Be a Supporter!

Cispa Bill Passed In The House...

  • 1,879 Views
  • 44 Replies
New Topic Respond to this Topic
Feoric
Feoric
  • Member since: Mar. 20, 2004
  • Offline.
Forum Stats
Member
Level 02
Blank Slate
Response to Cispa Bill Passed In The House... 2012-04-28 02:19:55 Reply

At 4/27/12 11:21 PM, Camarohusky wrote:
At 4/27/12 10:11 PM, Feoric wrote: Let me propose you, then, show me how this bill is a good thing. Using the language of the bill, of course. But I'll do what you asked me to, I guess, if you wanna be like that.
I am not claiming the bill is a good thing. I am calling foul on the "sky is falling" claims regarding it.

True, lot's of people are being a bit melodramatic about this, but considering it's potential implications it might be warranted. Ultimately we'll find out somewhere in the future, yeah?

I kinda cant copy and paste the bill here because of the formatting and I don't want to sit here and waste 40 minute editing it so i'm just going to tell you where to look.
My adobe isn't working properly, so I can't see your link. Look on the link Angryhatter posted and point me to the section (e.g. Section (II)(a)(3)(B))

This probably isn't very hard at all but I am having the hardest time in the world figuring out how to put it in that format (lol) so I'm just gonna be an idiot say say it's on page 8, line 9. Starts with (1) LIMITATION...

And, I mean, can this really be called a cyber security bill at all, anymore? The government would be able to search information it lawfully collects under CISPA for the purposes of "investigating American citizens" with complete immunity from all privacy protections as long as they can claim someone committed a "cybersecurity crime". Can anyone tell me how this does NOT violate the 4th Amendment?
First off, all this bill does is authorizes the government to accept information from private parties. I have yet to see anything that says that government cannot recieve information voluntarily provided to it by private parties.

Also, it's not an unlawful search if you have no right to the thing searched.

Gotcha, I lost my link and it's way too late for me to dig my history but I'll get back to you in the morning.

The US government also already has the right to seize domains inside the us they believe are used for piracy, and have been doing so since 2010.You somehow think it'll be even better if we can just cut off any major site from funding or indexing a foreign site that is accused of IP theft, which has thoroughly been explained why it very clearly and explicitly is not during the SOPA/PIPA protests. IP protection is not bad. The way this bill and it's amendments go about doing so is.
What does this bill have to do with SOPA/PIPA?

You brought up IP protection being important, I showed a very frightening implication of vaguely worded bills that could allow the government to take down foreign and domestic websites albeit via different means.

SOPA/PIPA have very little to do with CISPA.

Really? Not being snarky here, I really wanna hear your explanation for this. To me it seems like just a rehash of the same thing, something that was bound to happen anyway.

Camarohusky
Camarohusky
  • Member since: Jun. 22, 2004
  • Offline.
Forum Stats
Member
Level 09
Movie Buff
Response to Cispa Bill Passed In The House... 2012-04-28 11:11:04 Reply

At 4/28/12 02:19 AM, Feoric wrote: True, lot's of people are being a bit melodramatic about this, but considering it's potential implications it might be warranted. Ultimately we'll find out somewhere in the future, yeah?

There have been numerous "sky is falling" laws, both legislative and judicial, yet rarely have the worries ever panned out. A large part of this is that the sky is falling arguments almost always use the slippery slope, or worst case scenarios to argue their point. When the government passes a statute like this, it does so with a very specific purpose in mind, and while it can be slightly overbroad, that's OK (legally). It's a rare case where the government passes a statute like this and that statute is used for a purpose not intended or foreseen. In those cases it is merely a formality. I firmly believe that if the government truly wanted to abuse a statute like this, they would do it regardless of whether the statute existed or not.

This probably isn't very hard at all but I am having the hardest time in the world figuring out how to put it in that format (lol) so I'm just gonna be an idiot say say it's on page 8, line 9. Starts with (1) LIMITATION...

It is hard to read this format. The section is (c)(1). For being so far down the bill it's got a pretty short citation.

I forgot what the comment was... So now that we've pinpointed the language, what were you saying about it again?

Gotcha, I lost my link and it's way too late for me to dig my history but I'll get back to you in the morning.

You brought up IP protection being important, I showed a very frightening implication of vaguely worded bills that could allow the government to take down foreign and domestic websites albeit via different means.

That was SOPA/PIPA, and again, I didn't see much in the language that would allow for the government to run around willy nilly shutting down websites. I did notice a lack of any recompense for those whose sites got shut down, then again, I saw nothing that foreclosed the aggrieved from using regular judicial means either (i.e. TROs, injunctions, 1983 suits and so on)

Really? Not being snarky here, I really wanna hear your explanation for this. To me it seems like just a rehash of the same thing, something that was bound to happen anyway.

CISPA is merely an information sharing statute. It allows for the sharing and use of information (although we haven't really established what is currently legal). The big network companies have a dog in the fight in protecting their servers. Google would love to have the NSA providing them with information on possible threats to the Google servers. The NSA gets Google's information relevant to national security, and Google gets the NSA's information relevant to their economic security. It, if it works properly, presents a good opportunity for a symbiotic relationship between tech companies and the government.

SOPA/PIPA on the other hand was a pseudo-penal statute. It authorized the government to go and take down websites with little to no opposition (at least before the shut down) from the operator of the site. Not only did this present a possibility (albeit extremely slight for the reputable tech companies) that they might be a target, it could hurt their clients. Google likely makes a significant amount of ad revenue from people searching for the illegals sites. Server operators make money because the illegal sites pay for server space.

Whereas CISPA represents an opportunity to protect their income base SOPA/PIPA represented a threat to it. The tech companies are working off of cold hard economic interests here, not the altruistic solidarity many thought.

Feoric
Feoric
  • Member since: Mar. 20, 2004
  • Offline.
Forum Stats
Member
Level 02
Blank Slate
Response to Cispa Bill Passed In The House... 2012-04-28 12:26:34 Reply

At 4/28/12 11:11 AM, Camarohusky wrote: There have been numerous "sky is falling" laws, both legislative and judicial, yet rarely have the worries ever panned out. A large part of this is that the sky is falling arguments almost always use the slippery slope, or worst case scenarios to argue their point. When the government passes a statute like this, it does so with a very specific purpose in mind, and while it can be slightly overbroad, that's OK (legally). It's a rare case where the government passes a statute like this and that statute is used for a purpose not intended or foreseen. In those cases it is merely a formality. I firmly believe that if the government truly wanted to abuse a statute like this, they would do it regardless of whether the statute existed or not.

Well, you also have to take in account of who is saying what. I mean of course you get the loons on abovetopsecret or alex jones or the run of the mill conspiracy theorists who cry at literally every bill every passed, but I guess this is sort of boy who cried wolf effect. The point I (and others) are trying to make is this: why even have the bill worded in such a way that even allows the government to have power it hopefully wouldn't use in the first place? Why is that necessary? Now, does that mean Obama will sign the bill and install a junta on day one? No. But my fear is what the President 5 election cycles from now will be like. As for the disregard of legality, good point, but making it flat out legal just makes it so much easier.

I forgot what the comment was... So now that we've pinpointed the language, what were you saying about it again?

I'll just copy and paste:

Can you tell me how this isn't just another addition to the list of acceptable purposes for which shared information can be used? I counted three (3) more valid uses: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Originally, in the main bill, cispa allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed by this amendment (which, ironically, the whole purpose of the amendment was to LIMIT what the government could do). So now the tally is up to 5 acceptable purposes, all of which are vague.

That was SOPA/PIPA, and again, I didn't see much in the language that would allow for the government to run around willy nilly shutting down websites. I did notice a lack of any recompense for those whose sites got shut down, then again, I saw nothing that foreclosed the aggrieved from using regular judicial means either (i.e. TROs, injunctions, 1983 suits and so on)

The phrase "Not-withstanding any other provision of law.." is used twice. A CRS report warned us with this passage: "Alternately, a bill may preface new provisions being added to law with such a phrase as, âEUoenotwithstanding any other provision of law.âEUSuch a phrase tends to imply that the new language is intended to supersede any conflicting provisions of previous law. This broad phrase, however, does not specify which provisions it is meant to refer to, and may therefore have unforeseen consequences for both existing and future laws." I guess it's not so much that "the bill does not say x and happen", it's more of "the bill is worded in such a way that it allows x to happen." With "not-withstanding" in there this allows 'cybersecurity providers" and "self-protected entities" to bypass wiretap laws, privacy policies, record laws (medical, etc), census data, and other statutes that protect information in cooperation with the government. How can this bill be potentially used? Does this allow warrantless wiretapping? Why even allow the government to have that power, even if they never use it?

These lawmakers are a hell of a lot smarter than me when it comes to writing bills. I doubt the language used here wasn't intentional, which frankly is the scariest part. They intended to make CISPA trump all existing federal and state civil and criminal laws.

Really? Not being snarky here, I really wanna hear your explanation for this. To me it seems like just a rehash of the same thing, something that was bound to happen anyway.
CISPA is merely an information sharing statute. It allows for the sharing and use of information (although we haven't really established what is currently legal). The big network companies have a dog in the fight in protecting their servers. Google would love to have the NSA providing them with information on possible threats to the Google servers. The NSA gets Google's information relevant to national security, and Google gets the NSA's information relevant to their economic security. It, if it works properly, presents a good opportunity for a symbiotic relationship between tech companies and the government.

At what cost to citizens? I'm sorry but I don't have this "The Corporations: Our friends" mentality. With stuff like Room 641A (something retroactively made legal, AT&T & Verizon handing billions of records to the NSA, Verizon handing over records to the FBI without court orders, I can't see how these companies aren't deeply embedded into Washington. I'm not expecting these companies to be ethical with my privacy if the government wants them.

MalacodaAligheri
MalacodaAligheri
  • Member since: Oct. 25, 2003
  • Offline.
Forum Stats
Member
Level 10
Audiophile
Response to Cispa Bill Passed In The House... 2012-04-28 14:00:24 Reply

It ain't the bill itself that concerns me; it's the mentality current government, "special interest" groups (corporations in particular), and even "We the People" possess.

The "haves" (gov't/SIGs)are addicts to their own success; they need more power, more money, more prestige, more respect just to function-- and they'll do anything to keep the juice flowing. So it has been since civilization began. The conspiracy nuts got that right, at least.

The "have-nots" (the rest) suffer from "NIMBY" ("Not In My BackYard!") syndrome, terminal apathy, and an "It won't touch me!" complex.

Both groups are products of current society; seeking only instant gratification and not ready, willing, or able to see beyond one's "tribe:" family, close friends, and work colleagues.


I declare WAR upon Portal Spamming!
Now I'm beginning to understand the phrase "Freedom isn't free."

JimmyTheCaterpillar
JimmyTheCaterpillar
  • Member since: Aug. 12, 2011
  • Offline.
Forum Stats
Member
Level 17
Writer
Response to Cispa Bill Passed In The House... 2012-04-28 14:25:17 Reply

Political Parties. That phrase should considered an extremely bad swear.


SIG BY AMARANTHUS.| I USED TO BE BROKENRECORD6299 AND UNCLECUBONE
| I'm in a band 'n stuff.| Here's some advice on how to be a writer.
I ENJOY CRANBERRY SAUCE. A LOT.

BBS Signature
adrshepard
adrshepard
  • Member since: Jun. 18, 2003
  • Offline.
Forum Stats
Member
Level 07
Blank Slate
Response to Cispa Bill Passed In The House... 2012-04-28 17:51:43 Reply

At 4/28/12 12:26 PM, Feoric wrote: Can you tell me how this isn't just another addition to the list of acceptable purposes for which shared information can be used? I counted three (3) more valid uses: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Originally, in the main bill, cispa allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed by this amendment (which, ironically, the whole purpose of the amendment was to LIMIT what the government could do). So now the tally is up to 5 acceptable purposes, all of which are vague.

Actually I'd be surprised if it offered specific reasons. The information the bill tries to safeguard can be used in any number of damaging ways: espionage, sabotage, blackmail, intellectual property theft, identify theft, etc. There's no reason for the bill to spell out every conceivable crime.
And even if you don't want to believe that, remember that national security legislation is not a black and white rule for action. Nowhere does it say that so-and-so has sole, unchecked authority to decide what constitutes a threat to cybersecurity or children. My guess is that the ISPs and government agencies involved already agree on what the potential threats could be and that this bill formally allows them to cooperate. So, while it's not impossible that this bill could allow the hundreds of people involved in any protective action to fulfill some shared malicious goal, the chances of that are far less likely (and the consequences arguably less damaging) than any of the crimes CISPA tries to prevent.

At what cost to citizens? I'm sorry but I don't have this "The Corporations: Our friends" mentality. With stuff like Room 641A (something retroactively made legal, AT&T & Verizon handing billions of records to the NSA, Verizon handing over records to the FBI without court orders, I can't see how these companies aren't deeply embedded into Washington. I'm not expecting these companies to be ethical with my privacy if the government wants them.

I don't think he meant "economic security" to mean personal information to be used for product development and advertising, but protecting against the financial costs of a cyberattack.

Feoric
Feoric
  • Member since: Mar. 20, 2004
  • Offline.
Forum Stats
Member
Level 02
Blank Slate
Response to Cispa Bill Passed In The House... 2012-04-28 19:17:50 Reply

At 4/28/12 05:51 PM, adrshepard wrote: Actually I'd be surprised if it offered specific reasons. The information the bill tries to safeguard can be used in any number of damaging ways: espionage, sabotage, blackmail, intellectual property theft, identify theft, etc. There's no reason for the bill to spell out every conceivable crime.
And even if you don't want to believe that, remember that national security legislation is not a black and white rule for action. Nowhere does it say that so-and-so has sole, unchecked authority to decide what constitutes a threat to cybersecurity or children. My guess is that the ISPs and government agencies involved already agree on what the potential threats could be and that this bill formally allows them to cooperate. So, while it's not impossible that this bill could allow the hundreds of people involved in any protective action to fulfill some shared malicious goal, the chances of that are far less likely (and the consequences arguably less damaging) than any of the crimes CISPA tries to prevent.

The stuxnet attack does a good job of showing what real cyber-attacks look like: an expensive, technically complicated operation by a state-funded group that did a modest amount of damage to a single facility, one time. It isn't some sort of reusable weapon that will prevent Iran from eventually enriching as much uranium as it wants. The US civilian infrastructure simply isn't vulnerable to that sort of thing. Failures, accidents and vandalism happen all the time and dealing with them is just part of the job.

I don't think he meant "economic security" to mean personal information to be used for product development and advertising, but protecting against the financial costs of a cyberattack.

Got it, but I still think the threat of a "cyberattack" is largely manufactured by corporations who want vast amounts of subsidies and guaranteed business, like Symantec or HBGary.

Camarohusky
Camarohusky
  • Member since: Jun. 22, 2004
  • Offline.
Forum Stats
Member
Level 09
Movie Buff
Response to Cispa Bill Passed In The House... 2012-04-28 21:28:00 Reply

At 4/28/12 12:26 PM, Feoric wrote: The point I (and others) are trying to make is this: why even have the bill worded in such a way that even allows the government to have power it hopefully wouldn't use in the first place? Why is that necessary?

The nature of warfare, especially the clandestine and unorganized (i.e. done by civilians instead of standing armies) is highly unpredictable and extremely maleable. Who really predicted that commercial 767s would make effective missiles until 9/11? Who knew how much a subway system was a death trap for gas until the Seran gas attack on Tokyo?

Granting some leeway on these areas allows for quick reactions to attacks or credible threats that fall outdie the box of conventional thinking at the time. In the end it's a trade off of unlikelies: the government will intetionally use the information against the people, or a hostile will use the limits of the protection against us. In the end it comes down to who you trust more, a government with at the very least some obligation to the people, or a hostile who has no obligation coupled with a severe amount of anger and hatred? I would take the government on that any day. The leeway here is more than limited enough to keep anything egregious from happening (or at least it being legal).

Now, does that mean Obama will sign the bill and install a junta on day one? No. But my fear is what the President 5 election cycles from now will be like. As for the disregard of legality, good point, but making it flat out legal just makes it so much easier.

Not worried either. By then a few of these cases will have been litigated and some private parties will have been slapped down extremely hard. Hard enough to make them very careful when they deal with this.

Can you tell me how this isn't just another addition to the list of acceptable purposes for which shared information can be used? I counted three (3) more valid uses: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Originally, in the main bill, cispa allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed by this amendment (which, ironically, the whole purpose of the amendment was to LIMIT what the government could do). So now the tally is up to 5 acceptable purposes, all of which are vague.

Section (c)(1) in the document I have only lists the cybersecurity and national security reasons. Either the child abuse section was edited out, or the version I have is old. I would liek to see the exact language here, cause a few seemingly minimal words can make a huge difference. This all depends on the meaning and the scope of the word "protection". If "protection" is limited to physical harm or serious abuse then I see little to worry about. Only so much information can be relevant with regard to national security, sybersecurity, and physical harm. Now, if "protection" were broader to include emotional or moral protection, then there would be some serious cause for concern.

The phrase "Not-withstanding any other provision of law.." is used twice.

In CISPA or SOPA/PIPA?

With "not-withstanding" in there this allows 'cybersecurity providers" and "self-protected entities" to bypass wiretap laws, privacy policies, record laws (medical, etc), census data, and other statutes that protect information in cooperation with the government. How can this bill be potentially used? Does this allow warrantless wiretapping? Why even allow the government to have that power, even if they never use it?

This is a vast overstatement of what the bill allows and some parts of this are flat out incorrect.

First off, the only parties subject to the "not-withstandings" are cybersecurity providers and self-protected entities, both of which are not government.

Second it only allows for the sharing of information gained by "cybersecurity systems". These are defined as protective systems meant to halt attacks on systems or networks, and protective systems meant to halt the theft of information. They do not include offensive information gathering, such as wiretaps. These systems are more akin to firewalls, virus protectors, and other like defensive systems.


These lawmakers are a hell of a lot smarter than me when it comes to writing bills. I doubt the language used here wasn't intentional, which frankly is the scariest part. They intended to make CISPA trump all existing federal and state civil and criminal laws.

Overriding those laws on a very very small area. The private entities must still comply with all facets of this law for the protection to apply. If they send the wrong information, send information without the proper consent, send information without taking appropriate privacy steps, use any recieved information for purposes other than cyber security, or do any of this in bad faith, they will be subject to the other laws.

At what cost to citizens? I'm sorry but I don't have this "The Corporations: Our friends" mentality.

First off, I was only speaking of why the major players who opposed SOPA/PIPA are now supporting CISPA. The anti-SOPA/PIPA crowd rallied around these major players as if these players were taking a stand for privacy, First Amendment, or any other altruistic reasons. That's just not the case. While SOPA/PIPA presented a threat to their income, CISPA presents an opportunity for them to better protect against cyber threats that could hurt their bottom line or in the worst case destroy them.

Here are some examples:
A couple months ago at my intership, we were having email problems. Turned out, someone had opened a virus email. That virus then turned the county server into a zombie and sent out so many emails the email system for the entire county government shut down in a day. The second most populous county in the State and one of the most populous counties in the Western US was essentially without a major function for over a day because some low level phishing virus.

Back in 2000 many major corporations and government, including the Pentagon, had to completely shut down their email servers because the I LOVE YOU worm had overloaded them.

Both of these were fairly unsophisticated viruses that shut down vital servers. Imagine what a sophisticated and targeted attack could do.

I'm not expecting these companies to be ethical with my privacy if the government wants them.

If they're unethical, then sue them. While ethics and good faith are not the same, it's hard to have one without the other.

Feoric
Feoric
  • Member since: Mar. 20, 2004
  • Offline.
Forum Stats
Member
Level 02
Blank Slate
Response to Cispa Bill Passed In The House... 2012-04-29 01:37:49 Reply

At 4/28/12 09:28 PM, Camarohusky wrote: The nature of warfare, especially the clandestine and unorganized (i.e. done by civilians instead of standing armies) is highly unpredictable and extremely maleable. Who really predicted that commercial 767s would make effective missiles until 9/11? Who knew how much a subway system was a death trap for gas until the Seran gas attack on Tokyo?

Then I guess that's where you and I differ. I hate nitpicking (I really can't help myself, sorry), but 2 747s and 2 757s, no 767s, were used on 9/11. But your point still stands. However, I just don't see how "granting leeway" (granting leeway on what, exactly? A bill's constitutionality in contrast to the threat it promises to quell? I'm not trying to put words in your mouth, I honestly don't know.) eliminates these "super threats" (in terms of scale and potential/actual damage/causalities). They're often so deadly because the "enemy" (whoever it may be at the time) is one step ahead of the game in terms of manipulating security loopholes, logistics, intelligence, etc. Prior to 9/11 there was absolutely no precedent in dealing with such a crisis. The precedent was made after the decisions were made by Bush and his inner circle on how to deal with them. I don't think Cheney was too concerned with whether or not the commands he was giving was legal or not, considering the circumstances (not saying he ordered anything illegal).

Section (c)(1) in the document I have only lists the cybersecurity and national security reasons. Either the child abuse section was edited out, or the version I have is old. I would liek to see the exact language here, cause a few seemingly minimal words can make a huge difference. This all depends on the meaning and the scope of the word "protection". If "protection" is limited to physical harm or serious abuse then I see little to worry about. Only so much information can be relevant with regard to national security, sybersecurity, and physical harm. Now, if "protection" were broader to include emotional or moral protection, then there would be some serious cause for concern.

(1) LIMITATION.-The Federal Government may use cyber threat information shared with the Federal Government in accordance with subsection (b) -
(A) for cybersecurity purposes;
(B) for the investigation and prosecution of cybersecurity crimes;
(C) for the protection of individuals from the danger of death or serious bodily harm and the investigation and prosecution of crimes involving such danger of death or serious bodily harm;
(D) for the protection of minors from child pornography, any risk of sexual exploitation, and serious threats to the physcal safety of such minor, includiong kidnapping and trafficking and the investigation and prosecution of crimes involving child pornography, any risk of sexual exploitation, and serious threats to the physical safety of minors, including kidnapping and trafficking, and any crime referred to in 2258(a)(2) of title 18, United States Code; or
(E) to protct the national security of the United Sates.

In CISPA or SOPA/PIPA?

I'm referring specifically to CISPA.

First off, the only parties subject to the "not-withstandings" are cybersecurity providers and self-protected entities, both of which are not government.

Correct, I type fast and I didn't proofread that post. That's what I meant to say, I stand corrected.

Second it only allows for the sharing of information gained by "cybersecurity systems". These are defined as protective systems meant to halt attacks on systems or networks, and protective systems meant to halt the theft of information. They do not include offensive information gathering, such as wiretaps. These systems are more akin to firewalls, virus protectors, and other like defensive systems.

Here is the language of the bill that, at least it seems to me, does not prevent offensive information gathering:

(1) IN GENERAL.âEU"

(A) CYBERSECURITY PROVIDERS.âEU"Not-withstanding any other provision of law, a cybersecurity provider, with the express consent of a protected entity for which such cybersecurity provider is providing goods or services for cybersecurity purposes, may, for cybersecurity purposesâEU"
(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such protected entity; and
(ii) share such cyber threat information with any other entity designated by such protected entity, including, if specifically designated, the Federal Government.

(B) SELF-PROTECTED ENTITIES.
Not-withstanding any other provision of law, a selfprotected entity may, for cybersecurity purposesâEU"
(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such self-protected entity; and
(ii) share such cyber threat information with any other entity, including the Federal Government.

Overriding those laws on a very very small area.

I don't think it's a very small area, and even if it was, it wouldn't make me feel better.

The private entities must still comply with all facets of this law for the protection to apply. If they send the wrong information, send information without the proper consent, send information without taking appropriate privacy steps, use any recieved information for purposes other than cyber security, or do any of this in bad faith, they will be subject to the other laws.

I'm really really confused. After reading the passages I pasted and reading countless articles from numerous websites, I'm seeing the exact opposite thing. What exactly am I missing? I appologize if I seem thick, I'm trying to understand.

First off, I was only speaking of why the major players who opposed SOPA/PIPA are now supporting CISPA. The anti-SOPA/PIPA crowd rallied around these major players as if these players were taking a stand for privacy, First Amendment, or any other altruistic reasons. That's just not the case.

Sorry for misreading what you said. Also I absolutely agree with you, they were only protesting because they knew how badly the bill would negatively affect them.

While SOPA/PIPA presented a threat to their income, CISPA presents an opportunity for them to better protect against cyber threats that could hurt their bottom line or in the worst case destroy them.

I think differently. They punch under their weight, politically, for a variety of reasons, including that disdain of politics and political engagement is common among silicon valley folks. I've seen super-anti-sopa friends express open disgust at Google/Apple/Facebook spending any amount of money on lobbying. I can understand why: it's seen as anti-competitive, which is the kind of horseshit only old, weak companies try to pull. But I think it may be the best way for famous, capital-rich companies to protect their ability to innovate, and I'm almost certain it beats inaction.

Both of these were fairly unsophisticated viruses that shut down vital servers. Imagine what a sophisticated and targeted attack could do.

As I said earlier, why even bother with a sophisticated and targeted attack? Look at stuxnet: an expensive, technically and geopolitically complicated ordeal that didn't accomplish much in the grand scheme of things, unless the main objective of the operation was to instill fear of cyberattacks instead of actually causing massive damage (possibly both!). Power plant security is important, mandating people to inspect them independantly to look for shoddy construction, procedures and repairs or untrained, incompetent or understaffed personnel is very important. If a crude worm can cause such destruction on a large scale, why bother with hollywood-level hacking? Honestly, you can do just as much damage if not more just by jumping over a fence and taking out 750kw generators on a large scale.

Camarohusky
Camarohusky
  • Member since: Jun. 22, 2004
  • Offline.
Forum Stats
Member
Level 09
Movie Buff
Response to Cispa Bill Passed In The House... 2012-04-29 13:10:53 Reply

At 4/29/12 01:37 AM, Feoric wrote: Then I guess that's where you and I differ. I hate nitpicking (I really can't help myself, sorry), but 2 747s and 2 757s, no 767s, were used on 9/11.

2 767s and 2 757s actually. No 747s involved.

However, I just don't see how "granting leeway" (granting leeway on what, exactly? A bill's constitutionality in contrast to the threat it promises to quell? I'm not trying to put words in your mouth, I honestly don't know.) eliminates these "super threats" (in terms of scale and potential/actual damage/causalities). They're often so deadly because the "enemy" (whoever it may be at the time) is one step ahead of the game in terms of manipulating security loopholes, logistics, intelligence, etc.

Exactly. Giving a little bit of leeway allows for quick reaction to credible threats or to actual attacks without having to go to Congress and request a change.

(1) LIMITATION.-The Federal Government may use cyber threat information shared with the Federal Government in accordance with subsection (b) -
(A) for cybersecurity purposes;
(B) for the investigation and prosecution of cybersecurity crimes;
(C) physical harm
(D) child sex crimes
(E) national security

This is sufficently limited. The use of information to stop these crimes involves only a small amount of the possible information out there. Political, social, artistic speech/information does not apply to these categories.

Second it only allows for the sharing of information gained by "cybersecurity systems". These are defined as protective systems meant to halt attacks on systems or networks, and protective systems meant to halt the theft of information. They do not include offensive information gathering, such as wiretaps. These systems are more akin to firewalls, virus protectors, and other like defensive systems.
Here is the language of the bill that, at least it seems to me, does not prevent offensive information gathering:

(1) IN GENERAL.âEU"

(A) CYBERSECURITY PROVIDERS.âEU"Not-withstanding any other provision of law, a cybersecurity provider, may, for cybersecurity purposesâEU"
(i) use cybersecurity systems

(B) SELF-PROTECTED ENTITIES.
Not-withstanding any other provision of law, a selfprotected entity may, for cybersecurity purposesâEU"
(i) use cybersecurity systems

A quite small source of information. They may only use cybersecurity systems to gather the information.

I don't think it's a very small area, and even if it was, it wouldn't make me feel better.

Think of this as like security camera footage. The anti-folks are acting as if this allows for the setting up and sharing of security camera footage anywhere, including in your home. This could not be further from the truth. CISPA is more like allowing businesses to have security cameras in their businesses and their parking lots, then letting them share that footage for limited purposes, such as solving interal crimes, internal thefts, as well as etxernal crimes.

I'm really really confused. After reading the passages I pasted and reading countless articles from numerous websites, I'm seeing the exact opposite thing. What exactly am I missing? I appologize if I seem thick, I'm trying to understand.

The notwithstanding only applies when the entity follows the law. If they do not follow every element of the law, the plaintiff would argue that they failed to actually follow the law and therefore are not able to avail themselves of the protections within.


As I said earlier, why even bother with a sophisticated and targeted attack? Look at stuxnet: an expensive, technically and geopolitically complicated ordeal that didn't accomplish much in the grand scheme of things, unless the main objective of the operation was to instill fear of cyberattacks instead of actually causing massive damage (possibly both!). Power plant security is important, mandating people to inspect them independantly to look for shoddy construction, procedures and repairs or untrained, incompetent or understaffed personnel is very important.

First off, comparing a plant in Iran to the entire grid in a developed country is just not adequate. See how much trouble is caused when the Northeastern Seaboard has a routine power outage for a few hours. A well done attack on that system could shut the economic center of the developed world for much much longer than just a few hours. An attacker can also do this without exposing themselves to any direct danger thus saving themselves for afuture attack. They can also do this with relative anonymity.

Second, since when was terrorism/clandestine warfare a cheap endeavor?

If a crude worm can cause such destruction on a large scale, why bother with hollywood-level hacking?

Because crude worms are easy to detect, and they are hard to control. Sure, I LOVE YOU caused massive damage, but it'd be very hard to replicate it. A targeted attack could bypass this security and it could attack vital systems instead of merely attempting to shut down a system by clogging it.

Eltro2kneo
Eltro2kneo
  • Member since: Apr. 12, 2008
  • Offline.
Forum Stats
Member
Level 27
Movie Buff
Response to Cispa Bill Passed In The House... 2012-05-06 22:02:18 Reply

Jeez, these long text boxes over a debate!

But still, even if it passes congress, it can still get forced to be taken down from laws.


Words do not kill people, people kill words.
You have no enemies, you are your enemy.
Eltro Mato

Camarohusky
Camarohusky
  • Member since: Jun. 22, 2004
  • Offline.
Forum Stats
Member
Level 09
Movie Buff
Response to Cispa Bill Passed In The House... 2012-05-06 22:47:09 Reply

At 5/6/12 10:02 PM, Eltro2kneo wrote: But still, even if it passes congress, it can still get forced to be taken down from laws.

How and why?

Iron-Hampster
Iron-Hampster
  • Member since: Aug. 27, 2006
  • Offline.
Forum Stats
Member
Level 10
Blank Slate
Response to Cispa Bill Passed In The House... 2012-05-07 02:02:29 Reply

At 5/6/12 10:47 PM, Camarohusky wrote:
At 5/6/12 10:02 PM, Eltro2kneo wrote: But still, even if it passes congress, it can still get forced to be taken down from laws.
How and why?

The Judicial Branch is still there, as is the Governor General and other safe guards. All the propaganda about how great and holy Democracy is has taken its toll on these areas though. "as long as we do everything 50%+1 says then we will always be free" kind of crap.


ya hear about the guy who put his condom on backwards? He went.

BBS Signature
Camarohusky
Camarohusky
  • Member since: Jun. 22, 2004
  • Offline.
Forum Stats
Member
Level 09
Movie Buff
Response to Cispa Bill Passed In The House... 2012-05-07 10:54:03 Reply

At 5/7/12 02:02 AM, Iron-Hampster wrote: The Judicial Branch is still there

I know that. My question was why. The courts don't overturn laws just because, there has to be a reason (99% of the time that reason must be legal).

BoredLooney
BoredLooney
  • Member since: Mar. 17, 2011
  • Offline.
Forum Stats
Member
Level 09
Gamer
Response to Cispa Bill Passed In The House... 2012-06-27 00:09:07 Reply

why hasn't obama vetoed this yet?

It's been a month since its passing, and the Obama administration has suggested it would veto.

is there anything that I'm missing about the legislative process or something?


AHAHAHAHAHAHAHAHAHAHA- no.