Posts tagged CISPA
CISPA, The Privacy-Threatening Cyberspying Bill, Is Dead In The Senate
Apr 26th
CISPA, the controversial cybersecurity bill passed by the House last week, appears to be dead in the Senate. It’s deja vu all over again for the measure, which would authorize private companies to share your email, texts and other personal information with federal agencies without a warrant or other privacy protections. Last year, CISPA also cleared the House but foundered in the Senate.
View full post on ReadWrite
Anonymous Calls For A CISPA Blackout To Protest The Bill's Privacy Threat… But Nobody Listens
Apr 22nd
Anonymous has called for an Internet blackout to protest CISPA, the much maligned cybersecurity bill that threatens your privacy more than it protects it. But without the support of Reddit, which co-sponsored last year’s SOPA blackout, the Web isn’t listening.
About 200 hundred sites have joined the #CISPABlackout today in protest of CISPA, which last week passed the House of Representatives. That may sound like a big number, but the list mostly consists of small sites within the hacker community. That’s a big contrast to the last year’s SOPA protests, which drew support from huge organizations like Google and Wikipedia.
Blackout your website: (requires some basic HTML/CSS knowledge): bit.ly/11dtXv6#CISPABlackout
— Anonymous (@YourAnonNews) April 22, 2013
Exceptions include the nonprofit Fight for the Future, which has tweeted solidarity but has not blacked out its site. Another is Stan Lee’s Comikaze, the comic book convention backed by the former Marvel Comics head honcho, which has blacked out its site.
A Reddit Divided
Reddit itself appears conflicted over the CISPA blackout. Some Reddit sections, aka subreddits, have switched their background color to black and added a CISPA protest banner and link, but have stopped short of a full blackout that would inconvenience users by obscuring links. As of about 11am PT, subreddits including “pics,” “politics,” “funny,” “askreddit” and “technology”) have black backgrounds, although their listed links remain visible in the foreground. Reddit’s front page and subreddits such as “news” and “worldnews” remain un-blackened.
It’s a clear case of the hacker collective overestimating its influence, as my ReadWrite colleague Dan Rowinski suggested to me in chat earlier today. “Without Reddit, it is just Anonymous proclaiming something into its own echo chamber,” he wrote.
It also doesn’t help that Internet firms themselves are divided on CISPA. Microsoft and Facebook may have recently walked back their support for the bill — which, by the way, faces a veto threat from President Obama — but Google hasn’t taken a position. And a rogue’s gallery of telcos, ISPs and other tech firms support CISPA.
CISPA threatens our privacy by essentially giving the government a blank check to monitor all of our online communication, without a warrant. So a sign of solidarity blacking out the Web would be a good thing. But it seems the collective isn’t as influential in garnering support as it is when its making cyberattacks. Which is too bad, because this mission would actually be a good thing.
Below is a video from Anonymous explaining more about the blackout:
If you want to contact your local senator or congressperson, check out this list of contact information from Anonymous. Here’s some background on Anonymous’ plans and how you can further support the blackout.
Lead image via Imgur, although it’s circulating across the Internet and its provenance is unknown
View full post on ReadWrite
CISPA Passes House, But Privacy Concerns May Still Sink It
Apr 18th
The House of Representatives has once again passed CISPA, the cybersecurity bill that lets companies and the federal government monitor and share your online communication without a warrant. But its fate in the Democrat-controlled Senate is much less clear, particularly now that President Obama has threatened a veto.
House lawmakers voted 288-to-127 in favor of the bill, while 18 abstained. Alarms are now rippling through the civil liberty advocate and Internet activism communities, especially since the bill garnered more supporters than it did last year.
The bill was approved last week without four privacy amendments that would have limited the ability of the NSA to collect personal data from private-sector companies like ISPs, email providers and social-media outfits. The failure of these amendments in committee led President Obama on Monday to publicly threaten a veto:
The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities.
Last year, opponents of the overreaching SOPA copyright bill included an unusually unified coalition of Internet companies. CISPA’s critics haven’t been so fortunate. AT&T, Comcast, EMC, IBM, Intel, McAfee, Oracle, Time Warner Cable, and Verizon have all signed on as supporters. But tech giants Facebook and Microsoft have stepped back from their support. Google has not taken a position.
The weight now falls to the Senate, which will have to consider ways to amend the bill in order to sidestep President Obama’s veto threat. Last year, CISPA died in the Senate over similar privacy concerns under the shadow of a veto threat.
View full post on ReadWrite
The White House Doesn't Love CISPA, But It's Not Hating On It, Either
Apr 12th
The White House doesn’t support the amended version of CISPA, the controversial Cyber Intelligence Sharing and Protection Act that would let companies and the feds monitor and share your online communication without a warrant. But while President Obama remains opposed to the bill’s latest iteration, he’s apparently hedging on whether he’d veto it.
The bill, aimed at data sharing between the public and private sectors, is a security nightmare for its vagueness and privacy oversight. Last year, we heard the same pop shots from Obama, except that back then he promised to veto the law. This year he isn’t making any promises, although White House rhetoric suggests that the polarizing bill still comes up short in the area of privacy concerns.
White House’s National Security Council spokeswoman Caitlin Hayden said in a statement:
We continue to believe that information sharing improvements are essential to effective legislation, but they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections…. We believe the adopted committee amendments reflect a good-faith effort to incorporate some of the Administration’s important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities.
These comments came a day after the House Intelligence Committee passed the bill on an 18-2 vote on Wednesday. New amendments to the bill require government agencies to strip away any private information they receive from companies participating in information sharing, prohibit companies from retaliating against alleged hackers or cyberattackers and backed away from a clause that would have allowed the use of threat information sharing arrangements for vague “national security” reasons. These sound like digital freedom wins, but most other privacy protections didn’t make the cut.
It’s unclear which way Obama will tilt, but if this year’s slew of major government targeted cyber attacks and the President’s cyber mandate mean anything, it looks like he may lean (and be forced politically) towards more regulation, even if it’s flawed.
Next week, the new version of the bill is expected to head to the House floor for a vote. If you want to help light a fire under the president and legislators, sign this petition from the privacy advocacy group Fight For The Future and check out this video from Reddit co-founder Alexis Ohanian to see why you should also hold tech companies accountable for their support of this poorly written law.
Photo courtesy of Shutterstock
View full post on ReadWrite
Obama, Cybersecurity, And The Return of CISPA
Feb 14th
The more things change the more they stay the same.
With the strike of his pen Tuesday, President Obama signed an executive order aimed at bolstering the nation’s cyber defenses and improving security. Later that night, in his State of the Union address, the President preached about the need to protect the country from online threats and the value of the private and public sector coming together to face protect the nation’s critical infrastructure. In his speech, he urged Congress to get to work to make this happen.
“Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks,” Obama said.
Emboldened by the chief executive’s rhetoric, on Wednesday members of the House of Representatives reintroduced CISPA (Cyber Intelligence Sharing and Protection Act), the highly controversial legislation that saw heavy opposition and online protest last year for its failure to protect the very privacy rights that the President’s current executive order claims to protect. The measure, which passed the House last year but failed in the Senate, amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence sharing. That means CISPA offers legal protection for sharing personal data (such as private email correspondence) between the government and private companies – all without a warrant. Here’s the updated version of CISPA, introduced by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.).
If enacted, this would give Federal agencies a blank check to search our private data. Our once “unalienable rights” as Americans are starting to look more and more alienated.
Backing the bill are a host of major trade groups as well as tech giants like AT&T, Facebook, IBM, Intel, Oracle, Symantec and Verizon. Why do these companies support it? One of those supporters, Facebook, said the law would not make the company share any more of its own data than is required. Others have explained their support by saying that sharing major data about cyber attacks would help protect all companies.
Backlash And Measured Responses
#CISPA is back, and it’s bad news for online privacy. Can you help @eff fight it? eff.org/r.2bJf
— EFF (@EFF) February 14, 2013
In the wake of this news, there’s been a major backlash online. Privacy advocate groups such as the ACLU, and the Center for Democracy and Technology, are all up in arms. The Electronic Frontier Foundation is asking people to contact their representatives to oppose the bill. The Internet nonprofit Fight For The Future has set up the protest website CISPAisBack.com as a resource to petition the bill, and provides info on CISPA and even phone numbers of representatives and a script to use when calling.
There’s no denying that America is vulnerable online. In 2012, the number of attacks reported to the U.S. Department of Homeland Security grew by 52%, according to Homeland Security’s Industrial Control Systems Cyber Emergency Response Team. But while something significant must be done, our privacy should not be sacrificed in the process.
Marc Rotenberg, the executive director of the Electronic Privacy Information Center, calls CISPA a “civil liberties minefield.” Instead, he’s in favor of “the approach set out in the executive order: Transparent, collaborative, and under the direction of a civilian agency.”
Michelle Richardson, legislative counsel at the ACLU, adds that the main danger of CISPA is that it makes companies exempt from all the privacy laws currently on the books. And in so doing, creates tremendous uncertainty when it comes to our personal data.
“The idea of ‘information sharing’ isn’t necessarily offensive in and of itself, but the question is what info will be shared, who can it be shared with and what can be done with it?” Richardson asked.
Richardson agrees with Rotenberg that such programs should remain in civilian hands, and future privacy protections must include sharing restrictions. Richardson doesn’t think CISPA meets those requirements, and hopes that as it moves along the legislative process, it will incorporate some of the amendments made to last year’s failed Senate bill. “The Senate bill is not perfect, but it’s a better alternative privacy-wise and hopefully the House will consider incorporating some of those protections.”
But whether or not the new bill will incorporate those earlier changes is still a big question mark.
“No one knows what will be in the final bill voted on by the Senate,” said Michael Hussey, the chief executive and founder of the personal search engine site PeekYou.
Who Will Really Win And Lose?
While Hussey and most Web companies and individuals want improvements, they are only seeking specific regulations to what kind of information can be shared, and regs geared to protecting people’s privacy. Hussey thinks major companies, like Facebook and IBM, are supporting the bill because that could keep them on top, and competitors out of or pushed down within the marketplace.
“In this case, the largest players all stand to gain from open-ended legislation towards this end, likely at the expense of competitors and consumers,” Hussey emphasized.
This is the first chapter in Book Two of the CISPA saga. There are many more to go through as the proposal begins its long route through Congress. If you are concerned about online privacy, it would be a good idea to monitor the progress of the bill, and make your concerns known to your Congressional representative.
Image courtesy of Shutterstock.
View full post on ReadWrite
CISPA: What’s The Worst That Could Happen?
May 4th
The Cyber Intelligence Sharing and Protection Act (CISPA) makes some very important people mad as hell, while other companies we trust with our personal info every day are cheering it on. Both sides paint a pretty gruesome picture of what happens if it passes or fails. But how bad will it really get, in either case? And is the protection CISPA gives us worth selling out our freedom?
The Murky Basics
NOTE: If you haven’t already read Dan Rowinski’s excellent overview of CISPA, start there.
CISPA starts off strong, with a goal “to provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities.” Unfortunately, the sentence doesn’t stop there, finishing with “and for other purposes.” The last four words are the beginning of the confusion, and it just gets worse. The bill leaves a lot to interpretation on some very important topics, such as defining exactly who constitutes a threat. According to the bill, a cybersecurity threat is someone guilty of “misappropriation of private or government information, intellectual property, or personally identifiable information.” That gives government a wide berth, and it terrifies civil-rights activists.
A Slippery Slope
Rebecca Jeschke, media relations director for the Electronic Frontier Foundation (EFF), thinks the bill’s ambiguity could have catastrophic results: “CISPA gives companies a free pass to bypass all existing privacy law, with vaguely worded provisions and no oversight. It’s a situation ripe for abuse.” How far down the rathole could that abuse go? “If this legislation is passed, Americans will always have the spectre of government surveillance over their online activities – no matter who they are or how private their activities,” Jeschke says.
While that might seem harsh, the EFF isn’t alone. The American Civil Liberties Union claims “this broad legislation would give the government, including military spy agencies, unprecedented powers to snoop through people’s personal information – medical records, private emails, financial information – all without a warrant, proper oversight or limits.”
If CISPA passes, though, we probably wouldn’t notice a thing, at least initially. Unlike SOPA, which outlined more specific, direct (and ultimately, useless) consequences of being labeled a bad guy, CISPA merely removes legal and procedural barriers and adds a veil of anonymity for companies that choose to share customer data. But CISPA is a two-way street, allowing the government to share information about cybersecurity threats with businesses, and who wouldn’t want access to that? “Voluntary” might not be when the government is dangling your company’s security like a carrot on a stick.
Civil-rights organizations aren’t the only ones worried about government leverage. Microsoft, an initial supporter of the bill, recently withdrew its backing, citing concerns about violating existing privacy agreements with its users. Since information sharing remains optional under CISPA, many see Microsoft’s waffling as a tacit acknowledgement that government strong-arming is inevitable. President Obama has cited similar concerns and threatened to veto the bill if it comes across his desk. CISPA will not turn the country into a police state overnight, but with the president and some of the industry’s biggest players backing the EFF’s claims, there’s little doubt that over time, the bill would erode some amount of personal freedom and privacy in the name of security.
Our Only Hope?
Lost liberty has always been the cost of security, and many believe society will give up its freedoms if the reward is great enough. Dutch Ruppersberger (D-MD), one of CISPA’s two sponsors, isn’t shy about what he feels is on the line: ”We weren’t ready for 9/11. But we have an opportunity to be ready for [a cyberattack].”
Comparing a hack to the greatest tragedy in American history may be extreme, but Ruppersberger has a point. Foreign hackers have already disrupted satellite operations, and they steal as much as $400 billion in trade secrets each year. An organized attack on a traffic grid or power plant could absolutely lead to real-world deaths. Clearly, we’re underprepared, and we need to do something. If CISPA doesn’t pass, are we screwed?
According to Paul Sweeting, principal at Concurrent Media Strategies, not really. To Sweeting, there’s not a lot of upside to the bill. His evidence? The people most familiar with CISPA don’t seem to believe in it. “I think it’s fair to assume, in light of President Obama’s threatened veto of the bill, that the White House, at least, does not believe the bill as written would be particularly effective,” Sweeting says. “This administration has not exactly been shy about putting its paws on the Internet in the interests of ‘national security,’ or about aggressive measures to protect the intellectual property of U.S. businesses. So if the White House is willing to torpedo CISPA, I think we can assume that its impact on cybersecurity would be limited, even if it passes.”
And what about the coalition of business backers, including Facebook, AT&T, Symantec and other tech heavyweights? Sweeting thinks they’re just in it for a free pass. He claims they’re “mostly interested in the liability exemption and don’t really believe it would have much effect on security. That’s why I think you see some of them going wobbly on their support now (e.g., Microsoft), as the opponents of the bill have gained some traction in the committee for tightening the exemption.” It’s worth noting that nearly all of the CISPA supporters were against SOPA, which would have forced tech companies to police their own content.
If that’s the case, a more specific bill that everyone can support might be worth the wait. After all, as the EFF points out on their website, CISPA does nothing to reduce the number of exploitable vulnerabilities that facilitate the vast majority of exploits, so with or without CISPA, the bad guys aren’t going away any time soon.
Images courtesy of Shutterstock.
View full post on ReadWriteWeb
Weekly Wrap-up: CISPA Passes The House
Apr 27th
Google Drive launched this week. The US House Passes CISPA. The iPad is Changing Education. Learn more about these stories and many more in the ReadWriteWeb Weekly Wrap-up.
After the jump you’ll find more of this week’s top news stories on some of the key topics that are shaping the Web – Location, App Stores and Real-Time Web – plus highlights from some of our six channels. Read on for more.
The Google Drive Review You’ve Been Waiting For
Google Drive launched this week to much attention. Jon Mitchell did an
US House Passes CISPA
The Cyber Intelligence Sharing and Protection Act (CISPA) passed in the U.S. House of Representatives by a vote of 248-168. Scott Fulton explained some of the ramifications of CISPA, sharing why some portions of it are necessary, but how dangerous the bill will be without changes.
Check to see if your Representative supported CISPA.
More Top Stories
How the iPad Is Changing Education
The iPad may only be two years old, but it’s already begun to change many things. Reading is one of them. Work is another. It is selling like crazy, but it will be some time before most of the people you know own a tablet.
The market for this type of device may only be in its infancy, but it’s already becoming clear how it will revolutionize certain aspects our lives. Education is a huge one, as recent developments have demonstrated. More
Apple’s Huge Quarter in Charts
Apple posted another monster quarter, just as some were starting to doubt it.
Again, Apple’s most impressive statistic is its overall sales growth: With more than $39 billion in revenue last quarter, Apple’s sales grew 59% year-over-year, far faster than its peers.
The iPhone business continues to lead Apple, and the 35 million iPhones shipped during the quarter were above expectations. More
How the iPad Is Revolutionizing Local Businesses
It was dinner at a fancy restaurant in Boston. After the last sip of Scotch was polished off, the waiter came over with the check… and an iPad. It was to take a survey about the quality of service, but it just as easily could have been used to pay the bill. More
Why Would a Financial Services Firm Want to Use Pinterest?
“PINTEREST: Can financial services firms use this new platform effectively?” That was the subject line of an email in my inbox this morning. It came from Corporate Insight, a financial services consulting firm. The email went on to note that “Pinterest values imagery over text and incorporates many social aspects of Twitter and Facebook to connect users and spread content.” While admitting that “no financial services firm uses Pinterest today,” nevertheless Corporate Insight thinks that financial institutions should have a presence on Pinterest. More
iPads in the Office: What Are They Really Good For?
When Steve Jobs first introduced the iPad, he acknowledged that for a tablet to have a “reason for being,” it had to be “far better at some key things” than either a smartphone or laptop. In the consumer market, tablets have some advantages in each of the seven categories Jobs mentioned: browsing, email, photos, video, music, games and e-books.. More
Macs Spread Malware To PCs
Call it Steve Jobs’ revenge. Security vendor Sophos has discovered that one in five Mac computers surveyed carry malware that could infect Windows PCs. In a bit of delicious irony, only one in 36 Apple computers were found to be infected with Mac OS X malware. The results bring an odd sense of urgency to worries about Mac security. More
Apple Could Buy T-Mobile With Its Q2 Earnings
Apple reported another very successful financial quarter this afternoon, exceeding expectations. In the quarter ending March 31, the company brought in a net profit of $11.6 billion on a grand total of $39.2 billion in revenue. As has been the case in recent quarters, the vast majority of Apple’s revenue came from sales of iPads and iPhones. Together, the two devices made up nearly 75% of Apple’s revenue last quarter, a percentage that continues to grow over time. More
Microsoft’s Mobile Comeback Is Looking Terrible
Microsoft ruled the PC market for decades with utter dominance. But today, as the future shifts toward mobile devices, things are not looking good for Microsoft. It’s not that it’s not trying: Microsoft is spending a lot of money and effort on cracking the mobile market, now in lockstep with Nokia, its top partner. But there’s no indication yet that it’s having any real success. More
Twitter Can’t Beat Facebook
Hardcore Twitter users, I know you’re a loyal bunch (in fact, I consider myself one of you). So don’t take this personally.
This article is about Facebook and how it is either going to destroy Twitter, force the microblogging service to change or make it an aquisition target by a rival, such as Apple or Google. More
ReadWriteWeb Channels
Follow ReadWriteEnterprise on Twitter.
- Publishers Starting to Reject e-Book DRM
- 5,000 Dangerous Android Apps Says Trend Micro Report
- $700 Ultrabooks Won’t Challenge the MacBook Air
Follow ReadWriteMobile on Twitter.
- As Apple Dominates U.S. Sales, Smartphone Focus Shifts Overseas
- Defining the Post-App Economy
- What Apple’s Spectacular Earnings Mean For Phone Carriers
- Why Mobile Business Apps are Attractive to Venture Capitalists
Follow ReadWriteCloud on Twitter and join the ReadWriteCloud LinkedIn Group.
- How U.S. Policy Creates Barriers for Cloud Providers
- How Fast Is Your Cloud?
- Popping the Amazon Web Services Capacity Myth
Follow ReadWriteHack on Twitter.
- 4 Cool Things You Can Do With Wappwolf and ifttt
- Why Apple’s WWDC 2012 Conference Sold Out Again – in Just 2 Hours
- Inside IBM’s Huge “Big Data” Buying Spree
- Bullpen Capital’s Duncan Davidson on VC Funding and “The Era of Cheap”
- Good News! Angels Are Getting More Optimistic
- Startup Hiring: The 10% Solution
- RWW Recommends: The Startup Toolkit
ReadWriteWeb Community
You can find ReadWriteWeb in many places on the web, a few of which are below.
- ReadWriteWeb on Facebook
- ReadWriteWeb on Twitter
- ReadWriteWeb on Google+
- ReadWriteWeb on LinkedIn
- ReadWriteWeb on Pinterest
- ReadWriteWeb on Storify
Subscribe to the ReadWriteWeb Weekly Wrap-up
Want to have this wrap up delivered to you automagically? You can subscribe to the Weekly Wrap-up by RSS or by email.
View full post on ReadWriteWeb
Congress Passes CISPA
Apr 26th
The Cyber Intelligence Sharing and Protection Act (CISPA) has been passed by the U.S. House of Representatives by a vote of 248-168.
“I know it is 2012, but it sure feels like 1984 in this House today. If you value liberty, privacy and the Constitution, then you will vote no on CISPA.”
- Congressman Hank Johnson (D-Ga)
- Congressman Hank Johnson (D-Ga)
With 112 cosponsors and no major opposition from major U.S. corporations, it was likely that the Cyber Intelligence Sharing and Protection Act (CISPA) would pass in the House of Representatives. In fact, the lines were so clearly drawn before the final vote that a congressional staffer correctly estimated to us that CISPA would pass by about a 250-180 margin.
Over the course of this evening, the House of Representatives voted on amendments to CISPA, including a motion from the Democratic House minority that “would protect the privacy of Internet passwords by prohibiting employers and the Federal Government from requiring the disclosure of confidential passwords by an employee or job applicant. It would also protect freedom of expression on the Internet by prohibiting the Federal Government from establishing a national firewall similar to the ‘Great Internet Firewall of China.’”
The amendment was voted down.
CISPA has enjoyed relative anonymity compared to the Stop Online Piracy Act (SOPA), which sparked protests that effectively blacked out the Internet for a day earlier this year. While opposition from advocate groups like Demand Progress, Sum of Us and the Center for Democracy & Technology, among others, has been vocal, the lack of major corporations opposing CISPA is really what will let the bill slide through Congress. No major technology corporations have stepped up against CISPA the way Facebook, Reddit and Wikipedia (among hundreds of other companies and websites) did against SOPA. Because of the lack of business opposition, CISPA has been a much lower-profile bill and members of Congress have not faced grassroots pressure to vote against it.
Passage of the bill depended on Republicans pulling a couple of Democrats to their side. In the end, 42 Democrats voted for CISPA.
“Congress needs to wake up and respect Americans’ growing concern about increased corporate and government control of the Internet. We applaud President Obama’s veto threat, and urge members of the House to oppose CISPA, even while supporting amendments that would provide greater privacy protections,” said David Segal, executive director of Demand Progress. “The Internet is ever more important to the functioning of our society, and more and more Americans are prepared to vote against politicians who interfere with Internet freedom.”
Speaking on the house floor, one Congressman likened CISPA to the book “1984.” Congressman Hank Johnson (D-Ga) said, “I know it is 2012, but it sure feels like 1984 in this House today. If you value liberty, privacy and the Constitution, then you will vote no on CISPA.”
View full post on ReadWriteWeb
The CISPA Amendments We Really Need
Apr 26th
The goal of CISPA, the Cyber Intelligence Sharing and Protection Act – the latest cybersecurity legislation pending in the House of Representatives – seemed so simple in the beginning: From time to time, security companies need to provide information about possible threats to government authorities so they can take action. When you write that idea down on a napkin, it makes sense. When you base legislation on what you wrote on the napkin, it becomes the next target of the Internet rights lobby.
The problem is that we live in an era when almost any system that can be exploited will be. The Internet is one example. The law is another.
You can’t disagree with what the napkin version of CISPA implies: Government alone cannot provide information security. When it’s put that way, everyone could get behind it. There are plenty of political ideas that, when presented as cleansed, bleached and distilled bullet points, immediately garner broad public support. The challenge lies with implementing these bullet points in a system that can’t be exploited. If SOPA taught us anything, it’s that anyone can exploit a system.
First, Shut Down Everything
The problem with CISPA’s original draft is that it would establish policies in a way that invites exploits. Any network admin will tell you that the best network access policies are implemented as restrictions with exceptions. You turn off all access, and then you create a whitelist of specific identities or functions that may bypass that roadblock. And then you establish a comprehensive audit trail around that bypass.
Yesterday evening in The Atlantic, Alexander Furnas made the point that CISPA is bad policy, at least insofar as it was originally crafted. He’s right in ways he didn’t get around to enumerating. While the basic principles of its author, House Intelligence Committee Chairman Mike Rogers, R-Mich., may be laudable, CISPA wasn’t built for the Information Age. Specifically, it sets up a channel for security agencies and security companies to talk about stuff that may (a very interesting word in this context) apply to cybersecurity.
This sharing of cybersecurity-related information between private and public agencies may entail the disclosure of personally identifiable data, or information that can be combined with such data to reveal other hidden characteristics (using what software vendors refer to as analytics).
Yes, there needs to be a way to accept that this sort of issue will crop up when information is being shared, and to excuse it so that every security issue doesn’t end up being resolved (or not) in a courtroom.
No, No, No “Notwithstanding”
But it is no longer good policy to simply legislate that certain information that may fall within a certain context may be shared; that anything that violates privacy may be excused; and that, worst of all, any law that says such violations may not happen may be overlooked.
That’s the danger of the clause that, even after Rogers’ first set of amendments last week (PDF here), remains in play – the one that begins, “Notwithstanding any other provision of law.” But many of the advocacy groups that seized on this clause did so in such melodramatic and apocalyptic terms as to invite reasonable people to defend it.
Yet there really is a problem with a policy that says, “Ignore everything else and treat this as paramount.” That’s not the type of exception that good information systems policy requires – the kind that creates a limited way around a blanket restriction. Instead, it is a weakening of links in the legal chain, and any weak link is likely to be exploited.
One fear is that such an exploit will come from rights holders who argue that compromising the security of a network in order to commit copyright violation is a threat to the nation’s economy and thus, by extension, to national security.
When you distill an idea to its basic bullet points, it’s harder to disagree with it. That’s why TV political ads are 30 seconds long instead of 30 minutes.
In reality, though, the theft of intellectual property is a legal matter, and should not be treated as a “cyber threat.” So the second set of Rogers bill amendments is quite welcome. They help define terms and refine the context of the discussion.
For example, the revised Definitions Amendment (PDF here) redefines “cyber threat information” using phrases such as: “information directly pertaining to… a threat to the integrity, confidentiality, or availability of a system or network of a government or private entity, or any information stored on, processed on, or transiting such a system or network.” Granularity is good.
A CISPA Whitelist
Now for the next step: a new set of recommended CISPA amendments. Rephrase the new policy the way a good admin would: as a prohibition against the distribution, without court order or lawful mandate, between private entities and government security services, of any information that may be used to identify or characterize a U.S. citizen. Start with a blank slate.
From there, use the classifications in the latest Definitions Amendment as exceptions. Stipulate that these are the circumstances in which exceptions must be made to protect vital national security interests.
Then, establish an audit trail. State that all transactions must be registered, and the log of those registries may be obtained by public request, pending the approval of a judge.
The danger is that this ideal may be boiled down to its bullet points to garner opposition:
- Government must not be open.
- The free flow of information is dead.
- People don’t have the right to know what’s being shared about them without a judge’s approval.
With the master’s touch of a political activist, almost any beneficial idea may be spun to sound fascist.
My 30-second rebuttal: We do need something like CISPA, but the privacy of American citizens and the national security of the United States are too important to be left to intentionally vague regulations and legislation. That’s the wrong kind of openness. With each set of CISPA amendments, however, a viable solution is coming closer.
Scott M. Fulton, III is the author of this document and is solely responsible for his content. He will appear live on NTN24 (DIRECTV 418) Friday, April 27, at 12:30 EST/9:30 PST to talk CISPA with Monica Fonseca.
Stock images by Shutterstock.
View full post on ReadWriteWeb
With Backing of Donors and Facebook, Don’t Expect a Big CISPA Fight
Apr 20th
Joel Kaplan, Facebook’s vice president of U.S. public policy, wrote in a blog post last week that the company has “no intention” of sharing “sensitive personal information with the government in the name of protecting cybersecurity,” explaining why the company is supporting CISPA but did not support SOPA, which would have required such sharing.
The question for privacy advocates is whether or not Facebook can be trusted.
“CISPA would erode existing legal protections and leave the door wide open for the government to obligate companies to hand over sensitive personal information without a subpoena or warrant.” – Evelyn Castillo-Bach, the founder of two private social networks.
“A company’s promise that it will not abuse its authority to disclose user information is not legal protection for the public,” said Evelyn Castillo-Bach, the founder of the private social networks Umenow.com and Collegiate Nation. “Facebook in particular is not well positioned to make any promises regarding its role in protecting privacy. Let’s not forget that this is the same company with a long history of playing fast and loose with people’s privacy settings, including allowing third-party apps and games to extract personal information and photos without consent.”
The Cyber Intelligence Sharing and Protection Act of 2011 is a bigger, badder version of the Stop Online Piracy Act that was defeated earlier this year. One of the biggest differences this time around, however, is that some of the big tech companies that threatened to go dark if SOPA moved forward are jumping to support CISPA.
Privacy Advocates Want Clearer Rules
On Monday, ReadWriteWeb’s Dan Rowinski wrote about everything you need to know about CISPA, but for our purposes, the biggest difference is that the tech companies would voluntarily share information with the government. The government also promises to warn tech companies about pending cyber attacks, which is the obvious incentive for companies like Facebook to support it.
“Facebook’s main gripe with SOPA – that it stifled innovation and openness on the internet and forced companies like itself to provide the government with more access to private data of users – is apparently not an issue with CISPA,” said Kate Brodock, Executive Director of Digital & Social Media at Syracuse University. “With no requirements to share data with the government, they are able to suggest that they will maintain their standards of safeguarding and protecting private data.”
The problem is that the language of the bill is vague and leaves lots of issues unresolved or ill-defined. Castillo-Bach says she believes smaller social networks and social networks that put a premium on user privacy – such as the ones she runs – may be particularly vulnerable under certain interpretations of CISPA.
“CISPA would erode existing legal protections and leave the door wide open for the government to obligate companies to hand over sensitive personal information without a subpoena or warrant, with no rights accorded to the individual to sue the company for wrongfully targeting them for interception, and no right to know that one has been intercepted,” she said. “This would undermine, if not altogether destroy, the ability of new startups with privacy-focused brands to exist or compete with the giant social networks, or other tech companies – that are ad-based, use tracking as a core feature of their business model, and don’t have a strong commitment to genuine privacy protection, anonymity or total control of one’s personal data and communication.”
Don’t Brace For the Big Fight
The anti-SOPA backlash was so strong that the bill, and its Senate counterpart, the Protect IP Act, were withdrawn in January. But with big tech – and big money – supporting CISPA, the opposition has more of a grassroots feel to it.
Sopatrack, which monitored contributions and positions of lawmakers on SOPA and PIPA, has been reconfigured to track CISPA positions and related campaign contributions. A new feature also tracks the percentage of time individual lawmakers vote “with the money.”
According to Sopatrack, groups supporting CISPA have donated $31.6 million to lawmakers, as opposed to $2.4 million from groups opposing CISPA. On average, Congress votes “with the money” 73% of the time.
Images courtesy of Shutterstock.
View full post on ReadWriteWeb
