Law Enforcement Already Has A Way To Share 'Cybersecurity' Info With Companies; Why Do We Need CISPA?
from the this-makes-no-sense dept
Kashmir Hill has a great post showing how the FBI and companies already share the kind of info that the bill's sponsors claim the bill is needed to allow.
In other words, if sharing info was important, we already had a perfectly functional model that's been in place for 15 years. This means, either that the Congressional authors and supporters of this bill were completely ignorant of this or CISPA is really meant to sneak through something worse. Neither makes CISPA or its supporters look very good. I'm actually hoping that the truth is that they're just ignorant and passing laws on issues they don't understand, because the other choice is even more depressing.
The FBI has been information-sharing with private industry for over a decade without a bill like CISPA in place.
In 1997, long-time FBI agent Dan Larkin helped set up a non-profit based in Pittsburgh that “functions as a conduit between private industry and law enforcement.” Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA’s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.