CISPA cybersecurity bill returns, still ignores privacy rights

[Rick]

It's back. The U.S. House Intelligence Committee has reintroduced its controversial "Cyber Intelligence Sharing and Protection Act" in a second attempt to pass the bill. Originally unleashed last year, CISPA slipped passed Congress but was aborted by the Senate following a White House guarantee that it would be emphatically vetoed into oblivion. 

CISPA is a controversial bill which grants "certified entities" the ability to eavesdrop on electronic communications and freely access otherwise private information regarding individuals and organizations. Rather than granting new governmental powers which ignore privacy and civil liberties, the bill takes an inverted approach: it encourages private companies to share their users' data with security agencies and other certified entities. 

Although companies are currently be prohibited from divulging user information due to privacy and contract laws, CISPA would grant participating enterprises broad legal immunities. The bill allows companies like Microsoft, Google or Facebook to give cybersecurity entities, like the NSA, any and all data about their users without fear of legal repercussions. All CISPA requires is that entities act in "good faith" and base their decisions on "cybersecurity threat information" -- broad terms that don't necessarily guarantee accountability.

EXEMPTION FROM LIABILITY - No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith -- (A) for using cybersecurity systems or sharing information in accordance with this section; or (B) for not acting on information obtained or shared in accordance with this section.

Source: CISPA bill (pdf)

Justifying its reintroduction, Senator Mike Rogers (R-Mich.) said, "American businesses are under siege". He added, "We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats.  It is time to stop admiring this problem and deal with it immediately."

CISPA also creates avenues to share information, potentially transforming the bill into a perpetual "back door" intelligence program with immunity from the Freedom of Information Act (FOIA). As a result, there is essentially no public transparency, either.

CISPA's return from the grave has brought with it no changes -- the bill remains a pristine copy of the 2012 version which failed in the Senate. However, it's unclear if CISPA will fail a second time. Some believe CISPA has a better chance of surviving due to a recent cybersecurity order issued by the White House. However, the executive order both overlaps and conflicts with CISPA, demanding "unclassified" reports and the protection of privacy and civil liberties.

Permalink to story.

https://www.techspot.com/news/51649-cispa-cybersecurity-bill-returns-still-ignores-privacy-rights.html

 

[MilwaukeeMike]

"CISPA's return from the grave has brought with it no changes" Ha! I highly doubt our devoted congress missed that opportunity to tack on some pork!

 

[captainawesome]

Lol Milwaukee.
I must say it seems to be a rising trend amongst politicians to hope we forget the atrocities written in a bill..
the MO would be to push the bill in a disgustingly unpolished and one-sided state. Get "reprimanded". Wait 6 months, rinse, repeat. I saw this with the "secrecy" act in SA and the soon to be released "review of press" bill in the UK.

 

[BlueDrake]

This will come back again and again, until they get it passed most likely. Also with the increased attacks on everything, it's going to push more to agree with it. Despite how much people push back, it won't stop it from likely steamrolling everyone in the process.

Now with legal immunity thanks to such a broad term, it's going to be more enticing to others to share. "Your info gets shared against your wishes? Too bad! We have legal immunity, you can't touch us!" It's going to all be thanks to all the cyber attacks. So many likely options of them doing it, and making a scapegoat of others as an example. Could be for all we know, them posing as another group.

I honestly hope it fails because honestly, we're losing so much protection these days. Without others pushing forward security measures, if some cave in it's before long an honest lost cause. We know some companies will cave in under pressure, but the government will word it so people are not aware such details.

 

[Alvaro]

So who gave the US jurisdiction over non-US citizens private information?

 

[Guest]

"So who gave the US jurisdiction over non-US citizens private information?"

The US of course, who else?

 

[BlueDrake]

So who gave the US jurisdiction over non-US citizens private information?

Apparently they feel it's their own personal right. A good number of big name companies are based in the US, so clearly it's okay to them but let's see how it plays out. IF it ever comes close to passing.. I'm sure other countries would be lashing out against this.

 

[Guest]

So help me mike rogers is going to pay for this attrocity with his job. however get any incumbant out of a "red" county is hard, livingston county needs outside help.

 

[spencer]

Even If the congress votes no obama said he would use executive order, ALL HAIL KING OBAMA!!!!!

 

[mrcavooter]

CISPA's return from the grave has brought with it no changes -- the bill remains a pristine copy of the 2012 version which failed in the Senate.

Rewind that tape a few paragraphs...

Rather than granting new governmental powers which ignore privacy and civil liberties, the bill takes an inverted approach: it encourages private companies to share their users' data with security agencies and other certified entities.

So the original CISPA had the same data collection protocol as this reincarnate? Or did they just change that aspect and leave everything else the same? Some clarification would be nice.

CISPA can suck my gonads, however. This is why I hate politicians. It's funny because the constitution was written with the idea that the average man would be a politician. For instance, every term a new person from the community would step up to the plate and run for office. This person had a day job already, they were just doing their civil duty. Fast forward to 2013... We have an asteroid giving us a close shave and these bung hole career politicians. It sucks that our liberties are being thrown out the window so politicians can get hand outs from lobbyist and big business.

Politics as usual... I'm going to bed.

 

[richalone442]

We have to decide, weather we give up our freedoms for security, that's the question here. Correct me if I am wrong, but, doesn't the Constitution state at the beginning "We the People", not "We the Government".
These damned politicians have lost their fear of "The People", It breaks my heart that it's a Republican to introduce **** like this. We are used to Democrats (lead by O'Bummer) pushing through bills that the people don't like, they say we are to stupid to know what is good for us, and they will decide such things. Republicans have mostly fought to maintain our freedoms, at least in the past, apparently though not today.
I will be brave, and be the first to say it, eventually we will have to take up arms against this more and more tyrannical government, we have lost our way.
Our Representatives are more into keeping their power, than representing the people, they no longer fear the people through Gerrymandering their districts, something has to be done or all is lost, as this great experiment in freedom draws to a close, our epitaph will read "We Saw It Coming, And Didn't Care, We Lost Our Freedom Because Of Fear"

 

[MilwaukeeMike]

So who gave the US jurisdiction over non-US citizens private information?

Apparently they feel it's their own personal right. A good number of big name companies are based in the US, so clearly it's okay to them but let's see how it plays out. IF it ever comes close to passing.. I'm sure other countries would be lashing out against this.

Ironically, you probably feel it's their own duty. Who do you think is responsible for making sure your bank's site is secure? The bank right? Well, what if the cyber attack comes from overseas, shouldn't your bank be able to do something about it? That's what CISPA is for.

CISPA is NOT the same as SOPA. Not even close. You'll notice wikipedia isn't on strike today like it was back when SOPA was being discussed. CISPA allows companies to work with the government (and each other) to avoid and fight cyber attacks. Since all companies want to avoid and fight cyber attacks, you aren't going to see a notice on Google.com telling us how evil this bill is. Think how angry you'd be if your bank got hacked, all your personal information stolen, and you found out that the exact same attack was used on others first and your bank had no warning.

CISPA is the cyber attack equivalent of letting gas stations in a neighborhood know that there is a criminal on the loose after the first one gets hit.

Now... this doesn't mean that this bill is going to actually deliver on these promises. The govt is notoriously bad at actually getting expected results, but that's the intention.

 

[Puiu]

CISPA is the cyber attack equivalent of letting gas stations in a neighborhood know that there is a criminal on the loose after the first one gets hit.

Actually it's more like letting the police search every house on the block because they believe there is a criminal there. And along the way they have the right to search everybody's private stuff without having a good reason.

It's the fact that is has broad terms when it comes to reason of searching and gives no protection for abuse is what people don't like.

Guilty until proven innocent and we are searching your private mails/messages/shopping/etc to prove you are innocent. -- doesn't sound right to me.

So who gave the US jurisdiction over non-US citizens private information?

The moment you agreed to store your private information on US servers then you also agreed to follow US laws. It's the same for every country.

 

[BlueDrake]

Ironically, you probably feel it's their own duty. Who do you think is responsible for making sure your bank's site is secure? The bank right? Well, what if the cyber attack comes from overseas, shouldn't your bank be able to do something about it? That's what CISPA is for.

CISPA is NOT the same as SOPA. Not even close. You'll notice wikipedia isn't on strike today like it was back when SOPA was being discussed. CISPA allows companies to work with the government (and each other) to avoid and fight cyber attacks. Since all companies want to avoid and fight cyber attacks, you aren't going to see a notice on Google.com telling us how evil this bill is. Think how angry you'd be if your bank got hacked, all your personal information stolen, and you found out that the exact same attack was used on others first and your bank had no warning.

CISPA is the cyber attack equivalent of letting gas stations in a neighborhood know that there is a criminal on the loose after the first one gets hit.

Now... this doesn't mean that this bill is going to actually deliver on these promises. The govt is notoriously bad at actually getting expected results, but that's the intention.

I'm not saying the idea is bad.. just we know how they'd rather everyone to hand over ALL possible information. No matter what kind of impact it would have on others. If you're from Canada, Europe or such it's hardly seeming that fair, because you're giving the US such powers over foreign citizens now? Not literally but you have their information, it's basically allowing you into their personal lives.

Basically why I have nowhere near as much info given out, as say those on Facebook or Google+ and other silly services. I'm not going to hand over rights to my personal life, to the US so they can make sure I'm not a terrorist or such. That's such a very broad thing, that they suddenly will have power over. Going through all your info they get supplied, to make sure there's nothing suspicious about you.

Would you like to be strip searched at every airport, scanned, probed and questioned each time you visit? Of course not. I'm fine with them protecting others safety but still. Just at the sake of broad terms, with no proper protection in mind? Just blanket everything up under a single term, that's how they plan on making life unhappy for others.

 

[Tygerstrike]

Where the idea of CISPA is a great and powerful one, much like the wizard of Oz, beware what you see when the curtain is removed. Where I agree that we need to combat cyberterrorism at every opportunity, this bill would give unfettered access to EVERYONES personal information. With ZERO legal liability for the agencies recieving and possibly misusing said information. We need a more modified bill that would hold those entities accountable for ANY misuse of your personal information. As this bill stands, you could be eavesdropped on and then anything you say, can be used against you. Thereby defeating any expectation of privacy. Im not saying anything I talk about on my phone or email or text is illegal, Im saying its one giant fishing expedition designed to protect the very same ppl who can abuse the information.

 

[MilwaukeeMike]

BlueDrake, I think one of us is misunderstanding the law. From what I've read, the law isn't intended for companies to dig into your information, it's intended to let them share your information with others if they are hacked. If a company gets hacked they may share the data that the hackers were after, or the data that the hackers were able to view/steal. This might help the govt (who hopefully is better equipped to deal with hackers) find how the hackers got in. If some hacker steals personal info from say Best Buy's servers, Best Buy will want to be able to show others what data was stolen so they can determine what was unique about it or what security measures were missing from it.

Tygerstrike, I think you're over reacting a little. How does sharing your data from some huge database of customers become eavesdropping on your phone calls? I wouldn't worry that personal info will be flying all over the place. I'd worry that this law won't do a bit of good to prevent cyber attacks. The govt excels at waving their little 'Look what I did' flag without ever actually measuring results.

At the same time though, I think a law like this is inevitable. Cyber attacks are increasing and consumers are demanding protection. Plus, you've gotta laugh a little bit at the irony behind the phrase 'online privacy'.

 

[Tygerstrike]

Mike
As our ever changing moble tech shows, we are more and more reliant for those devices for web use. As the tech advances, we will see more and more attacks against those devices and services. Hence, they will have access to your moble device information. Im not saying that the Govt WILL listen in, but they CAN.

 

[rculver9056]

If this goes through in the US, it will spread to other countries. And it will be abused by the authorities.
Look at this anti-terrorisms **** that got passed over here (UK) and the law abusing it by using it to arrest and hold people for all kinds of other ****. And it will be just the beginning for all kinds of other laws to come through.

As for the comment about politicians...Same everywhere! And of course, they'll be exempt from all this **** they're taking back-handers to push through...lol

 

[Guest]

I will be brave, and be the first to say it, eventually we will have to take up arms against this more and more tyrannical government, we have lost our way.

You're living in Cloud Cuckoo Land if you think you and your little Walmart gun will stand a chance against this government armed with tanks, attack choppers, and drones.