CISPA Has NOT Been Fixed; It Could Allow The Gov't To Effectively Monitor Private Networks

from the don't-buy-the-hype dept

When the new discussion draft of CISPA was published, many people including myself praised the one point of sincere improvement in the bill: the modified definition of cybersecurity that focused on network attacks. Unfortunately, the authors of the bill are spinning this to suggest that CISPA is now nearly perfect, and some media outlets and even advocacy groups are buying it—even though nothing could be further from the truth, and the White House still opposes the nature of the bill. CISPA still has big, big problems. In fact, closer analysis by the CDT and EFF suggest that the language may be worded to allow what is effectively direct government monitoring of private networks.

Government networks are protected by a network security system called Einstein, which is being steadily expanded to do things like analyze the content of communications. Such software meets all the criteria of a “cybersecurity system” under CISPA, and there is serious concern that the bill would permit the government to offer Einstein or a similar system to private cybersecurity companies. By CISPA’s definitions, everything collected by such a system would qualify as “cyber threat information” and thus be open game for sharing with the government—and nothing in the bill would prevent these private systems from being connected live to government databases, effectively uniting them with the government’s own security network.

Yes, it would still be voluntary—the government couldn’t force a cybersecurity provider to install their software, and the provider would need to get permission from its clients to share the data. But it’s not hard to envision a situation developing very quickly, in which the government gets a few major security players hooked up and their clients routinely agree without a second thought. After all, CISPA’s extremely limited liability provisions mean there’s little to no risk for companies. Some may question whether the government would actually move in this direction under CISPA, but given the fact that the NSA has been trying to expand Einstein to private networks since the Bush administration, giving them the legal ability to do so is a very bad idea.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “CISPA Has NOT Been Fixed; It Could Allow The Gov't To Effectively Monitor Private Networks”

Subscribe: RSS Leave a comment
Skeptical Cynic (profile) says:

Data created = Data shared = Data Used = Data Used for purposes not expected.

The title says it all. If any entity is allowed by law to collect the data then they WILL use it in ways that have not been governed by law. They will find ways to skirt any and all restrictions.

Hello!!! Everyone!!!! Legal access to data should be our SOPA fight.

Skeptical Cynic (profile) says:

Re: Re: Data created = Data shared = Data Used = Data Used for purposes not expected.

My thought has always been that no access to our information should ever be given without a informed legal decision being made by a Judge/Senator/President/Representative that understands the implications of the access being given.

Too many Judges/Senators/Presidents/Representatives think they are smart enough to decide. When they are creating legal requirements they are uninformed about.

Too often the experts they listen too are those industries that will benefit most by the law, not the real victims.

Michael Long (profile) says:

Re: Data created = Data shared = Data Used = Data Used for purposes not expected.

I’d also note that there’s nothing preventing private companies from developing and using their own software to monitior networks, and offering to share that information with the government.

All completely legal under CISPA. As long as there’s a “cyber sececurity” purpose, of course.

And once such monitoring systems are in place, we’re probably just one terrorist attack or major cyber attack away from the government passing an emergency measure requiring companies to hand over their collected data.

More on

Skeptical Cynic (profile) says:

Re: On the other hand...

Lobo, you have commented many, many times and I have agreed with you a lot of those times. But this time I am going to say your post is nothing more than a Race Pimp’s post. The fact that you would say Brown People in a post disappoints me greatly.

At TechDirt we always look at issues from a human perspective not (never) from a race issue. So please understand that at TechDirt we are always about bringing a better world to everyone. Everyone =’s All people. No Race ever!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

:Lobo Santo (profile) says:

Re: Re: On the other hand...

I actually have a long-standing disagreement with the concept of “races” amongst humans… I find it disgusting that people think in those terms, accepting pejorative falsehoods as fact and never reasoning for themselves.

Seriously, the color of one’s skin is nothing more than a function of the latitude(s) at which ones ancestors dwelled, nothing more.

Skeptical Cynic (profile) says:

Re: Re: Re: On the other hand...

YEAH Lobos!! You have redeemed yourself in my eyes. I am and have been most of my life “White”, but I have always sought a world where each person is judged on the merits of their actions.

Really, I want no gain or loss for any person that is not because of what they have achieved.

Why? Because as each person does something worth noting they elevate their own person.

Rich Kulawiec (profile) says:

Re: Re:

So if I’m a hacker, all I have to do is hack 1 system to get all the information I need instead of hacking 30?

Exactly what I pointed out in the TechDirt piece here.

For that matter, you don’t even necessarily have to hack a system. You could:

1. Wait for its operators to screw up and make the information visible on the public Internet.

2. Wait for them to lose it (more likely in the case of laptops, of course).

3. Wait for them to decommission it, forget to wipe its disks, and auction it off. Or toss it in a dumpster.

4. Bribe someone who has access to it.

5. Wait for someone else do 1-4, and then either buy or steal it from them.

The problem, once again, is that the inexperienced and short-sighted people backing efforts like this mistakenly believe they’re building weapons (against terrorists, for example).

They’re not. They’re building targets.

Minimum Wage Shill says:

but mike, the bill was never broken to begin with. whats there to fix? You don’t want the government monitoring your networks for those terrorist who also infringe because you know that once you start breaking the law and infringing you start thinking breaking the law is ok and you turn into a terrorist eventually. every terrorist started somewhere, they start small and they move onto becoming a terrorist.

Anonymous Coward says:

Seing as how governments LURVE to regulate stuff, how about they propose a bill for a whole new department in their mists, where all members are appointed by the people, and fired by the people, which its sole purpose is to “regulate” the GOVERNMENT…… there’s a bill i can get behind.


Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...