What is CISPA?
CISPA, known officially as H.R. 624, is a cybersecurity Bill, ostensibly designed to help prevent and defend against cyberattacks on critical national infrastructure and against other internet attacks on private firms by obtaining and sharing “cyberthreat information” . It passed the House last week (288-127 in favor) in days that found the nation stunned by the horrific terror attack at the Boston Marathon, the subsequent five-day manhunt for the remaining (and now captured) suspect and the gruesome workplace explosion in West, Texas that left many dead and injured. CISPA is now winding its way through the Senate.
This Is Good For Us, Correct?
On paper CISPA reads well and appears to be a tightening of security against potential cyber attacks. We’ve now entered into a dark area of cyberspace; that which is focused on causing mayhem – where cyberthreats are routinely are received (and thankfully, overwhelmingly neutralized) by government agencies, the military and big corporations. In 2010, the Pentagon declared cyberspace as a new domain in warfare and established the United States Cyber Command (USCyberCom) to defend American military networks, and if necessary, attack other countries’ systems. USCyberCom however was (and remains) active only to protect our military. Government infrastructure and corporations are primarily the responsibility of the Department of Homeland Security and private companies – until CISPA, as expected, passes the Senate in the coming days.
So Why The Concern?
CISPA, in its current version, allows firms and agencies from the private sector to acquire and search sensitive data relating to U.S. citizens. Under the guise of using such sharing — without court-ordered warrants — allegedly to combat cybercrime, data including heath records, banking and online activity could be shared without anonymization. Extending the bill’s definition: it permits private firms to hand over private user data while circumventing existing privacy laws, such as the Wiretap Act and the Stored Communications Act. This means that CISPA can permit private firms to share your data, such as emails, text messages, and cloud-stored documents and files, with the US government again without the need for a warrant.
It also gives these firms legal protection to hand over such data. There is no judicial oversight.
Other factors to consider are that tech giants including Twitter, Facebook and Google would not be able to protect your privacy, as no legal reprisal could be mounted against such data sharing, and U.S. intelligence agencies would be able to hand over classified information to groups without security clearance.
Finally, and perhaps worst of all, because there is little transparency and individual accountability, those who have had their data handed to the US government may not even know about it or be given a chance to challenge it.
We need to ask ourselves and certainly our elected representatives, at what price security? As a security specialist, I certainly understand the need for firm policies that will reduce the effectiveness of cyber attacks, but like most people, I’m have not been given an unfiltered explanation of how the aggregation of personal information by private companies, handed over to the government, without a clearly defined need by such and that which can be obtained without a warrant by the government, is necessary or even constitutional. Yes, there is an expectation of privacy of personal medical records, credit information and personal email.
Let’s stay sharply focused on how CISPA is used and probably, abused, by corporations and governmental agencies.
Our Operatives: Street mart; info savvy.
As always, stay safe.
- House Passes CISPA, Guts Online Privacy (drudge.com)
- CISPA Passed This Week Against Objections, Pleas, And Rationality (techcitement.com)
Filed under: cyber crime, cyber investigations, cyber law, cyber threat, cyberattack, cybersecurity, data, databases | Tagged: CISPA, Cyber Intelligence Sharing and Protection Act, cyber security, cyber threat, cyberattack, facebook, google, Senate, US government | Leave a Comment »