Could everyone just chill? Just because CISPA sounds a bit like the love child of SOPA and PIPA doesn't mean it has the same intentions or would have the same effects.
OK, here's the short version. CISPA, which was introduced in the House last year by Reps. Mike Rogers, R-Mich., and Dutch Ruppersberger, D-Md., seeks to encourage the sharing of cybersecurity information among the intelligence community and threatened entities. Whether it is likely to achieve its aims is one question, but what has everyone climbing the walls -- from the Electronic Freedom Foundation to the White House -- is the possibility that it poses a threat to personal privacy.
We know, of course, that everyone who flew the flag of protest against SOPA/PIPA came out of that skirmish covered in glory. Politicians enjoy that feeling, and so do earnest activist groups like the EFF. CISPA is not SOPA/PIPA round two, although the bill could certainly be worded more clearly.
It provides for the sharing of "cyber threat intelligence" among entities or individuals who have security clearance to receive such information (pursuant to guidelines to be issued by the Director of National Intelligence). This raises two questions:
What is "cyber threat intelligence"?
What can its recipients do with it?
It's the definition of "cyber threat intelligence" that creates the problem. It's information pertaining to threats to "degrade, disrupt, or destroy" a system or network, or to the "theft or misappropriation of private or government information, intellectual property, or personally identifiable information." Yes, it includes "intellectual property," and that's what has veterans of the SOPA/PIPA campaign pulling their boots on.
As for question No. 2, the bill provides that -- "notwithstanding any other provision of law" -- such intelligence may be shared with any other entity designated by the "protected" (i.e., threatened) entity, including ("if specifically designated") the federal government.
According to EFF activism director Rainey Reitman, this means:
CISPA would allow ISPs, social networking sites, and anyone else handling Internet communications to monitor users and pass information to the government without any judicial oversight.
She also calls the language of the bill "dangerously vague." Vague it is; it's a bill, after all. But dangerously so? Firstly, the bill doesn't allow "anyone" to handle this information -- only entities and individuals with security clearance under guidelines that haven't even been drafted yet.
Secondly, the bill reserves to the protected entities (the entities under threat) the right to designate recipients of the information. As for the doomsday-sounding "notwithstanding any other provision of law," the bill explicitly states:
Nothing in this section shall be construed to permit the Federal Government to... require a private-sector entity to share information with the Federal Government.
The bill also limits government use of any such information to cybersecurity purposes, although one can readily grant the elasticity of such a restriction.
In fact, the bill's overall purpose seems to be to allow the intelligence community and embattled enterprises to share the information about cybersecurity they choose to share -- and in fact places some protections on what can be done with the information, including making the federal government accountable to congressional intelligence committees for use of any information garnered under the bill's provisions.
The simplest way to give this basically well-intentioned piece of legislation a PR facelift would be to just erase the references to intellectual property, which are hardly central to a working definition of "cyber threat intelligence."
Don't expect to see another Internet day of action against CISPA -- after all, Facebook and other big beasts of the digital jungle support it. But be reassured: If it passes into law, it's not going to change the world. For better or worse.
It's predictably hard to tell, from those statements, just what the problem with CISPA is. It gives enterprises no new access to information. It provides a framework for that information to be shared. It certainly doesn't compel enterprises to share information.
That's fair enough: opposing it for what it is certainly isn't stupid. I did detect a panic, however, about what it is not.
I am not entirely surprised the bill was amended around the time I was writing about it: the intellectual property provisions just seemed to give ammunition to opponents without actually adding much. I think I did try to emphasize that I couldn't really see what good the bill would do; but I just didn't detect problems comparable with SOPA/PIPA either.
Thanks for the article Kim - fair comment and good perspective. As i understand it, the provisions relating to intellectual property were removed from the Bill around April 18. Regardless, I believe that the discomfort around the Bill lies in its uncertainty. As you partially outline, virtually all of the core restrictions/safeguards are left to be determined/defined (Exactly what type of information is caught? Who can have access? What is the required security clearance is required? What can they do with the information once they have it? For what purposes? Must the information be "destroyed" once its initial use has been completed?) These are very material considerations. Laws that are drafted too broadly have a tendency to be abused, or at least unduly restrict otherwise proper activities. Proportionality is key.
I agree that its not SOPA/PIPSA, but that doesn't make the Blll "good" nor the people who oppose it "stupid"...
Kim, you make a great point in asking us to read the bill before opposing it. We've been burned as users, though, so those knees are ready to jerk out anytime government is paired with Internet legislation.
I appreciate the feedback, Anne, but what you say isn't true.
Mark Zuckerberg expressed his personal opposition to SOPA/PIPA. Facebook actively supports CISPA. Microsoft opposed SOPA/PIPA. It supports CISPA. Reddit, which was prominent in opposing SOPA/PIPA apparently doesn't care about CISPA. Wikipedia and Google have had nothing to say about it that I can find.
EFF is opposing it, but that's what EFF does - rightly in most cases. Did you read the bill? It's less than a dozen pages. Let me know where I've misread it.
Well, that's easy. Nobody was expressing the same sentiment because NOBODY AGREES WITH YOU.
If you don't see how CISPA is full of opportunities for abuse and further loss of rights, you are just plain naive. Have fun with those rose-colored blinders.
I think people are so buoyed by the success of the opposition to SOPA/PIPA that they can't wait to flex their muscles again. I wonder how many have sat down and read the bill?
This time, Facebook seems to me to have got it right:
(CISPA) would make it easier for Facebook and other companies to receive critical threat data from the U.S. government. Importantly, HR 3523 would impose no new obligations on us to share data with anyone –- and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users' private information, just as we do today.
Thanks for shedding some sane light on this issue, Kim. (I'd also encourage users reading this to weigh in on our poll about CISPA.) I was just over on Reddit where they have a CISPA subreddit set up, and there's not one other article that I can see that isn't suggesting that CISPA is "as bad as SOPA" and "needs to be stopped." I don't think there will ever be a cyber-related bill that people won't feel outraged about.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Edward Snowden was so convinced that the Prism program involved secretive surveillance through Internet backdoors that he walked out on his job and his girlfriend, spoke to the media, and resigned himself to jail, or worse. It turns out, he might just be wrong.
In one of the nastiest -- not to mention large scale and long-term -- hacking exploits yet to be reported, it appears that the Chinese army has been rummaging through the data of those who have served in the US Armed Forces.
ASA Risk Consultants added its voice this week to the slowly growing chorus of voices demanding a coordinated international response to cyberattacks. In a research note circulated by IDG, ASA asserts that "nations will need to come to an agreement on how cyber warfare should be handled."
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
The Murdoch/News International scandal has all the elements of the digital age, from phone-hacking through embarrassing emails to agile digital reporting.
The plan for unmanned police drones to patrol traffic and other city conditions in Seattle has sparked a new set of legal concerns about privacy. Law traditionally lags technology, but we can expect now to see a new round of activity in the courts as legal definitions begin to emerge on what "next-gen privacy" will look like.
Ontario's information privacy commissioner explains the unintended consequences of facial recognition technology and how biometric encryption can make it safer.
David Vladeck, Director of the Bureau of Consumer Protection of the Federal Trade Commission, discusses the state of "Do Not Track" and the problem with consumer behavior tracking online.
The US government is funding controversial projects to collect daily Internet activity, including Web searches, Twitter messages, Facebook and blog posts, and the digital location trails generated by billions of cellphones. Its goal is to map these interactions to predict social behavior, such as protests.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
