CISPA Has NOT Been Fixed; It Could Allow The Gov't To Effectively Monitor Private Networks

from the don't-buy-the-hype dept

When the new discussion draft of CISPA was published, many people including myself praised the one point of sincere improvement in the bill: the modified definition of cybersecurity that focused on network attacks. Unfortunately, the authors of the bill are spinning this to suggest that CISPA is now nearly perfect, and some media outlets and even advocacy groups are buying it—even though nothing could be further from the truth, and the White House still opposes the nature of the bill. CISPA still has big, big problems. In fact, closer analysis by the CDT and EFF suggest that the language may be worded to allow what is effectively direct government monitoring of private networks.

Government networks are protected by a network security system called Einstein, which is being steadily expanded to do things like analyze the content of communications. Such software meets all the criteria of a "cybersecurity system" under CISPA, and there is serious concern that the bill would permit the government to offer Einstein or a similar system to private cybersecurity companies. By CISPA's definitions, everything collected by such a system would qualify as "cyber threat information" and thus be open game for sharing with the government—and nothing in the bill would prevent these private systems from being connected live to government databases, effectively uniting them with the government's own security network.

Yes, it would still be voluntary—the government couldn't force a cybersecurity provider to install their software, and the provider would need to get permission from its clients to share the data. But it's not hard to envision a situation developing very quickly, in which the government gets a few major security players hooked up and their clients routinely agree without a second thought. After all, CISPA's extremely limited liability provisions mean there's little to no risk for companies. Some may question whether the government would actually move in this direction under CISPA, but given the fact that the NSA has been trying to expand Einstein to private networks since the Bush administration, giving them the legal ability to do so is a very bad idea.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Skeptical Cynic (profile), Apr 19th, 2012 @ 10:03am

    Data created = Data shared = Data Used = Data Used for purposes not expected.

    The title says it all. If any entity is allowed by law to collect the data then they WILL use it in ways that have not been governed by law. They will find ways to skirt any and all restrictions.

    Hello!!! Everyone!!!! Legal access to data should be our SOPA fight.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    :Lobo Santo (profile), Apr 19th, 2012 @ 10:14am

    On the other hand...

    Rarely is the government effective at doing anything--at least here at home.

    Except when it comes to killing brown people in other countries where there's oil, then they excel, apparently.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    gorehound (profile), Apr 19th, 2012 @ 10:24am

    Re: Data created = Data shared = Data Used = Data Used for purposes not expected.

    And I look at this intrusion of my Privacy as their Patriot Act #2 with a SOPA/PIPA Frosting !!!

    Yes the Government is rarely working at all for the People.I hate it and wish we could just Vote both of these Dinosaur Parties out.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Skeptical Cynic (profile), Apr 19th, 2012 @ 10:25am

    Re: On the other hand...

    Lobo, you have commented many, many times and I have agreed with you a lot of those times. But this time I am going to say your post is nothing more than a Race Pimp's post. The fact that you would say Brown People in a post disappoints me greatly.

    At TechDirt we always look at issues from a human perspective not (never) from a race issue. So please understand that at TechDirt we are always about bringing a better world to everyone. Everyone ='s All people. No Race ever!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    lexieliberty (profile), Apr 19th, 2012 @ 10:28am

    Internet Legislation Will Never Be Just

    It'll never be competent functioning legislation ever!! I don't know why Tech Dirt doesn't get that. Maybe they should pay more attention to how politics works.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    E. Zachary Knight (profile), Apr 19th, 2012 @ 10:32am

    Re: On the other hand...

    I don't know about that. Based on the last 10 year's worth of news reports and Wikileaks, we can't even do that right. Just big.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Skeptical Cynic (profile), Apr 19th, 2012 @ 10:39am

    Re: Re: Data created = Data shared = Data Used = Data Used for purposes not expected.

    My thought has always been that no access to our information should ever be given without a informed legal decision being made by a Judge/Senator/President/Representative that understands the implications of the access being given.

    Too many Judges/Senators/Presidents/Representatives think they are smart enough to decide. When they are creating legal requirements they are uninformed about.

    Too often the experts they listen too are those industries that will benefit most by the law, not the real victims.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    :Lobo Santo (profile), Apr 19th, 2012 @ 10:41am

    Re: Re: On the other hand...

    (sorry, I was quoting one of my heroes: George Carlin)

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    :Lobo Santo (profile), Apr 19th, 2012 @ 10:44am

    Re: Re: On the other hand...

    I actually have a long-standing disagreement with the concept of "races" amongst humans... I find it disgusting that people think in those terms, accepting pejorative falsehoods as fact and never reasoning for themselves.

    Seriously, the color of one's skin is nothing more than a function of the latitude(s) at which ones ancestors dwelled, nothing more.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Skeptical Cynic (profile), Apr 19th, 2012 @ 10:51am

    Re: Re: Re: On the other hand...

    YEAH Lobos!! You have redeemed yourself in my eyes. I am and have been most of my life "White", but I have always sought a world where each person is judged on the merits of their actions.

    Really, I want no gain or loss for any person that is not because of what they have achieved.

    Why? Because as each person does something worth noting they elevate their own person.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    :Lobo Santo (profile), Apr 19th, 2012 @ 10:54am

    Re: Re: Re: Re: On the other hand...

    In the 'race' query on forms, I always check 'other' and then fill in "Human" as the value. This seriously annoys some people. :-)

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    PlagueSD (profile), Apr 19th, 2012 @ 10:56am

    So lemme get this straight. The Government wants ALL our networks (public & private) connected to theirs. So if I'm a hacker, all I have to do is hack 1 system to get all the information I need instead of hacking 30?

    We all know how secure the government networks are, dont we?

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    :Lobo Santo (profile), Apr 19th, 2012 @ 10:58am

    Re: :-D

    I hear you can hack one in only a few minutes while getting a BJ while a gun is pointed at your head...

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Skeptical Cynic (profile), Apr 19th, 2012 @ 10:59am

    Re: Re: Re: Re: Re: On the other hand...

    I am in all cases first a human. And will always be human first. I live for a world where we can all excel to our own limits.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    VMax, Apr 19th, 2012 @ 11:00am

    Re: Re: Re: On the other hand...

    Actually, I thought the races where "human", "troll", and "shill".

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Michael Long (profile), Apr 19th, 2012 @ 11:01am

    Re: Data created = Data shared = Data Used = Data Used for purposes not expected.

    I'd also note that there's nothing preventing private companies from developing and using their own software to monitior networks, and offering to share that information with the government.

    All completely legal under CISPA. As long as there's a "cyber sececurity" purpose, of course.

    And once such monitoring systems are in place, we're probably just one terrorist attack or major cyber attack away from the government passing an emergency measure requiring companies to hand over their collected data.

    More on http://www.iSights.org/2012/04/cispa-could-allow-the-government-to-monitor-private-networks.html

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Minimum Wage Shill, Apr 19th, 2012 @ 11:01am

    but mike, the bill was never broken to begin with. whats there to fix? You don't want the government monitoring your networks for those terrorist who also infringe because you know that once you start breaking the law and infringing you start thinking breaking the law is ok and you turn into a terrorist eventually. every terrorist started somewhere, they start small and they move onto becoming a terrorist.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Apr 19th, 2012 @ 11:01am

    given that ANY and ALL governments would spy on and eaves drop on every single citizen in the WHOLE WORLD if they could, i wouldn't trust this government with the lock number on my garden shed!

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Skeptical Cynic (profile), Apr 19th, 2012 @ 11:02am

    Re:

    You have now been labeled a terrorist for statements of fact and therefore you will be subject to summary judgement involving your castration and vocal-cord removal.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Apr 19th, 2012 @ 11:02am

    Re: Data created = Data shared = Data Used = Data Used for purposes not expected.

    I don't mind them collecting data ... with a warrant first.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Skeptical Cynic (profile), Apr 19th, 2012 @ 11:06am

    Re: Re: Re: Re: On the other hand...

    Correction: Man(Man being gender based is now disallowed, new term Person), Human, Race Pimp, Troll, Shill, Person.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    Skeptical Cynic (profile), Apr 19th, 2012 @ 11:07am

    Re: Re: Re: Data created = Data shared = Data Used = Data Used for purposes not expected.

    I meant an but said a informed....

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    :Lobo Santo (profile), Apr 19th, 2012 @ 11:08am

    Re: Re: Re: Re: Re: On the other hand...

    (as long as we're doing this, this is obligatory...)
    There are only 10 types on people, those who understand binary, and those who do not.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    John Fenderson (profile), Apr 19th, 2012 @ 11:09am

    Re: Internet Legislation Will Never Be Just

    I don't know why Tech Dirt doesn't get that.


    I don't get why you think TD doesn't get that.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Brandon, Apr 19th, 2012 @ 11:14am

    More co-sponsers

    6 more have signed on (112), this is no sopa and there seem no real will to stop it.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Apr 19th, 2012 @ 11:17am

    Re: Re: Internet Legislation Will Never Be Just

    I guess because they think that these bills can be improved on?

     

    reply to this | link to this | view in thread ]

  27. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Apr 19th, 2012 @ 11:18am

    The law could also be used to jump tall buildings in a single bound.

    Take off your tin foil hat Marcus, it makes you look even stupider than you are.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    VMax, Apr 19th, 2012 @ 11:19am

    Re: Re: Re: Re: Re: On the other hand...

    Wouldn't son be disallowed as well for the same reason?

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Rich Kulawiec, Apr 19th, 2012 @ 11:57am

    Re:

    So if I'm a hacker, all I have to do is hack 1 system to get all the information I need instead of hacking 30?

    Exactly what I pointed out in the TechDirt piece here.

    For that matter, you don't even necessarily have to hack a system. You could:

    1. Wait for its operators to screw up and make the information visible on the public Internet.

    2. Wait for them to lose it (more likely in the case of laptops, of course).

    3. Wait for them to decommission it, forget to wipe its disks, and auction it off. Or toss it in a dumpster.

    4. Bribe someone who has access to it.

    5. Wait for someone else do 1-4, and then either buy or steal it from them.

    The problem, once again, is that the inexperienced and short-sighted people backing efforts like this mistakenly believe they're building weapons (against terrorists, for example).

    They're not. They're building targets.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Apr 19th, 2012 @ 12:01pm

    The Net - Watch it!

    Has everyone forgotten the 1995 thriller The Net!?

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Apr 19th, 2012 @ 12:10pm

    Re: Re: Re: On the other hand...

    Reminds me of the famous sports journalist Jimmy Cannon writing about Joe Louis many years ago, he said: "He is a credit to his race, the human race".

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Apr 19th, 2012 @ 12:19pm

    Re: Re: Data created = Data shared = Data Used = Data Used for purposes not expected.

    I hate to tell ya, but it's already going on.

    Fire up a packet capture software.

    Enjoy!

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous Coward, Apr 19th, 2012 @ 12:20pm

    And At&T already has in their TOS the sale of your user data as an end around for supplying data to the government. Did we forget?

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    John Fenderson (profile), Apr 19th, 2012 @ 12:27pm

    Re: Re: Re: Internet Legislation Will Never Be Just

    Perhaps, but it's entirely consistent to say the bills can be improved on and also that the bills will never be competent legislation.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    haha, Apr 19th, 2012 @ 1:36pm

    now i do the following

    i turn off my internet how you going to monitor my private network

    no really
    how do you know i have one?
    I see so its a home invasion across the land by fascist bastards that have no business doing this.

    GO fix your damn debts before you bug me....

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    That One Guy (profile), Apr 19th, 2012 @ 2:00pm

    Re: Re: Re: Re: Re: On the other hand...

    I am so stealing that idea.

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    Michael Long (profile), Apr 19th, 2012 @ 2:32pm

    Re: Re: Re: Data created = Data shared = Data Used = Data Used for purposes not expected.

    CISPA exists to give sharing private information with the government a legal basis, to block disclosure of such under the FOA, and to provide a legal "get out of jail" card to companies that cooperate "voluntarily".

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Anonymous Coward, Apr 19th, 2012 @ 6:20pm

    Seing as how governments LURVE to regulate stuff, how about they propose a bill for a whole new department in their mists, where all members are appointed by the people, and fired by the people, which its sole purpose is to "regulate" the GOVERNMENT........now there's a bill i can get behind.

    We can call it the "PROTECT THE PEOPLE FROM GETTING SHAFTED UP THE BAKSIDE".....bill.

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    C, Apr 20th, 2012 @ 3:03am

    CISPA

    Lets face it, this Bill is being introduced so that governments can protect themselves from the likes of Anonymous and other hacker groups? No?

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    I'm Not Buying It, Apr 20th, 2012 @ 9:51am

    America

    'Love it OR leave it' won't work any more..

     

    reply to this | link to this | view in thread ]

  41.  
    icon
    Hictoundile (profile), Sep 23rd, 2012 @ 9:16pm

    Re: Re: Re: On the other hand...

    I can't see the quote anymore :(

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This