CISPA Has NOT Been Fixed; It Could Allow The Gov't To Effectively Monitor Private Networks
from the don't-buy-the-hype dept
When the new discussion draft of CISPA was published, many people including myself praised the one point of sincere improvement in the bill: the modified definition of cybersecurity that focused on network attacks. Unfortunately, the authors of the bill are spinning this to suggest that CISPA is now nearly perfect, and some media outlets and even advocacy groups are buying it—even though nothing could be further from the truth, and the White House still opposes the nature of the bill. CISPA still has big, big problems. In fact, closer analysis by the CDT and EFF suggest that the language may be worded to allow what is effectively direct government monitoring of private networks.
Government networks are protected by a network security system called Einstein, which is being steadily expanded to do things like analyze the content of communications. Such software meets all the criteria of a "cybersecurity system" under CISPA, and there is serious concern that the bill would permit the government to offer Einstein or a similar system to private cybersecurity companies. By CISPA's definitions, everything collected by such a system would qualify as "cyber threat information" and thus be open game for sharing with the government—and nothing in the bill would prevent these private systems from being connected live to government databases, effectively uniting them with the government's own security network.
Yes, it would still be voluntary—the government couldn't force a cybersecurity provider to install their software, and the provider would need to get permission from its clients to share the data. But it's not hard to envision a situation developing very quickly, in which the government gets a few major security players hooked up and their clients routinely agree without a second thought. After all, CISPA's extremely limited liability provisions mean there's little to no risk for companies. Some may question whether the government would actually move in this direction under CISPA, but given the fact that the NSA has been trying to expand Einstein to private networks since the Bush administration, giving them the legal ability to do so is a very bad idea.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cdt, cispa, cybersecurity, eff, einstein, surveillance, white house
Reader Comments
Subscribe: RSS
View by: Time | Thread
Data created = Data shared = Data Used = Data Used for purposes not expected.
Hello!!! Everyone!!!! Legal access to data should be our SOPA fight.
[ link to this | view in chronology ]
Re: Data created = Data shared = Data Used = Data Used for purposes not expected.
Yes the Government is rarely working at all for the People.I hate it and wish we could just Vote both of these Dinosaur Parties out.
[ link to this | view in chronology ]
Re: Re: Data created = Data shared = Data Used = Data Used for purposes not expected.
Too many Judges/Senators/Presidents/Representatives think they are smart enough to decide. When they are creating legal requirements they are uninformed about.
Too often the experts they listen too are those industries that will benefit most by the law, not the real victims.
[ link to this | view in chronology ]
Re: Re: Re: Data created = Data shared = Data Used = Data Used for purposes not expected.
[ link to this | view in chronology ]
Re: Data created = Data shared = Data Used = Data Used for purposes not expected.
All completely legal under CISPA. As long as there's a "cyber sececurity" purpose, of course.
And once such monitoring systems are in place, we're probably just one terrorist attack or major cyber attack away from the government passing an emergency measure requiring companies to hand over their collected data.
More on http://www.iSights.org/2012/04/cispa-could-allow-the-government-to-monitor-private-networks.html
[ link to this | view in chronology ]
Re: Re: Data created = Data shared = Data Used = Data Used for purposes not expected.
Fire up a packet capture software.
Enjoy!
[ link to this | view in chronology ]
Re: Re: Re: Data created = Data shared = Data Used = Data Used for purposes not expected.
[ link to this | view in chronology ]
Re: Data created = Data shared = Data Used = Data Used for purposes not expected.
[ link to this | view in chronology ]
On the other hand...
Except when it comes to killing brown people in other countries where there's oil, then they excel, apparently.
[ link to this | view in chronology ]
Re: On the other hand...
At TechDirt we always look at issues from a human perspective not (never) from a race issue. So please understand that at TechDirt we are always about bringing a better world to everyone. Everyone ='s All people. No Race ever!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!
[ link to this | view in chronology ]
Re: Re: On the other hand...
[ link to this | view in chronology ]
Re: Re: Re: On the other hand...
[ link to this | view in chronology ]
Re: Re: On the other hand...
Seriously, the color of one's skin is nothing more than a function of the latitude(s) at which ones ancestors dwelled, nothing more.
[ link to this | view in chronology ]
Re: Re: Re: On the other hand...
Really, I want no gain or loss for any person that is not because of what they have achieved.
Why? Because as each person does something worth noting they elevate their own person.
[ link to this | view in chronology ]
Re: Re: Re: Re: On the other hand...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: On the other hand...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: On the other hand...
[ link to this | view in chronology ]
Re: Re: Re: On the other hand...
[ link to this | view in chronology ]
Re: Re: Re: Re: On the other hand...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: On the other hand...
There are only 10 types on people, those who understand binary, and those who do not.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: On the other hand...
[ link to this | view in chronology ]
Re: Re: Re: On the other hand...
[ link to this | view in chronology ]
Re: On the other hand...
[ link to this | view in chronology ]
Internet Legislation Will Never Be Just
[ link to this | view in chronology ]
Re: Internet Legislation Will Never Be Just
I don't get why you think TD doesn't get that.
[ link to this | view in chronology ]
Re: Re: Internet Legislation Will Never Be Just
[ link to this | view in chronology ]
Re: Re: Re: Internet Legislation Will Never Be Just
[ link to this | view in chronology ]
We all know how secure the government networks are, dont we?
[ link to this | view in chronology ]
Re: :-D
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Exactly what I pointed out in the TechDirt piece here.
For that matter, you don't even necessarily have to hack a system. You could:
1. Wait for its operators to screw up and make the information visible on the public Internet.
2. Wait for them to lose it (more likely in the case of laptops, of course).
3. Wait for them to decommission it, forget to wipe its disks, and auction it off. Or toss it in a dumpster.
4. Bribe someone who has access to it.
5. Wait for someone else do 1-4, and then either buy or steal it from them.
The problem, once again, is that the inexperienced and short-sighted people backing efforts like this mistakenly believe they're building weapons (against terrorists, for example).
They're not. They're building targets.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
More co-sponsers
[ link to this | view in chronology ]
Take off your tin foil hat Marcus, it makes you look even stupider than you are.
[ link to this | view in chronology ]
The Net - Watch it!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
now i do the following
no really
how do you know i have one?
I see so its a home invasion across the land by fascist bastards that have no business doing this.
GO fix your damn debts before you bug me....
[ link to this | view in chronology ]
We can call it the "PROTECT THE PEOPLE FROM GETTING SHAFTED UP THE BAKSIDE".....bill.
[ link to this | view in chronology ]
CISPA
[ link to this | view in chronology ]
America
[ link to this | view in chronology ]