iPhone app iPad app Android phone app Android tablet app More

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors
Hot on the Blog
J. J. AbramsBernard-Henri LĂ©vyMohamed A. El-ErianDr. Jill Biden
Susan Landau

Author, "Surveillance or Security? The Risks Posed by New Wiretapping Technologies"

GET UPDATES FROM Susan Landau
 

Nothing to Fear But Fear Itself

Posted: 04/29/2012 8:53 pm
Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy

The House passed the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that purports to improve U.S. cybersecurity. In fact, the bill does little to protect us but rather a lot to destroy the privacy of American communications.

The bill allows private entities to share "cyber threat" information with the government without liability. Written that way, CISPA doesn't sound so bad. The catch is in the definition of cyber threat information. This includes any information on "(i) a vulnerability of a system or network of a government or private entity; (ii) a threat to the integrity, confidentiality, or availability of a system or network of a government or private entity or any information stored on, processed on, or transiting such a system or network; (iii) efforts to deny access to or degrade, disrupt, or destroy a system or network of a government or private entity; or (iv) efforts to gain unauthorized access to a system or network of a government or private entity, including to gain such unauthorized access for the purpose of exfiltrating information stored on, processed on, or transiting a system or network of a government or private entity."

That's an incredibly broad net. It's big enough to include anyone sending copyrighted information, regardless of whether that use is legal. It's large enough to catch anyone using a system that might slow network traffic, even when the system is legal and being used for legitimate purposes (such as when NASA uses BitTorrent to ship satellite data or a games company does the same for updates to its software; there are lots of legitimate uses for file-sharing software).

So why is industry supporting the bill? It's the "Get Out of Jail Free" card. There's no liability on the companies for sharing private data with the government. If a company gives the government emails that it thinks contains a virus and, in the process, mistakenly exposes a private citizen's private data, CISPA provides a free pass. No violation of HIPAA -- or any other privacy law.

What will the bill accomplish? It will give the National Security Agency loads of private data about Americans, who they're communicating with, when, how often, what they're saying. In some cases, the cyber threat information can be used for the investigation and prosecution of certain crimes, no warrant needed.

The bottom line though is will CISPA help solve the nation's cybersecurity problems? That's where the bill's premise is highly questionable. CISPA allows sharing of cybersecurity threats in an effort to head off attacks as they're occurring. But there's little evidence that such "real-time" sharing can really work. Efforts with the EINSTEIN program for anomaly detection (information sharing to detect odd behavior and protect against it) hasn't netted much; indeed there are reasons to expect that type of response can't be effective at large-scale. The hidden fact is that CISPA completely avoids the issue of protecting critical infrastructure. The bill's authors said the reason for CISPA not covering critical infrastructure was "that [was] outside of our jurisdiction."

With more and more private data residing in third-party providers -- think Gmail and Facebook -- CISPA's refrain might be stated as "bye-bye privacy, bye-bye freedom, bye-bye innocent until proven guilty." This bill creates a privacy invasion that makes the warrantless wiretapping of the Bush administration look like a minor break-in.

In 1789, when this nation was young and not very powerful, we passed the First Amendment, protecting the right to publish and implicitly the right to read anonymously , and the Fourth Amendment, which protects against unreasonable search and seizure. Those amendments have protected Americans and their state for over two centuries. In his inaugural address, Franklin Roosevelt said, "The only thing we have to fear is fear itself -- nameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance." The Obama administration has said it will veto the bill -- as well it should. We need cybersecurity protections, but CISPA is completely the wrong way to go about accomplishing that.

NOTE: Two errors have been corrected from the original posting, which gave a link to the bill brought to the House floor and quoted from that bill, rather than correctly linking to and quoting from the amended bill as passed by the House. These errors resulted from using the most recent version of the bill on thomas.loc.gov as posted on April 29.

 
FOLLOW TECH
The House passed the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that purports to improve U.S. cybersecurity. In fact, the bill does little to protect us but rather a lot to destroy ...
The House passed the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that purports to improve U.S. cybersecurity. In fact, the bill does little to protect us but rather a lot to destroy ...
Related News On Huffington Post:
 

Read more from Huffington Post bloggers:
Howard Steven Friedman

Howard Steven Friedman: NASA Simply Stopped Being a Priority

Will we look back and ask ourselves whether the decision to abandon space was a wise decision? Or will historians look back and identify this decision as a textbook example of when America sacrificed long-term strategic goals for short-term interests.

 
 
  • Comments
  • 8
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Recency  | 
Popularity
photo
vikramadhiman
33 Fans
 
12:41 PM on 04/30/2012
Yes, we don't want another cyber Pearl Harbor but is that threat real? Probably yes. The third world war would be fought in the cyber world. However, does trespassing on my legitimate private data help you secure the world? All these are important questions and unfortunately there are no good answers being provided to these. Maybe, it is the complexity of large corporate's with the legislators or it is in their interest too or it is the protest fatigue from SOPA - but the silence of the valley and even backing of Mircosoft for this bill is really perplexing. All the more reason for everyone to consider their computer and cyber security seriously. A Computer security and Ethical hacking online course would definitely help provide more awareness everywhere - to everyone and make for a better legislation and policy at government, political, corporate and individual level. The balance is what everyone looks for. Unfortunately, it does not seem like happening right now.
Permalink  |
photo
HUFFPOST SUPER USER
ameriki00
113 Fans
10:05 AM on 04/30/2012
The purpose of this and similar laws is to legitimize what the government and private enterprise are already doing.
Permalink  |
photo
HUFFPOST SUPER USER
thecreeksedge
617 Fans
08:37 AM on 04/30/2012
Remember this comes from the small government people. It seems they really want to use government to intrude on the lives on private individuals while sanctioning all kinds of actions that are and will be taken by large corporations, who I guess need to be protected from the little people who are the greatest threat to our country's future. (I use the "who" pronoun because these corporations are now persons.)
Permalink  |
lastpost
see biography
440 Fans
07:21 AM on 04/30/2012
"Nothing to Fear but Fear Itself"
Oh! and a rather sobering truism: Power corrupts, and absolute power corrupts absolutely.

"without liability."
Spelt P. O. L. I. C. E. S. T. A. T. E.

"an incredibly broad net."
Spelt: S.P.Y.N.E.T.

"why is industry supporting the bill"
They don’t realize its their own death warrant.

"What will the bill accomplish"
The end of humanity. But is that such a bad thing?

"The bottom line though is will CISPA help"
citizens monitor government?

"the EINSTEIN program"
Only the universe and state control are infinite.

"bye-bye privacy, bye-bye freedom, bye-bye innocent until proven guilty."
To where Habeas Corpus has gone before.

"when this nation was young and not very powerful"
the bearing of arms was enshrined, to protect the people from political oppression. Welcome Back, to the divine right of rulers.

"The only thing we have to fear is"
f**kwits conjuring up authoritarian regimes, by preventing referendums.

"The Obama administration"
may be the last elected administration we’ll ever see.

"CISPA is"
opening the hen house door for the fox.
Permalink  |
photo
HUFFPOST SUPER USER
adrianna123456
is this thing on?
66 Fans
07:09 AM on 04/30/2012
Its here to protect us. Its not spying, its just watching everything we say and do. I dont like this idea, our business is their business and its not right.
Permalink  |
valueape
6 Fans
05:35 AM on 04/30/2012
we're all going to fema prisons. they're ready and waiting. see ya there, cool people. and no, this isn't about protecting the country from terror or intellectual property rights. this is the prelude to a round up of "deviants". think i'm nuts? read any history books ever?
Permalink  |
photo
Javahead Johnson
Constitutional Hippie, Crash landed in AL.
114 Fans
04:47 AM on 04/30/2012
Firstly, I completely agree! Land of the (kinda) Free, home of the Brave (unless it's our own gov.) But At least we're not COMMIES! oh hey, papers to go state to state?(only by air so far), No bill of rights-Thank you Patriot act, (seems pretty Commie plot to me!), Oh ya the new additions, no right to free peaceful assembly (sorry hippies & forefathers). I was born in 1959, I'm a real "cold war" child. I think we have turned into what we or at least Joseph McCarthy feared most.

I have been on the internet since before the internet (Checkout ARPANET design for it :) ) there have been many attempts at "regulation" we may have something to worry about, we may not. You see part of the beauty & wonder of the internet is it's military childhood, it is the TRUE TERMINATOR, can't be taken down. Question is how much will big bis. sell us out To the gov before we can stop them.

Personally I think we're FCked
Javahead
Permalink  |
Walking Tall
14 Fans
12:31 AM on 04/30/2012
Absolutely we dont need more Govt intrusion and a FREE PASS to do so, The Patriot act surrendered many of our rights to protections, Now Banking, Telecommunications, email etc is all subject to search and siezure. CISPA might be a good bill if it focused on the Hacker, the Irresponsible one, who make victim of credit card users, who allow Nigerian groups to conduct fake business and siphon millions of dollars out of seniors and others. I dont want my personal communications being warehoused in an NSA Server vault, If you say something wrong they then compile YOUR HISTORY, YOUR RECORD, YOU and attempt to garner if you or me is a threat.

Google and Facebook must realize were not BITS and BYTES, were the people who use there SERVICE,

Read the fine print people, in there it says they can do ANYTHING they want to with YOU, your data, your emails, your Pictures, and then SELL AT PROFIT, YOU again you dont have a say so you agreed when you clicked I AGREE, Has anyone read the small print !!!!

Thats whats wrong with CISPA the small print gives OUR GOVERNMENT the right to LISTEN, that ised to be referred to as DOMESTIC SPYING, which was outlawed until George Bush who felt the PATRIOT ACT should be forced on Americans. AT&T installed listening secret rooms, with a full pass by Justice and no legal recourse by US Citizens who they LISTEN TO !!!!! , NO TO CISPA
Permalink  |