he used " ... " , his whole post is a citation of someone explaining what CISPA is and how it is dangerous.
''After the showers is the sun.
Will be shining...''
Will be shining...''
CISPA is the contentious bill civil liberties advocates fought last year, which would provide a poorly-defined "cybersecurity" exception to existing privacy law.
Citations not given.
CISPA offers broad immunities to companies who choose to share data with government agencies (including the private communications of users) in the name of cybersecurity.
"broad immunities"
What. Citations not given....
It also creates avenues for companies to share data with any federal agencies, including military intelligence agencies like the National Security Agency (NSA).
There was no special mention of the NSA as I recall, why do they single them out?
“CISPA is deeply flawed. Under a broad cybersecurity umbrella, it permits companies to share user communications directly with the super secret NSA and permits the NSA to use that information for non-cybersecurity reasons. This risks turning the cybersecurity program into a back door intelligence surveillance program run by a military entity with little transparency or public accountability.”
Once again, no citations. The definition is very strict, and nothing suggests any personal data would be transmitted at all. It does not allow "any" data to be transmitted, only threat data. Why would the NSA have transparency? What on earth, that is a completely different issue just shoved in at random.
Indeed, merely using a proxy or anonymization service to let you browse the web privately could be construed to be a cybersecurity threat indicator. Using cryptography to protect one's communications or access systems securely could similarly be taken as a way to defeat an operational control.
Obviously none of this criticism is valid any more, but I will address it. anonymization or proxy has legitimate use and is not an indicator, furthermore neither that or encryption threatens a specific system so does not fit the definition.
First, CISPA would still give businesses1 the power to use "cybersecurity systems" to obtain any "cybersecurity threat information" (CTI)—which could include personal communications—about a percieved threat to their networks or systems. The only limitation is that the company must act for a "cybersecurity purpose," which is vaguely defined to include such things as "safeguarding" networks.
Obviously abuse will be punished. USA is not so idiotic that they will let anything slide so long as people say so right? I can't go and shoot someone at random then say they threatened me, and the police will just take my word for it? Why would people think the same of cyber security?
At the same time, CISPA would also create a broad immunity from legal liability for monitoring, acquiring, or sharing CTI, so long as the entity acted “in good faith.” Our concern from day one has been that these combined power and immunity provisions would override existing privacy laws like the Wiretap Act and the Stored Communications Act.
Of course, "in good faith". Why would anyone have a problem with someone protecting their resources in good faith? If someone abuses their rights they should be punished, as I already said.
Information provided to the federal government under CISPA would be exempt from the Freedom of Information Act (FOIA) and other state laws that could otherwise require disclosure (unless some law other than CISPA already requires its provision to the government).
Citation needed.
CISPA's authors argue that the bill contains limitations on how the federal government can use and disclose information by permitting lawsuits against the government. But if a company sends information about a user that is not cyberthreat information, the government agency does not notify the user, only the company.
Why would the user need to be notified? Do you think you are notified whenever your data is moved? What the heck. Such additional expectations people put on to a new bill that are not existent anywhere else...
But many of our cybersecurity problems arise from software vulnerabilities and human failings, issues CISPA fails to address.
Uh, both software errors and human failings of course fall in to the cyber threat definition. Besides that, if EFF really things it doesn't, why would they bring it up? "I don't like anti-gun law because people are often killed by cancer". What on earth...
So apart from that EFF cites their own articles with their own articles and fail to mention even a single citation from the text, how is this a valid citation?
Most of their points are bogus, and it's obvious they don't understand IT or infosec terminology... On further inspection this is a website that makes a living by claiming everything is out to get you "drone test cites need stronger privacy protection" wtf, they are afraid of drones?
You'd think they'd already be able to do that without need for a bill to be passed, no?
If you believe that's what the bill is for, you are quite frankly very stupid and naive.
Think of it this way: Why the fuck do they need to pass a bill in order for companies to share how they had crimes committed against them? Are they not doing so already? In the case that they aren't, why aren't they?
If you believe that's what the bill is for, you are quite frankly very stupid and naive.
Think of it this way: Why the fuck do they need to pass a bill in order for companies to share how they had crimes committed against them? Are they not doing so already? In the case that they aren't, why aren't they?
Last edited by Hyde; Apr 27, 2013 at 08:09 PM.
Hoss.
