this law is heading us down a dark path and anyone not set to gain (financially or power wise) from it can see that.

Doc Sparkle says:

"Efforts" to degrade

Sooo, are efforts to degrade a network….. downloading a file? Has everyone just legally become a future Kim Dotcom? Don’t I degrade the network every time I use it? And since there is no requirement to show due cause before requesting information every one just became guilty until proven innocent. Should I expect my email to have been hacked and copied and my ISP to cut me off within hours after posting this? Will privacy become a forgotten word?

Rwolf says:

CISPA Is Fascism?Disguised In Cyber Security Legislation

CISPA the Cyber Intelligence Sharing and Protection Act if passed will allow??the military and NSA warrant-less spying on Americans? confidential electronic Communications and transmitted private information; circumvent the fourth amendment by permitting any self-protected cyber entity to share with the Feds any obtained information that might relate to a cyber threat. Considering federal government?s close business relationship with several telephone and Internet companies it should be assumed the feds will through CISPA gain access legally or otherwise to Americans? electronic communications. The current House Passed Cyber Security Bill overrides the Fourth Amendment, any information gleaned from warrant-less spying is admissible in Criminal, Civil and Administrative courts against U.S. Citizens and businesses. CISPA opens the door for U.S. Government spy agencies such as NSA; the FBI, government contractors and private entities (to take out of context) any innocent?hastily written email, fax or phone call to allege a crime or violation was committed to cause a person?s arrest, assess fines and or civilly forfeit a business or property. There are more than 350 laws and violations that can subject property to government asset forfeiture. Government civil asset forfeiture requires only a civil preponderance of evidence for police to forfeit property, little more than hearsay.

The U.S. Justice Department can use CISPA spying to circumvent the Fourth Amendment, (no warrant searches) of Web Server Records; a Citizen?s Internet Activity, personal transmitted emails; fax and phone calls to issue subpoenas in hopes of finding evidence or to prosecute Citizens for any alleged crime or violation. If CISPA is passed it is problematic federal, state and local law enforcement agencies and private government contractors will want access to prior Bush II NSA and other government illegally obtained electronic records not limited to Americans? Internet activity; private emails, fax and phone calls to secure evidence to arrest Americans, to civilly forfeit their homes, businesses and other assets under Title 18USC and other laws. Of obvious concern, what happens to fair justice in America if police become dependent on ?Asset Forfeiture? to help pay their salaries and budget operating costs?

The passed ?Civil Asset Forfeiture Reform Act of 2000? (effectively eliminated) the ?five year statue of limitations? for Government Civil Asset Forfeiture: the statute now runs five years (from the date) police allege they ?learned? an asset became subject to forfeiture. If CISPA is passed allowing (no warrant) electronic government surveillance of Americans, it should be expected CISPA will be used by government not just to thwart cyber threats but to prosecute Americans for any alleged crime; expect government/police will relentlessly sift through Citizen and businesses? (government retained Internet data), emails and phone communications to discover possible crimes or civil violations. A corrupt despot U.S. Government Administration may too easily use no-warrant-seized emails, Internet data and phone call information) to blackmail political opposition, U.S. Citizens, corporations and others in the same manner Hitler used Nazi passed no-warrant police state search and seizure laws to selectively target Citizens for arrest, to extort support for the Nazi fascist government, including strong-arming parliament to pass Hitler?s 1933 Discriminatory Decrees that suspended the Constitutional Freedoms of German Citizens.

A Nazi Government threat of ?Property Seizure? Asset Forfeiture of an individual or corporation?s assets generally was sufficient to ensure Nazi support. History shows how that turned out?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...