 motbob  United States. April 05 2012 10:40. Posts 11494 | Profile Blog # |
Cyber Intelligence Sharing and Protection Act of 2011
Full text of the bill
This bill is the new big thing that people on the internet are getting annoyed about. If you google the name, you'll find a bunch of headlines saying things like "Worse Than SOPA" and things like that. A thread about the bill is inevitable. Threads regarding upcoming bills of Congress are always poorly thought out and sensationalist, so I'm writing a thread on the bill myself.
I don't really expect anyone to read all of this. This thread really only exists so that I can close all of the future bad threads on this subject because "there's already a thread on it."
I will go section by section on what exactly the bill does. But first, have a tl;dr.
tl;dr -- Anyone saying that this bill infringes on civil liberties does not understand the bill.
Paragraph (a): INTELLIGENCE COMMUNITY SHARING OF CYBER THREAT INTELLIGENCE WITH PRIVATE SECTOR
The federal government will be allowed to transmit classified information to organizations in the private sector under certain circumstances. Nothing to see here.
Paragraph (b): PRIVATE SECTOR USE OF CYBERSECURITY SYSTEMS AND SHARING OF CYBER THREAT INFORMATION
This is the important section. Text quoted directly from the bill is in blue.
CYBERSECURITY PROVIDERS.—Notwithstanding any other provision of law, a cybersecurity provider, with the express consent of a protected entity for which such cybersecurity provider is providing goods or services for cybersecurity purposes, may, for cybersecurity purposes—
(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such protected entity; and
(ii) share such cyber threat information with any other entity designated by such protected entity, including, if specifically designated, the Federal Government.
That's an absurdly obtuse paragraph at first glance. Fortunately, the bill includes a list of definitions of terms that will allow us to decipher what it it saying.
This bill defines a "protected entity" as an entity with a "system or network" that could be "degraded, disrupted, or destroyed" OR with "private or government information, intellectual property, or personally identifiable information" that it is protecting. In other words, a "protected entity" is pretty much any corporation in the USA.
These protected entities can perform certain actions under this new law.
These protected entities can hire a company to "identify and obtain cyber threat information to protect the rights and property of such protected entity." Or they can choose to collect this information themselves if they are handling their own cyber security needs. "Cyber threat information" is "information directly pertaining to a vulnerability of, or threat to a system or network of a government or private entity." It includes information pertaining to "efforts to degrade, disrupt, or destroy such system or network; or theft or misappropriation of private or government information, intellectual property, or personally identifiable information."
These protected entities can choose to share this "cyber threat information" with any other entity, including the Federal Government.
Information that is shared by protected entities is entirely up to the discretion of said entities. If requested, the information will be anonymized.
This seems like an important point. The people who decide what will be shared with the Feds are not the Feds themselves.
The rest of paragraph (b) says that people who share this information and are acting in good faith can't be sued for
- collecting and sharing information
- failing to act on information they receive.
The last part of the paragraph seems like irrelevant legalese to me. Here's the text in full.
The submission of information under this subsection to the Federal Government shall not satisfy or affect any requirement under any other provision of law for a person or entity to provide information to the Federal Government.
Paragraph (c): REPORT ON INFORMATION SHARING
The Inspector General of the Intelligence Community will submit an unclassified, annual report to Congress containing a review of how the government is using and sharing the information it is receiving, in addition to "any recommendations of the [Inspector General] for improvements or modifications... to address privacy and civil liberties concerns."
Paragraph (d): FEDERAL PREEMPTION
States that the law overrides any state law that regulates the things that paragraph (b) regulates. I don't know why this section is necessary. Doesn't the Supremacy Clause take care of this already?
The rest of the bill is just a list of instructions on how to proceed to carry out the above provisions.
Anyway, I don't understand what I'm missing about this bill. A lot of people are saying it's really bad but I don't understand why. Maybe someone on TL can explain it to me.Last edit: 2012-04-05 10:40:20 |
| | <marttorn> lucky I don't live in a culturally diverse place | |
|
|
| HackBenjamin Canada. April 05 2012 10:46. Posts 978 | Profile Blog # |
I share your confusion. The points you noted don't seem to indicate that this is remotely as bad as SOPA.
I don't see how it compares at all. When it refers to the private sector, is that referring exclusively to Cyber Security firms/companies? |
| | Roses are red. Bacon is also red. Poems are hard. Bacon. |
|
|
| Demonhunter04 April 05 2012 10:52. Posts 1482 | Profile # |
| I suppose that the wording allows corporations to collect information about a suspected threat and then share it at their discretion. Reminds me of the Patriot Act, but not quite as bad. |
| | "If you don't drop sweat today, you will drop tears tomorrow" - SlayerSMMA |
|
|
| Kazahk United States. April 05 2012 10:52. Posts 214 | Profile # |
| Guys, its not the stuff we see we need to worry about, its the stuff we don't see... |
| | Avis de Hermes est nomen meum manducans pennas meas me faciant mansuescere corda. |
|
|
| AnachronisticAnarchy United States. April 05 2012 10:56. Posts 2336 | Profile Blog # |
| These days it seems there's no better way to get netizens riled up about a bill than to use its name and SOPA in the same sentence. I think we'd better stop blindly jumping on every bill that is compared with SOPA and start doing checks, like Motbob here was kind enough to do. Passion is a breeding ground for stupidity, and not many things in the world got us more riled up than SOPA. |
| | "How are you?" "I am fine, because it is not normal to scream in pain." |
|
|
 InTheFade United States. April 05 2012 10:56. Posts 1721 | Profile Blog # |
| I've always said that corporations needed more control. Building a better America. |
| |
|
| Myles United States. April 05 2012 11:00. Posts 4339 | Profile Blog # |
Is this not how things already operate? Are cyber-security firms not allowed to share information they collect?
From my admittedly limited knowledge on the subject, this law seems pretty redundant, except maybe the annual report part. |
|
|
| screamingpalm United States. April 05 2012 12:03. Posts 909 | Profile # | |
| | "People who know me, know that my favorite thing are big things that destroy other things" -Jay Wilson |
|
|
| spancho United States. April 05 2012 15:24. Posts 159 | Profile # |
The ACLU has a pretty cogent argument against it.
tl;dr With this law companies can now sell any of your data to the government, to be used for any purpose, whenever they want, without even telling you.
_________________________________________________________________________________________________
"The Cyber Intelligence Sharing and Protection Act would create a cybersecurity exception to all privacy laws and allow companies to share the private and personal data they hold on their American customers with the government for cybersecurity purposes. The bill would not limit the companies to sharing only technical, non-personal data. Instead, it would give the companies discretion to decide the type and amount of information to turn over to the government. If shared in good faith compliance with the statute, these entities would receive full liability protection and would be immune from criminal or civil liability, even after an egregious breach of privacy. Further, once an individual’s information is shared with the government, there would be no restriction on the use of that information. It could be used for any purpose whatsoever and shared with any agency. While such data might be used for cybersecurity purposes, there would be no bar on the government also using it to conduct fishing expeditions for criminal, immigration or other purposes"
-------------------------------------------------------------------------------------------------------------------------------------------------------------------Last edit: 2012-04-05 15:25:51 |
| | "Your face can't hurt 'cuz you're ugly." -Tasteless |
|
|
| Ryuu314 United States. April 12 2012 03:21. Posts 5396 | Profile # |
A bit of a bump, but CISPA is still around and it's still a bad bill. On the surface, CISPA doesn't seem to be infringing on civil liberties or as bad as SOPA. However, the problem right now is that CISPA is extremely broad. The terms of the bill allow it to be used for actions taken by cooporations or the government that can infringe on liberties.
Here's a pretty good article. It's admittedly a biased source, but it's pretty well-written and it has a pdf of the bill itself if you wish to look through it.
http://www.techdirt.com/articles/20120410/12180518442/cispa-is-really-bad-bill-heres-why.shtml |
| |
|
| BlackJack United States. April 12 2012 03:49. Posts 6691 | Profile Blog # |
So a bill that makes it easier for corporations to share information with the federal government just in time for the opening of their 1 million square foot NSA spy center that can supposedly hold up to a trillion terabytes of information? You have to wonder what the government would ever need a trillion terabytes of data storage for? How could they possibly gather enough data to require that much storage? I doubt they had the scope or resources to gather that information, but now it seems this law will make it easier for corporations like facebook and google to share information with the federal government. That's a little unsettling.
link to article about spy center: http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 |
|
|
| NEOtheONE United States. April 12 2012 04:23. Posts 1732 | Profile # |
| The problem with these types of bills is that they are simply too vague. This allows the bills to be exploited to permit things that do infringe on our civil liberties. God forbid the government write a bill with specific language for a change. >_< The bills need to include the limitations of any new powers the bills create. |
| | Abstracts, the too long didn't read of the educated world. |
|
|
| chaoser United States. April 12 2012 04:51. Posts 5538 | Profile Blog # |
| EDIT: nvm Last edit: 2012-04-12 05:24:19 |
| | Haven't you heard? I'm not an ex-progamer. I'm not a poker player. I'm not an admin of the site. I'm mother fucking Rekrul. |
|
|
| motbob United States. April 12 2012 05:01. Posts 11494 | Profile Blog # |
| I think you do not know what "Notwithstanding" means. |
| | <marttorn> lucky I don't live in a culturally diverse place | |
|
|
| chaoser United States. April 12 2012 05:24. Posts 5538 | Profile Blog # |
On April 12 2012 05:01 motbob wrote:
I think you do not know what "Notwithstanding" means.
oops lol, brain fart there. I blame my exams >_> |
| | Haven't you heard? I'm not an ex-progamer. I'm not a poker player. I'm not an admin of the site. I'm mother fucking Rekrul. |
|
|
| Yuka United States. April 12 2012 08:42. Posts 130 | Profile # |
On April 05 2012 11:00 Myles wrote:
Is this not how things already operate? Are cyber-security firms not allowed to share information they collect?
From my admittedly limited knowledge on the subject, this law seems pretty redundant, except maybe the annual report part.
This is pretty much true, yes. Put it this way: because there is no legal framework for these specific issues, cybersecurity entities get quite a bit of freedom and self-discretion as to what they share with whom and under which circumstances. The law just makes this more explicit and specific to cybersecurity. Compare that to how things are now when criminalized individuals or corporate entities are prosecuted under 60s-era telecommunications laws, or under vague amendments in laws written about data management back in the 80s. |
| | Race? No, I'm equally bad with all of them. |
|
|
| EngrishTeacher China. April 20 2012 19:06. Posts 469 | Profile Blog # |
I'm in China, and ALL internet traffic is monitored, 24/7 without fail.
And I have to say, it's not so bad. What does the average citizen have to hide from the government anyway? Nothing really.
The government leaking out your private information to potential 3rd-party opportunists would be something for us to try and prevent, but really, would you really care if government agencies could access your emails to friends complaining about someone at the office acting selfishly? As long as you're not doing anything terribly illegal, the government couldn't give less of a fuck about your "private" information anyway.
Plus, I'm almost certain that the American government already monitors internet traffic more closely than they currently admit. If someone repeatedly, day after day, types into google search terms such as "how to make a bomb, where to obtain ammunition without a license, etc.", I'll eat my shoe if the CIA or whichever agency doesn't find out and do something about it. |
|
|
| Joefish Germany. April 20 2012 19:26. Posts 305 | Profile # |
If companies want to collect and share/sell information they'll just do it no matter if there's a bill that prevents them or not.
IF they got caught what would be the consequences? Pay 500k and you're free.
The bigger the company the less they care.
But what's funny is that people who protest and throw a tantrum are the ones who
tweet when the pooped the last time or share whole photo albums on facebook.
And if people would stop doing such irresponsible things just make ads with Tera Patrick saying
'!!100h free orgy!! give me only your credit card number and date of birth' => $$$.
|
|
|
| Kar98 Australia. April 20 2012 19:33. Posts 922 | Profile # |
Here we go again >_>
So much bitching about this its getting old fast |
| | All I care about is mega-desk. That is all I care about. Getting .. more .. megadesk! |
|
|
| Tennoji April 20 2012 19:41. Posts 50 | Profile # |
On April 05 2012 10:40 motbob wrote:
This bill defines a "protected entity" as an entity with a "system or network" that could be "degraded, disrupted, or destroyed" OR with "private or government information, intellectual property, or personally identifiable information" that it is protecting. In other words, a "protected entity" is pretty much any corporation in the USA.
Is it just me or does a normal person also fit this description of a "protected entitiy" and as such every person has the right to gather any information it could possibly consider as a "threat"? And by extention one could argue that information that was not obtained yet COULD entail valuable information regarding the cybersecurity of yourself as "protected entity" and thus ANY information can be gathered by ANYONE and shared.
Or am i missing something? |
|
|
| 1 2 3 Next All |
|
|
|
Store
WCS
SC2Links Mobile App …
