20130423 cispa - plembo/onemoretech GitHub Wiki

title: CISPA link: https://onemoretech.wordpress.com/2013/04/23/cispa/ author: phil2nc description: post_id: 4713 created: 2013/04/23 14:22:17 created_gmt: 2013/04/23 18:22:17 comment_status: closed post_name: cispa status: publish post_type: post

CISPA

Interesting take on the CISPA law now that just passed in the U.S. House and is now over in the Senate: CISPA row: Slurped citizen data is ENORMO HACK TARGET. CISPA is the Cyber Intelligence Sharing and Protection Act. From the lead of the above-cited article:

The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva. The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US. But the head of the security firm said the legislation could create several problems, not least of which was the equivalent of sticking a giant 'Hack Me' sign on the government's info stores.

Basically what is being proposed here is that the Government is too stupid, or too lazy, to be trusted with such a mass of information. We are, of course, talking about the same Government that couldn't prevent it's own Secretary of Defense's work e-mail from being hacked by the Chinese. So the threat is not merely theoretical. Is the whole notion of private business sharing this kind of information with the Government a good idea? Maybe, but as usual "the devil is in the details". The problem with any legislation that tries to encourage information sharing between private business and the Government in this country is that protecting citizen privacy is usually an afterthought. Where Europeans have the benefit of multiple layers of laws protecting the privacy of information about citizens, the United States has a few very narrowly defined statutes such as HIPPA (covering medical information), FCRA (credit) and ECPA (electronic communications). We Americans have just not thought this stuff though very thoroughly, and in those few places that we have, we've done it badly. We are, as I note above, even worse at keeping private data safe once we've gathered it -- even where there's clear agreement that a particular bit of information should be kept under lock and key. Right now odds are that the Senate majority will either not schedule a vote on the bill as referred from the House or will defeat it. In the event it should pass the Senate, the President has already issued an unusually blunt statement that he would veto it. Of course in Washington, anything can happen. And no one can be trusted. This is the offical list of CISPA supporters published on the U.S. House of Representatives web site. Note that although some of those listed below may have belatedly softened their support, there comes a time when "too little too late" needs to apply even to business overlords and defiers of gravity. H.R. 3523 - Letters of Support 06-27-12 - Michigan Department of Military & Veterans Affairs, Lansing Supporting CISPA 04-25-12 - American Fuel & Petrochemical Manufacturers Letter to Boehner & Pelosi Supporting CISPA 04-25-12 – American Petroleum Institute Supports CISPA 04-25-12 – 11 Financial Trade Associations Support CISPA 04-24-12 – SIMFA Letter of Support for CISPA 04-23-12 – ASIS Letter Supporting HR 3523 04-23-12 - 9 Utilities Groups Support CISPA 04-20-12 - TechNet Sends Letter of Support for CISPA to Rogers and Ruppersberger 04-18-12 - Multiple Tech Association Letter to Boehner & Pelosi in support of CISPA 04-17-12 – Bay Area Council Supports CISPA 04-17-12 – TechAmerica Supports CISPA Multi-industry Letter to Speaker Boehner & Minority Leader Pelosi on CISPA AT&T Boeing BSA Business Roundtable CSC COMPTEL CTIA - The Wireless Association Cyber, Space and Intelligence Association Edison Electric EMC Exelon Facebook The Financial Services Roundtable IBM Independent Telephone & Telecommunications Alliance Information Technology Industry Council Intel Internet Security Alliance Lockheed Martin Microsoft National Cable & Telecommunications Association NDIA Oracle Symantec TechAmerica US Chamber of Commerce US Telecom - The Broadband Association Verizon Here's who voted "yea" and "nay" on it in the House on 18 April 2013: Final Vote Results for Roll Call 117

Copyright 2004-2019 Phil Lembo