CISPA Is A Really Bad Bill, And Here's Why
from the time-to-speak-up dept
Update: There is now a new draft of CISPA that has rendered some (though unfortunately not all) of this analysis obsolete.
The forces behind HR 3523, the dangerous Cyber Intelligence Sharing and Protection Act which is going to move forward in Congress at the end of the month, are beginning to get cagey about the growing backlash from the internet community. In an attempt to address some of the key concerns, the bill’s authors, representatives Mike Rogers and Dutch Ruppersberger, hosted a conference call specifically geared at digital reporters. The invitation was for “Cyber Media and Cyber Bloggers” (seriously) and took place at 7am Silicon Valley time—thus demonstrating that they are totally in touch with the tech community. During the call, the representatives were intent on hammering certain points home: that the bill respects privacy and civil liberties, is not about surveillance, is targeted at actions by foreign states, and is nothing like SOPA.
Unfortunately, none of that is really true. The text of the bill, even with the two key amendments made since (all pdf links and embedded below), is still full of extremely broad definitions which fail to create the safeguards that the representatives insist are present, and which leave room for dangerous unintended consequences.
CISPA at a Glance
In broad terms, CISPA is about information sharing. It creates broad legal exemptions that allow the government to share “cyber threat intelligence” with private companies, and companies to share “cyber threat information” with the government, for the purposes of enhancing cybersecurity. The problems arise from the definitions of these terms, especially when it comes to companies sharing data with the feds.
Is CISPA the new SOPA?
This is the notion that the reps behind the bill are most desperate to kill. Their primary response is that CISPA has nothing to do with seizing domains or censoring websites, but that’s only true on the surface. The bill defines “cybersecurity systems” and “cyber threat information” as anything to do with protecting a network from:
‘(A) efforts to degrade, disrupt, or destroy such system or network; or
‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
It’s easy to see how that definition could be interpreted to include things that go way beyond network security—specifically, copyright policing systems at virtually any point along a network could easily qualify. And since one of the recipients of the shared information would be Homeland Security—the department that includes ICE and its ongoing domain seizures—CISPA creates the very real possibility for this information to be used as part of a SOPA-like crusade to lock down the internet. So while the bill itself has nothing to do with domain seizures, it gives the people behind such seizures a potentially powerful new weapon.
The reps insist that when they refer to intellectual property, they are not thinking about media piracy or even counterfeiting, but about foreign-based attacks on domestic companies to steal their research and development (they tout examples like the plans for jet fighters). Unfortunately, the bill’s definitions create no such restriction, leaving the door wide open for more creative interpretations.
How can the government use the information?
The original text of the bill was really bad, simply saying the government cannot use the information for “regulatory purposes.” This was amended to be more restrictive, but not by much: now, the same broad “cybersecurity” definition applies to what they can use the data for, and as if that wasn’t enough, they can also use it for “the protection of the national security of the United States.” I don’t need to tell you that the government is not exactly famous for narrowly interpreting “national security.”
So is CISPA a surveillance bill?
The bill specifically prohibits the government from requiring anyone to hand over information, or offering any sort of “quid pro quo” data sharing arrangement. Sharing information is voluntary, and as far as the bill’s supporters are concerned, that should end the debate. Of course, as we’ve seen with things like the warrantless wiretapping scandal, complicity between companies and the government, even when legally questionable, is common and widespread. But even if the safeguards work, CISPA will undoubtedly allow for invasions of privacy that amount to surveillance.
Firstly, while the reps insist that the bill only applies to companies and not individuals, that’s very disingenuous. CISPA states that the entity providing the information cannot be an individual or be working for an individual, but the data they share (traffic, user activity, etc.) will absolutely include information about individuals. There is no incentive in the bill to anonymize this data—there is only a clause permitting anonymization, which is meaningless since the choice of what data to share is already voluntary. Note that any existing legal protections of user privacy will not apply: the bill clearly states that the information may be shared “notwithstanding any other provision of law”.
So we’ve got the government collecting this data, potentially full of identifying information of users in the U.S. and elsewhere, and they are free to use it for any of those broadly defined cybersecurity or national security purposes. But, it gets worse: the government is also allowed to affirmatively search the information for those same reasons—meaning they are by no means limited to examining the data in relation to a specific threat. If, for example, a company were to provide logs of a major attack on their network, the government could then search that information for pretty much anything else they want.
Can CISPA be fixed?
Most of the new provisions currently being considered for CISPA have to do with adding oversight and liability to prevent the government from violating any of the terms—but that doesn’t address the problems in the bill at all, since the terms are already so broad. CISPA would require significant new restrictions to come anywhere close to being a good bill—a fact that points to Congress’ inability to effectively design internet regulation. Moreover, there isn’t even clear evidence that new cybersecurity laws are necessary. This is a bill that needs to die.
The EFF has a tool to help you contact your representative about CISPA and the broader issue of cybersecurity legislation. The bill is going to the House the week of April 23rd, so now is the time to get involved. As with SOPA, this is not an issue that solely effects Americans: the data may come from U.S. companies, but it will involve people from all over the world—and, indeed, foreign entities are one of the bill’s prime targets. It’s once again time for the internet to speak up and send a clear message to Congress: don’t mess with something you don’t understand.
Filed Under: cispa, congress, cybersecurity, sopa
Comments on “CISPA Is A Really Bad Bill, And Here's Why”
The more and more you go on Marcus, the more you read like Mike.
That is to say, arrogant, self assured, and more than a little full of shit.
“The Sky is Falling” is probably your favorite concept.
Re: .. .. .
Hello Coward!
On the spot with that vitriol, I see.
Very good, have a cookie.
Have you thought about getting yourself a name? I’m thinking: On-the-spot-troll (or something to that effect).
It’s nice to see how much you’re enjoying our Techdirt community, and you apparently have a fervent desire to be a contributing member, what with your witty criticisms offered up in such a timely manner…
Anyhow, hope you’re having a good day.
Re: Re: .. .. .
I am having a great day. It’s another chance to watch Marcus make an ass out of himself, to be a strident and only semi-informed Mike-abee. It’s as enjoyable as the spring flowers.
I trust you are having a good day yourself!
Re: Re: Re: .. .. .
You’re having a miserable day. I would too if I were forced to read things written by people I despise. You should probably go outside. Talk to some friends, maybe give your mom a call?
Re: Re: Re:2 .. .. .
Um, the only one that looks like an ass… is.. well you. Now believe me, when Marcus messes up I will be right there with you to chastise him. (Hugs and kisses M) But it is really getting boring watching stupid insult after stupid insult. At least be creative.
Try this. How about actually countering his points with points of your own?
Now go get a cookie from Lobo. I hear he has Oreo’s and chocolate chips, pour yourself a glass of milk, and try to do better next time. K? OK.
Re: Re: Re:3 .. .. .
reply to this fail – Anonymous Coward, Apr 10th, 2012 @ 1:12pm
Sorry 1:16pm
Re: Re: Re:4 .. .. .
haha, yeah that confused me for a second
Re: Re: Re: .. .. .
I would love to read your blog re: how the sky is not falling on internet and personal freedoms but is surely falling on the content industries.
Re: Re: Re:2 .. .. .
Seconded.
Hey AC, when is your blog going live?
What will it be: a gritty, dirty look at the dealings of K Street, a sad, pathetic view of an artist who’s glory days are long gone, or a peek into the sleaze and sychophancy of a content industry middle-manager? (Did I just invent a word?)
Either way, I plan on insulting you personally when I don’t have a counter to your arguments, once I find out who you are and get a look at your picture.
Re: Re: Re:3 .. .. .
His blog is live…..it’s called the crap which comes out of congress. It’s his companies that are spewing that crap, Human Centipede-style, through themselves, then our gov’t, and finally, out to the public, telling us that this output is good for us and we should eat it up.
Re: Re: Re:4 .. .. .
I have a plan:
All we need to do is sew shut the last asshole; if we’re lucky, in a short while the whole chain of them will explode!
Once we clean up the shit after that we should be good to go.
Re: Re: Re:2 .. .. .
“I would love to read your blog re: how the sky is not falling on internet and personal freedoms but is surely falling on the content industries.”
Oh, but I do think the sky is falling on “internet freedoms”, because they are the ones that ignore the law, ignore personal responsiblity, and ignore the rights of others. Those things are all certainly going to have the sky fall on them.
The “pro internet” types (hi Marcus) would like to have the internet ruled by the lowest, least restictive law sets on the planet. That is to say, if the copyright laws are slack in Spain, he wants the whole world to have to work with Spain’s laws. He doesn’t give a crap about the rights of people in different countries to have different laws and views. He wants the internet to force the citizen of sovereign nations to suffer under the law making of the weakest countries.
Normally we try to get rid of the weakest link – Marcus wants us to live by the rule of the weakest link.
So yeah, the sky is falling on internet freedom because it’s really just anarchy, and that cannot be tolerated in our society.
Re: Re: .. .. .
I want a cookie. Chocolate chip or Oreo please.
Re: Re: Re: .. .. .
I have Oreos, one will be set aside specifically for you.
Re: Re: Re:2 .. .. .
Yay!!!! Thanks Lobo.
Re: Re: Re:2 cookies!
Can I have one too? are they double stuffed? I loved double stuffed! 😀
Re: Re: Re:3 cookies!
Nay, just regular Oreos.
And, I suppose there’s one to spare for you too, though you don’t look all that familiar to me…
Re: Re: Re:4 cookies!
just your friendly neighborhood brony, I come in peace! as long as I get an oreo!
Re: Re:
Thank you for showing up and commenting on every article immediately with insults and attempts to down-play and discourage both writers and readers.
It’s a testament to how important these issues are and how much some powerful people don’t want them discussed or disseminated.
If all was as you say it is, you wouldn’t even be here. You’d have better things to do.
So, thank you. I mean that.
Re: Re:
Man you really have it in for Marcus. I’m not his biggest fan either but damn man.
Did you even have time to read this then come up with this bullcrap in 12 minuets?
Or do you just have a bunch of troll insults on a word document somewhere to cut and paste from? **** Ding ding ding ding*** We have the winner.
Re: Re: Re:
No, he didn’t read it. But it’s only because he’s very busy and has many important dealings to attend to. So important, in fact, that he’s only available to comment all day, every day. So, please don’t disturb him. He’s a superstar.
Re: Re: Re:
Did you even have time to read this then come up with this bullcrap in 12 minuets?
Which is longer, 12 minuets or 12 waltzes?
Re: Re: Re: Re:
Which is longer, 12 minuets or 12 waltzes?
are you referring to a regular waltz or chopin’s “minute waltz”?
Re: What's REALLY going on in AC's head:
“Ooh, Marcus! I’m so jealous of your passionate relationship with Mike! I don’t care what anyone says! I’ll stalk you and insult your articles to cover this burning lust I have for you in my loins! Please respond to me! Your replies are like the nectar of the gods! Yes! Your personal attention to me satisfies my yearning for your words! Take me, Marcus! Penetrate my cravings with your dirty, forbidden talk of piracy and freetards!”
Also, “FIRST!”
Re: Re: What's REALLY going on in AC's head:
This book is getting interesting.
Please continue.
Re: Re: Re: What's REALLY going on in AC's head:
Please continue.
Um, please don’t… 🙂
Re: Re: Re:2 What's REALLY going on in AC's head:
Stay tuned for the next installment of “TechDirt Theater: An AC’s Forbidden Lust” where the AC fantasizes about going through Leigh’s dirty underwear and wearing it on their chest. 😉
Re: Re: Re:3 What's REALLY going on in AC's head:
Oh please, make it end! T.T
Re: Re: What's REALLY going on in AC's head:
I think I’m going to throw up 0_0
Re: Re:
Screw You.
I care about Censorship, Liberty, and the Right to my Privacy from this Government.
Re: Re:
LMAO! Leigh is almost as good as the Spaznick. Between the two, TD is nonstop laughs.
Re: Re:
Ad hominem. Common fallacy
Re: Re:
The more and more you go on Marcus, the more you read like Mike.
That is to say, arrogant, self assured, and more than a little full of shit.
“The Sky is Falling” is probably your favorite concept.
He’s Charlie McCarthy. Why do you think Masnick adopted him.
Re: Re:
Be prepared parasite, the days of wild west legislation are over, the public now are taking an interest on those and is not going to be easy to pass them anymore.
Re: Re:
So, do you have any constructive criticism, or is it, as always, pointless and mindless prattling on as if you knew something, but without making a single point to disprove the blinding ignorance coming off your ego-hat?
Re: AC doesn't understand
You do know that if this bill is passed you are affected too? With teh way you troll you’d might be mistaken as a terrorist and would be subject for surveillance. That means no trolling for you anymore!
Brilliant Rebuttal
I like the way that you countered each of his arrogant, self assured, and full of shit arguments in such detail.
Re: Brilliant Rebuttal
Trolls – always after the character, never after the substance.
That's just mean
“… speak up and send a clear message to Congress: don’t mess with something you don’t understand.”
That’s just mean. That gives them almost nothing at all to mess with.
Re: That's just mean
Well then we need more scientists and engineers in congress.
Re: That's just mean
Except their salary….
*Abort Abort*
if this and other Bills are only meant to/going to implement and allow certain things to happen or prevent certain things from happening, why not write Bills that are specific, that are clear and unable to be interpreted in any unintended way at all? the answer is easy. when done like they are, any and every interpretation is not only possible but will be used in any way that the particular law enforcement at the time wants! that means more than ever that the people can be screwed over as much and as often as possible and to as hard a degree as possible!
Just read through it, and...
I was wondering if my interpretation of the bill was somewhat appropriate. Reading through the text, it seems like the premise is to contract out cyber-security to private firms.
While the Government does have a tendency to contract things off to private companies, is that their intent here, or is it blatantly different from other bills/laws?
Re: Just read through it, and...
That sounds like part of it at least. Anyway it sounds like they want to go through private companies to get information they couldn’t normally get legally. Though certain companies have been shown to share private data with the government irregardless anyway.
“Cyber Bloggers…” Really? At least tell us that the conference wasn’t hosted in an AOL chatroom.
"Cyber Bloggers"? What the heck?
I just can’t wrap my head around the mindset of these guys. They never do any research on the subjects their laws cover, and yet they still believe they can pass themselves off as well-informed. They should’ve been asking questions during that conference call, not giving answers.
Re: "Cyber Bloggers"? What the heck?
Oh, I’m pretty sure they know exactly how their bill works, good for them, bad for us. Their bets are placed on making it look like they know what their doing and hoping the public doesn’t figure out how much they are being screwed over.
Legislators are old and out of touch
I think the problem with our legislator and the Net is they are old! Most of them are over 50 and grew up with black and white TVs with dials, rotary phones and old stuff like that. To them, the concept of a digital world is foreign. Thus, they tack the prefix cyber- onto anything referring to the Net in order to attempt to sound like they understand and only make themselves look more foolish in so doing.
Because of this, I propose that no one over 50 be allowed to propose any laws for the Net. If you don’t know how it works, you’ve no business trying to regulate it.
Since I know that won’t happen, I think all Net users need to declare the Internet a sovereign nation, entity, etc., which circumvents the globe, bypasses all borders and unites all peoples in a way unprecedented in history and thus cannot be bound by any terrestrial laws.
I know that won’t happen either…
What is with your boy Darryl Issa, patron saint of the anti-SOPA movement? He’s a co-sponsor, so how can this bill possibly be as bad and SOPA-like (as EFF and others claim) if he’s a sponsor?
Seems to me a knowledgable guy like Issa sees it for what it is and hasn’t succumbed to the whole Chicken Little narrative.
Re: No patron saints
Patron saint? Hardly.
Here’s the thing — an awful lot of us actually form our own opinions by reading and thinking about the issue at hand. I’ve never adopted (or rejected) an opinion based on whether or not someone else has. It doesn’t matter who that someone else is.
“Issa thinks it’s OK, so it’s OK” is a logical fallacy, not an argument.
Re: Re: No patron saints
Here’s the thing — an awful lot of us actually form our own opinions by reading and thinking about the issue at hand. I’ve never adopted (or rejected) an opinion based on whether or not someone else has. It doesn’t matter who that someone else is.
Please, you’re one of Masnick most vocal parrots and loyal sycophants. This entire board is an echo chamber save the handful of AC’s who chime in from time-to-time. No, you’re a charter member of Masnick’s goofy personality cult and strictly adhere to the bylaws prohibiting independent thinking.
Re: Re: Re: No patron saints
Instead of this forum you would like everybody to go to your place that is also full of sycophants like you?
Re: Re: Re: No patron saints
You’re funny. I disagree with Mike fairly often. I confess that I agree with him more often than not, but I think you have your cause & effect backwards.
Re: Re:
Why must so many people focus on the who, when what is obviously most important is what, why and how, and how can we stop this?
Re: Re:
Recall that Issa was initially on the wrong side of the Research Works Act until the Internet informed him of its flawed nature. Contrary to how you may like to frame things, our community’s supporters are just that — supporters. Not saints. We have no problem calling them out when they go astray. It’s kind of part and parcel of the whole “staying principled” thing. Other factions may want to try it out sometime.
Re: Darryl Issa & CISPA
Darryl Issa can not explain or justify the degradation of Constitutional rights at the heart of CISPA. A cursory reading will show, and should have shown Darryl Issa, 1) that by providing for broadly defined reciprocal sharing of other than technical cybersecurity Information between American Intelligence agencies and their DOMESTIC counterparties (ISPs, Insurance Companies, Banks, etc. and ad infinatum), CISPA was giving NSA, CIA, and the other Foreign Intelligence subtenants of Homeland Security, new latitude (never hitherto constitutionally possessed by American Foreign Intellegence agencies), to effectively annull ANY right to privacy of EVERY American,
2) that by explicitly including Intellectual Property broadly defined (rather than as pertaining to any specific cyber security threat) in its subject matter listing of protected infrastructure assets, CISPA was giving American Foreign Intelligence agencies a changed charter with indirect custody, but direct oversight, over ALL Intellectual Property used DOMESTICLY by every individual American citizen in the formation of every independent and informned judgement relevant to political, moral, and cultural life, 3) that by explicitly includihg broadly defined Intellectual Property within its mandate, CISPA was rechartering American Foreign Intelligence Agencies, not nerely for the protection of Intelectual Property in the abstract; but, for protecting the specific alliance of corporate copyright distributers from whose current perpetual custody and control of Intellectual Property individual Americans express constitutionally protected political dissent, 4) that by granting broad blanket Immunity to ALL counterparties, CISPA was annulling any due process opportunity for ANY American to challenge or be compensated for the grievances which will be inevitably be inflicted by the broad scope and brutal costitutional over reach of CISPA.
In this context, I don’t care if Darryl Issa is the patron saint of Benjamin Cardozo, he can not justify this legislation without first addressing his support for such a disgraceful degadation of the constitutional rights of ALL Americans.
You tell congress, hey, this is a bad idea. Instead of listening and rethinking it, they stick in another bill that was already was bad on its own.
This ‘bundling’ of bad ideas sailed past cookoo town and is exploring unknown regions of corruption now.
Re: Re:
What I don’t understand is how Congress can be so brazen about their corruption. It’s so blatantly obvious, and yet none of them face any charges whatsoever.
Basically what AC is doing is trying to cast disrepute on anyone else who uses the AC tag. That way, witty or sardonic comments that really hit the nail on the head will be more or less ignored because they have the AC tag and might be related to the hateful troll posts. It’s a method of discouraging people posting here about important issues. Like burning books to keep people from reading them. More or less someone trying a ‘spanish inquisition’ move but coming from someone who is more or less a worm.
Re: Re:
Oh, that ship sailed a long time ago. Although many ACs here actually make intelligent points (whether or not I agree with them), most don’t and never have. As a result when I’m skimming, I ignore ACs. The signal-to-noise raito is pretty low among them.
It’s why I’ve long urged people to use a name of some sort. It helps the conversation quite a lot.
Re: Re: About Anonymity
I disagree.
Anonymity insures the equality of ideas, removes prejudice that comes from identifying the author and is the only guarantee against intimidation in democratic venues.
Remove anonymity and you get bias (in other words, prejudice) and increased possibility of either personality cult or character assassination. Common human weakness.
Re: Re:
ACs routinely get mentioned in the funniest/most insightful posts, so I don’t think it’s a problem.
Just post everyone’s IP next to their user name and let the internet sort out the AC., please.
Nigel
Re: Re:
Can you imagine? Angry Guy AC would blow his stack going on and on about his privacy being violated and his rights being violated and his speech being censored. You know, all the things he wants the government to do to other Internet users.
Re: Re:
If he hashed it first that would be ok. He could even hash it to some made-up name to make it easier to parse.
Re: Re: Re:
Ooh, and then he could take the hash and turn it into a pretty image to use for the avatar. We could call them identicons! Wait…
Re: Re: Re: Re:
Let me guess. You are from Georgia.
Georgia?
Why is this sponsored by mainly Georgians and some of their neighbor Floridians?
Re: Georgia?
I havn’t been able to figure out who exactly is supporting this bill, where’d you find that out?
If their really are a lot of supporters in Florida, I’m gonna have a pretty busy summer protesting…
Innovation kill-switch
The government already can’t handle the fucking data it already has, what the hell does it think it’s going to be able to do with this? What would the costs imposed on companies having to supply the information do to their ability to hire employees for ACTUAL productive work? What about the companies that would never be created because of having to comply with this law (facebook, myspace, any of a hundred sites involved with people sharing things, every email service you can think of, your ISPs, fuck your google searches) and the never-created jobs (by the hundreds of thousands) that people would not be able to have? Just so the government can have more data it cannot handle.
When you’re looking for a needle, the last thing you need is 50 more bales of hay added onto the pile.
Oh the government can’t “require” the data, and there’s no “quid pro quo”, yea, sure, right. “Hey there service provider, since you didn’t think you had anything that we needed, but we know you have it, my friends over there reviewing your bid for that government contract, ya, that bid was accidentally shredded, sorry about your luck, hope you can resubmit in time.”
“Hey, ya, you won’t give us what we’re asking for, we know it’s not required, we understand. Hey our friend there over at the SEC, he and his buddies need to bring in some forensic accountants and audit your books for the last 24 months.”
No matter how much the writers of a bill try to lock things down to specifics (and really, how often do they ACTUALLY try?), there are over two hundred and fifty million adults in this country, easily tens of million of them are far more intelligent and creative than those lawmaking idiots (and probably several million children as well). They’ll find plenty of ways to make the law say what they want it to say (just talk to the department of justice, they seem to be experts at it).
Add on top of that the governments consistently piss poor IT design, and that big ol’ database they’re putting together, ya, it’s like an all you can eat buffet for data thieves (both inside and outside). I can’t see how this wouldn’t violate fourth amendment stuff to be perfectly frank. Just because it’s online doesn’t mean it exists outside of all logical thought regarding privacy.
How about escalation? Rarely does something like this ever stop here. It’s always more and more and more (think TSA screening, when was the last time the TSA actually caught someone trying something nefarious? [listening to the crickets…]).
Congress needs to fuck off, period. They have no idea what the fuck they are doing. I am sick and tired of a bunch of out of date fucks who live off the government (and lobbyist) dole making laws about shit they haven’t a goddamned clue about. I’d be surprised if any of them have even seen a database, let alone know how one is constructed. Seriously congress, FUCK OFF.
Re: Innovation kill-switch -> Privacy kill-switch
Subject line doesn’t make sense, sorry about that.
It’s once again time for the internet to speak up and send a clear message to Congress: don’t mess with something you don’t understand.
Funny how Darryl Issa was so lauded on these pages as the guy who “gets it” during the SOPA debate. Now, apparently he doesn’t understand it at all. Interesting how someone’s knowledge or expertise is wholly dependent on how closely it fits within the Techdirt narrative.
Re: Re:
“Interesting how someone’s knowledge or expertise is wholly dependent on how their work product reflects that knowledge and expertise.”
FTFY
Re: Re:
Wow, it’s almost like people can be wrong one on issue and right on another issue. This is shocking news!
Re: Re:
It’s troubling when people base their opinions on facts and analysis and not on who is talking, isn’t it? It changes from the assinine political debate, doesn’t it? Maybe a bit unsettling for you?
Re: Re:
kind of a weird example I know, but this is my experience as a student.
The same student who is complimented by his teacher for getting an A in Calculus, could then right after be berated by his Physics teacher for failing. Just because you are lauded in one field of study, doesn’t mean you should gain recognition in others.
I think the IPlawyers are pissed…
…there have been a lot of them posting today as ACs.
Hi guys! 🙂
They are trying to wear us down
SOPA, PIPA, ACTA, TPPA, CISPA et al… I think these people, these corporate sock puppets are trying to wear us down to the place where they can sneak something through while they think nobody’s looking.
The price of freedom is eternal vigilance. WE must not let our guard down, or we’re done for.
Re: They are trying to wear us down
Why can’t U.S. citizens just act to pre-empt the problem and “remove”(read “terminate”) these corporate sock puppets before they cause more damage?
Vigilance is OK but really won’t solve the issue.
Re: Re: They are trying to wear us down
For that you need to attack the root of the problem and that is the underlying granted monopolies that the government and some interests are so fond of.
End the legal framework that gives rise to such things and you have little to deal after that.
Re: Re: They are trying to wear us down
in order to prevent these corporations from interfering with such things it would require us to change the rules and laws that govern the government, the problem is that these corporations are the ones paying the politicians who create and rewrite laws, and the corporations don’t want that to change.
Re: Re: Re: They are trying to wear us down
I agree entirely. I just wish they would shut up and leave our country alone.
Who else thinks anything with the prefix “cyber-” sounds like outdated sci-fi technobabble?
Successful troll is successful.
CISPA is a really BAD bill eh? maybe you should bend it over and spank it
It’s just going to happen again, and again, and again. History repeating itself. They come up with a bad bill, the public outcry is too much, bill fails to get passed. Who’s going to tire of it first? The government or the people? Which one is more likely to come down with an iron fist and say ‘knock it off, we need this passed, if you say anything against it, you’re a terrorist and anti-American and you’re a threat to national security…’
If you really take an honest look at all the anti-communist films that were put out during the ‘commie’ paranoia era, with all the ‘this is what would happen under communist rule’, are those scenarios more or less likely to happen in the U.S. today than they were in the 50’s?
Instead of quoting from or paraphrasing articles written on the subject, you have the chance while Google is still running, to search for information regarding what life is like under communism and how that’s different from life in America. I’m not going to say it’s the same, and I’m not going to say it’s different. Just because it’s a democracy doesn’t mean the government doesn’t have an iron fist it will use in times of war or peace to do what it thinks must be done, regardless of what the people say.
Then again, if CISPA is passed, and it turns out as bad as all the predictions point it out to be, who’s going to have the finger pointed in their direction? They’ll be known affectionately as ‘The Politicians Who Broke The Internet’. Not a pleasant moniker to have, but if you’re the sort of person who likes villain nicknames, then there’s something for that. All I know is that there’s iron and clay in the feet, and iron and clay don’t mix well.
There isn’t a point for this issue in this post. It’s just a sobering thought.
Agree to Disagree
Two points….
1) Don’t bitch unless you have a solution. As an IT security guy working directly in the Critical Infrastructure space, as well as a former military intel guy, I do have a clue. Most of you don’t, even though you will spam me with insults for suggesting it. Regardless, I disagree with most of your opinions on this matter (in general).
2) Too many laws, restricting too many freedoms is certainly bad. Therefore I agree with condeming proposed laws that weaken those freedoms… UNNECESSARILY.
However, ask yourself this… Just suppose for a second that the bad things the Gov is saying are happening for REAL. If things really are as bad as the feds say, and getting worse, mostly from direct State or indirectly by State level actors, then it is going to take a great deal of effort to protect U.S. interests at home, and where appropriate abroad. Not an easy thing… you can’t just station troops are all the possible entrance points on the ground anymore and call it secure. We’re talking about the Internet. This is actually a fairly new game, one our Gov is trying to figure out how to secure. No matter what the Gov does someone will hate it and scream. Again, IF what they (the Gov) say is true, how are they going to protect us? It is one of their REAL core constitutional duties remember (having a military).
Go ahead and scream now. Not really listening to it anyway. Trying to protect my companies systems as best we can….
Re: Agree to Disagree
Sorry to disappoint, but I’m not going to scream at you for that.
I appreciate the inside view on cybersecurity. I cannot personally say for certain whether new information sharing laws are necessary – some say they are, some don’t. Some say cyber threats are exaggerated, some say they are real. But I’m absolutely willing to entertain the idea that they are.
However, if we are to create such laws, there are some sensible precautions that should exist to make sure they don’t unnecessarily violate people’s privacy and freedom. Requiring anonymization of data in most cases, for example. Placing clearer restrictions on what constitutes cyber threat information (not things like copyright infringement). Placing more detailed limitations on what the government can do with the data and how long they can retain it.
I think it’s completely fair that people who have an inside view of the cybersecurity situation should play a major role in determining the need for, and drafting the details of, cybersecurity legislation. However, since we’re dealing with a law that overrides all other laws and has broad implications for things way beyond cybersecurity, it seems only fair that citizens and the broader internet have a seat at the table too.
Re: Re: Agree to Disagree
You have stated it quite well and I cannot disagree. However, my only caution or concern really, is around things like copyright infringement as it relates to intellectual property theft (Networked World: U.S. Businesses Vulnerable to Espionage Without Cybersecurity Legislation – http://tinyurl.com/82tfxdn). One nameless government far, far to the east has been stealing this kind of information for a long time, replicating much of it, and then flooding the market with significantly lower priced products. These people have some amazingly skilled/talented hackers and engineers that are leaps and bounds beyond *many* of the existing people here at home, both in the private sector as well as the public sector. Or maybe a better way of putting it is that they have the means, the motive, and the knowhow along with the backing of their government.
On the private sector side look at all the breaches over the past two years alone, some of which have been found to have been ongoing for several years (APT). One company recently in the news was deemed to have lost close to a bi$$ion dollars? worth of intellectual property due to their network being compromised for close to TEN years. Some argue that it?s the individual companies fault and if they fail as a result then so be it. This is so wrong in my thinking. These firms do not have the skill or knowledge to deal with this stuff any more effectively then Lockheed Martin, Boing, or RSA were, each of which have huge cyber security staffs and access to some of the most sensitive cyber security data AND WERE STILL BREACHED! The skill level on both sides is really quite imbalanced IMHO. It is almost like entering a gun fight?. they show up with armor piercing bullets and we show up with a rubber ducky water gun! I am generalizing here so nobody get their panties in a bind.
What I believe our Gov is trying to do, admittedly very sloppily, is use regulation where human skills and technology continues to fail. There are significantly more attacks against private sector entities then Gov entities. Unfortunately, due to current privacy laws private sector entities cannot (WILL not) release that information due to the legal consequences they might face from both individuals and the defense attorney mafia prevalent in the U.S. The threat data that the private sector holds from these many attempted breaches would be incredibly valuable to the feds when it is aggregated with data they get from their systems. Together that data helps tremendously in painting a more complete picture desperately needed to not only catch the bad guys, but to fully analyze exactly WHAT and HOW they are doing it. Defenses can then be designed to reduce the success rates. This is part of that skill gap I mentioned earlier. Yes, the U.S. and our private sector are still on the defensive and will be for the long term.
There was an interesting article related to this topic that came out on April 10, 2012 (Networked World: http://tinyurl.com/76k3pl8) that described how the U.S. Army cannot find people with the necessary cyber security certifications to fill vacancies. Current regulations specify these certification requirements. The Army?s response to the lack of certifications is? reducing the certification thresholds required to fill the openings. ?To cope with the shortage of certified personnel, the Army is altering its guidelines so that not as many individuals working in areas it calls “an enclave boundary” — defined as a specific set of routers and firewalls — will have to meet the previous requirements?? Seriously? I used to work in that environment not too long ago and I am telling you now, you do NOT want to do this. Also, let’s not get into the debate on certifications and how they give a false sense of skill/capability.
So in conclusion, until the U.S. and the private sector takes the necessary steps to produce more advanced skills in its up and coming cyber security people, we will continue to play the defensive role. Coupled with lack of sufficient cyber data from all sources containing sufficient information (not sanitized to the point of worthlessness) to be useful, the U.S. overall is kinda screwed at the moment. It is my opinion that this current legislation is an attempt to get access to that private sector data by protecting private entities from legal repercussions, so they can do as I described above. As a country, we will continue to play defense until we take the necessary steps to significantly change the rules of the game with the adversaries.
Note: I am a private citizen with no current, direct or indirect connections or affiliations with the U.S. Government or any related public/private firm. My opinion is my own and does not reflect that of any company, business, or entity I have had dealings with, either past or present. Dam Mafia!
Re: Re: Re: Agree to Disagree
Hmmm, I like you Psyphurr, unlike most people who come into the comments section with a differing point of view, you presented your opinion in a clear and concise manner without resorting to ad hominems or declaring our arguments wrong without any support.
I don’t know only the basics of online security, so I’m not the best person to ask on whether or not a cyber-security bill is really needed. But, if something must be done, I would rather run the risk of some sort of cyber threat, then rush a bill that may or may not prove useful, or may in fact be used for entirely different purposes that I do not support. I have seen too many bills where the backers insist the bill will “only” be used a certain way, in order to leave out measures to protect against misuse, and then have the bill used in the exact way the backers insisted it wouldn’t. Some fine examples include the Pro-IP act, Canada’s failed “Protecting children from Internet Predators Act” that was really an online surveillance bill whose only mention of Child Porn was in its name, and who could forget the Patriot Act.
If there is to be a Cyber-Security bill passed that may affect me, I want that bill to be as specific as possible, thoroughly researched, and to give only as much power as necessary to the government to reduce the collateral from misuses that will inevitably happen.
My problem with this particular bill, CISPA, is its broad undefined wording, how it overrides any state legislation on the matter, the exemption from FOIA, and the thought of worrying my private data being shared without my knowing not only by hackers but by the government as well.
Re: Re: Re:2 Agree to Disagree
If there is to be a Cyber-Security bill passed that may affect me, I want that bill to be as specific as possible, thoroughly researched, and to give only as much power as necessary to the government to reduce the collateral from misuses that will inevitably happen.
I’ve gotta ask, was there ever such a bill (ANY bill, not just cyber-security) that was thoroughly researched and gave the government only necessary power that couldn’t be abused?
Hmmm, I like you Psyphurr, unlike most people who come into the comments section with a differing point of view, you presented your opinion in a clear and concise manner without resorting to ad hominems or declaring our arguments wrong without any support.
And I’ve gotta agree, it’s refreshing to hear an opinion that actually backs up what they have to say without resorting to “Marcus/Mike,” “freetards,” “piracy,” “Google,” or gay jokes.
Based on his comment, it’s obvious he knows what he’s talking about instead of acting all uppity and thumbing his nose at the rest of us.
Hope Psyphurr sticks around and shows what REAL counter-points are supposed to look like.
Re: Re: Re:3 Agree to Disagree
I’ve gotta ask, was there ever such a bill (ANY bill, not just cyber-security) that was thoroughly researched and gave the government only necessary power that couldn’t be abused?
another “sad but true” button moment… unfortunately it happens all too often. Fortunately, as proven by SOPA, the public can actually have an effect on lawmaking. And, hopefully, in the future we will be able to stand up and be heard over the giant lobbying organizations that buy out politicians.
Re: Re: Re:3 Agree to Disagree
I have bookmarked the site 🙂
Re: Re: Re:2 Agree to Disagree
I agree completely Watchit; I’d rather continue to be “unsafe” for a while longer than rush something like this into law, especially with the broad definitions and dangerous implications it may have; possibly turning everyday music pirates into cyberterroists.
I’m not trying to hijack the thread, but the root of this problem really is piracy. The powerful companies that sponsor and promote legislation like this and buy off our representatives aren’t doing it because they want to destroy privacy any more than the SOPA sponsors wanted to destroy free speech. They just want to protect their profits.
They’re trying to get more power over consumers that can steal their stuff basically at every turn. These companies are fearful and feel powerless to stop the masses from pirating any content they come out with, so they draft up legislation like this with their purchased Washington representative. The users feel powerless against these companies who take advantage of them at every turn trying to get them to pay more for less, so they turn to piracy in greater and greater numbers. It’s a self perpetuating cycle of powerlessness and power grabs.
If we REALLY want to stop legislation like this, both groups need to start empowering each other. Companies need to make it easier to purchase, and adjust the prices of their media content to take into account the deflation that’s occurred because of the internet; my 10,000 song iPod should not cost me $10,000 to fill.
Conversely, consumers need to start seeing piracy as the crime that it is and change the culture around it. It may not be stealing per se, but as long as people think they’re losing profits from the content they create, they’ll take aggressive measures like this to protect themselves.
CISPA, SOPA, PIPA, they all stem from fear. It’s like a momma bear attacking you because she thinks your a threat to her cubs. All you see is a bear claw coming at you, but in her mind, YOU are the intruder.
Revolution is Imminent
IF YOU’RE A TRUE AMERICAN YOU WILL REJECT & VOTE AGAINST THIS TERRIBLE BILL. IF YOU DON’T AND IT GETS PASSED THEN THE THOUSANDS OF US WHO ARE AGAINST IT WILL REVOLT AGAINST THE GOVERNMENT & IT WILL NOT BE PRETTY.
Re: Revolution is Imminent
I will provide the cupcakes
Re: Re: Revolution is Imminent
Please not the cupcakes…please no…
You just hide your activities with a VPN
..problem solved
Re: Re:
This bill will allow the government and private sector security people the ability to gather information from VPN’s on their users if the government deems the information a “cyber threat”. So you’d not only need to get a VPN, but a VPN from out of country, such as Sweden.
CISPA is like a cancer in some private area.
—
This post under full military copyright to Anonymous. Do not use, do not cite, do not steal! All rights super-government reserved to and by Anonymous ??? by Anonymous. Do not share under penalty of death.
Re: Re:
CISPA is like a cancer in some private area.
LOL! I stole (copied) it! 😀
The Internet is the power to: our freedom of expression, be social, meet and great others around the world, stay in contact with love ones and friends around the world, atomize and enjoy after a hard days work, create possibilities.
Don’t BREAK the internet!
Re: Re:
I so remember those days. Unfortunately, we no longer have the control to keep it that way. Too many countries and their oppressive governments have carjacked the Internet. So sad….
What our gov’t has failed to appreciate is that as it has continued to violate our trust in how it applies various laws and how its representatives have behaved, we can no longer provide it a free pass on interpretations. To date, we cannot get the Dept. of Justice to provide its interpretation of the Patriot Act, which has been law for quite some time now. We also have seen threats of applying the Espionage Act in overly broad manners.
Yes, it’s clear there are issues that need to be addressed in order to properly deal and coordinate on “cyber” threats, but providing our gov’t carte blanche cannot be an option, they have proven themselves unworthy of the trust endowed upon them.
can't we all just... get a fong?
so let me get this straight… Government owned companies of another country are stealing secrets from private companies that the US government outsources to because it’s cheaper and with more kickbacks then government ownership…?
i guess that’s privatization coming back to bite you in the ass…
nonetheless removing culpability for false/mistaken accusations?… that’s crap. if you’re gonna accuse me of something and you’re wrong, i want to know i can be at least compensated and that the threat of retribution will keep you from using your powers carte blanche.
Finally, this seems like a two way street, as in not only will the private companies pony up info to the government but will have government backing for their own ulterior motives…. and frankly, no way. I voted in the government…. well the government was voted in. Private companies were not, and i’ll not have private companies dictating law without repercussion. hell, even having a law protect them whilst they do it. yes i know they dictate laws now to an extent, but laws are in place to limit that and public humiliation of being caught gets them in hot water too, but once laws protect them, where would it stop?.. buy our product or be a terrorist?.. elections won and lost by financial margins
okay i’m being dramatic and fatalistic. But still, this law is heading us down a dark path and anyone not set to gain (financially or power wise) from it can see that.
"Efforts" to degrade
Sooo, are efforts to degrade a network….. downloading a file? Has everyone just legally become a future Kim Dotcom? Don’t I degrade the network every time I use it? And since there is no requirement to show due cause before requesting information every one just became guilty until proven innocent. Should I expect my email to have been hacked and copied and my ISP to cut me off within hours after posting this? Will privacy become a forgotten word?
CISPA Is Fascism?Disguised In Cyber Security Legislation
CISPA the Cyber Intelligence Sharing and Protection Act if passed will allow??the military and NSA warrant-less spying on Americans? confidential electronic Communications and transmitted private information; circumvent the fourth amendment by permitting any self-protected cyber entity to share with the Feds any obtained information that might relate to a cyber threat. Considering federal government?s close business relationship with several telephone and Internet companies it should be assumed the feds will through CISPA gain access legally or otherwise to Americans? electronic communications. The current House Passed Cyber Security Bill overrides the Fourth Amendment, any information gleaned from warrant-less spying is admissible in Criminal, Civil and Administrative courts against U.S. Citizens and businesses. CISPA opens the door for U.S. Government spy agencies such as NSA; the FBI, government contractors and private entities (to take out of context) any innocent?hastily written email, fax or phone call to allege a crime or violation was committed to cause a person?s arrest, assess fines and or civilly forfeit a business or property. There are more than 350 laws and violations that can subject property to government asset forfeiture. Government civil asset forfeiture requires only a civil preponderance of evidence for police to forfeit property, little more than hearsay.
The U.S. Justice Department can use CISPA spying to circumvent the Fourth Amendment, (no warrant searches) of Web Server Records; a Citizen?s Internet Activity, personal transmitted emails; fax and phone calls to issue subpoenas in hopes of finding evidence or to prosecute Citizens for any alleged crime or violation. If CISPA is passed it is problematic federal, state and local law enforcement agencies and private government contractors will want access to prior Bush II NSA and other government illegally obtained electronic records not limited to Americans? Internet activity; private emails, fax and phone calls to secure evidence to arrest Americans, to civilly forfeit their homes, businesses and other assets under Title 18USC and other laws. Of obvious concern, what happens to fair justice in America if police become dependent on ?Asset Forfeiture? to help pay their salaries and budget operating costs?
The passed ?Civil Asset Forfeiture Reform Act of 2000? (effectively eliminated) the ?five year statue of limitations? for Government Civil Asset Forfeiture: the statute now runs five years (from the date) police allege they ?learned? an asset became subject to forfeiture. If CISPA is passed allowing (no warrant) electronic government surveillance of Americans, it should be expected CISPA will be used by government not just to thwart cyber threats but to prosecute Americans for any alleged crime; expect government/police will relentlessly sift through Citizen and businesses? (government retained Internet data), emails and phone communications to discover possible crimes or civil violations. A corrupt despot U.S. Government Administration may too easily use no-warrant-seized emails, Internet data and phone call information) to blackmail political opposition, U.S. Citizens, corporations and others in the same manner Hitler used Nazi passed no-warrant police state search and seizure laws to selectively target Citizens for arrest, to extort support for the Nazi fascist government, including strong-arming parliament to pass Hitler?s 1933 Discriminatory Decrees that suspended the Constitutional Freedoms of German Citizens.
A Nazi Government threat of ?Property Seizure? Asset Forfeiture of an individual or corporation?s assets generally was sufficient to ensure Nazi support. History shows how that turned out?
Anonymity
I disagree. But totally is a good article. I need to read more 🙂
Anonymity
How can you disagree if you didn’t read all?