Law Enforcement Already Has A Way To Share 'Cybersecurity' Info With Companies; Why Do We Need CISPA?

from the this-makes-no-sense dept

The whole CISPA situation keeps looking more and more questionable. For months, we've been raising the question of why we needed such a law in the first place, because the evidence of any online threat that required such a law seemed hyperbolic at best, and perhaps naively anecdotal, at worst. However, there's another dimension to the "why" question. It's not just that the actual risk hasn't been quantified, it's not clear that the government and companies actually need a new law to share such security info in the first place. As we stated, the "right" way to do this would be to look at where the actual roadblocks are today in sharing such info. And there's some evidence that such roadblocks don't even exist.

Kashmir Hill has a great post showing how the FBI and companies already share the kind of info that the bill's sponsors claim the bill is needed to allow.

The FBI has been information-sharing with private industry for over a decade without a bill like CISPA in place.

In 1997, long-time FBI agent Dan Larkin helped set up a non-profit based in Pittsburgh that “functions as a conduit between private industry and law enforcement.” Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA’s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.

In other words, if sharing info was important, we already had a perfectly functional model that's been in place for 15 years. This means, either that the Congressional authors and supporters of this bill were completely ignorant of this or CISPA is really meant to sneak through something worse. Neither makes CISPA or its supporters look very good. I'm actually hoping that the truth is that they're just ignorant and passing laws on issues they don't understand, because the other choice is even more depressing.

Filed Under: cispa, cybersecurity, fbi, information sharing

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 29 Apr 2012 @ 5:02pm

    Re: Re: Re:

    Who is paying you to be so hyper focused on a single website? Are you working for a group that opposes it?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.