At 4/28/12 09:28 PM, Camarohusky wrote:
The nature of warfare, especially the clandestine and unorganized (i.e. done by civilians instead of standing armies) is highly unpredictable and extremely maleable. Who really predicted that commercial 767s would make effective missiles until 9/11? Who knew how much a subway system was a death trap for gas until the Seran gas attack on Tokyo?
Then I guess that's where you and I differ. I hate nitpicking (I really can't help myself, sorry), but 2 747s and 2 757s, no 767s, were used on 9/11. But your point still stands. However, I just don't see how "granting leeway" (granting leeway on what, exactly? A bill's constitutionality in contrast to the threat it promises to quell? I'm not trying to put words in your mouth, I honestly don't know.) eliminates these "super threats" (in terms of scale and potential/actual damage/causalities). They're often so deadly because the "enemy" (whoever it may be at the time) is one step ahead of the game in terms of manipulating security loopholes, logistics, intelligence, etc. Prior to 9/11 there was absolutely no precedent in dealing with such a crisis. The precedent was made after the decisions were made by Bush and his inner circle on how to deal with them. I don't think Cheney was too concerned with whether or not the commands he was giving was legal or not, considering the circumstances (not saying he ordered anything illegal).
Section (c)(1) in the document I have only lists the cybersecurity and national security reasons. Either the child abuse section was edited out, or the version I have is old. I would liek to see the exact language here, cause a few seemingly minimal words can make a huge difference. This all depends on the meaning and the scope of the word "protection". If "protection" is limited to physical harm or serious abuse then I see little to worry about. Only so much information can be relevant with regard to national security, sybersecurity, and physical harm. Now, if "protection" were broader to include emotional or moral protection, then there would be some serious cause for concern.
(1) LIMITATION.-The Federal Government may use cyber threat information shared with the Federal Government in accordance with subsection (b) -
(A) for cybersecurity purposes;
(B) for the investigation and prosecution of cybersecurity crimes;
(C) for the protection of individuals from the danger of death or serious bodily harm and the investigation and prosecution of crimes involving such danger of death or serious bodily harm;
(D) for the protection of minors from child pornography, any risk of sexual exploitation, and serious threats to the physcal safety of such minor, includiong kidnapping and trafficking and the investigation and prosecution of crimes involving child pornography, any risk of sexual exploitation, and serious threats to the physical safety of minors, including kidnapping and trafficking, and any crime referred to in 2258(a)(2) of title 18, United States Code; or
(E) to protct the national security of the United Sates.
In CISPA or SOPA/PIPA?
I'm referring specifically to CISPA.
First off, the only parties subject to the "not-withstandings" are cybersecurity providers and self-protected entities, both of which are not government.
Correct, I type fast and I didn't proofread that post. That's what I meant to say, I stand corrected.
Second it only allows for the sharing of information gained by "cybersecurity systems". These are defined as protective systems meant to halt attacks on systems or networks, and protective systems meant to halt the theft of information. They do not include offensive information gathering, such as wiretaps. These systems are more akin to firewalls, virus protectors, and other like defensive systems.
Here is the language of the bill that, at least it seems to me, does not prevent offensive information gathering:
(1) IN GENERAL.âEU"
(A) CYBERSECURITY PROVIDERS.âEU"Not-withstanding any other provision of law, a cybersecurity provider, with the express consent of a protected entity for which such cybersecurity provider is providing goods or services for cybersecurity purposes, may, for cybersecurity purposesâEU"
(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such protected entity; and
(ii) share such cyber threat information with any other entity designated by such protected entity, including, if specifically designated, the Federal Government.
(B) SELF-PROTECTED ENTITIES.
Not-withstanding any other provision of law, a selfprotected entity may, for cybersecurity purposesâEU"
(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such self-protected entity; and
(ii) share such cyber threat information with any other entity, including the Federal Government.
Overriding those laws on a very very small area.
I don't think it's a very small area, and even if it was, it wouldn't make me feel better.
The private entities must still comply with all facets of this law for the protection to apply. If they send the wrong information, send information without the proper consent, send information without taking appropriate privacy steps, use any recieved information for purposes other than cyber security, or do any of this in bad faith, they will be subject to the other laws.
I'm really really confused. After reading the passages I pasted and reading countless articles from numerous websites, I'm seeing the exact opposite thing. What exactly am I missing? I appologize if I seem thick, I'm trying to understand.
First off, I was only speaking of why the major players who opposed SOPA/PIPA are now supporting CISPA. The anti-SOPA/PIPA crowd rallied around these major players as if these players were taking a stand for privacy, First Amendment, or any other altruistic reasons. That's just not the case.
Sorry for misreading what you said. Also I absolutely agree with you, they were only protesting because they knew how badly the bill would negatively affect them.
While SOPA/PIPA presented a threat to their income, CISPA presents an opportunity for them to better protect against cyber threats that could hurt their bottom line or in the worst case destroy them.
I think differently. They punch under their weight, politically, for a variety of reasons, including that disdain of politics and political engagement is common among silicon valley folks. I've seen super-anti-sopa friends express open disgust at Google/Apple/Facebook spending any amount of money on lobbying. I can understand why: it's seen as anti-competitive, which is the kind of horseshit only old, weak companies try to pull. But I think it may be the best way for famous, capital-rich companies to protect their ability to innovate, and I'm almost certain it beats inaction.
Both of these were fairly unsophisticated viruses that shut down vital servers. Imagine what a sophisticated and targeted attack could do.
As I said earlier, why even bother with a sophisticated and targeted attack? Look at stuxnet: an expensive, technically and geopolitically complicated ordeal that didn't accomplish much in the grand scheme of things, unless the main objective of the operation was to instill fear of cyberattacks instead of actually causing massive damage (possibly both!). Power plant security is important, mandating people to inspect them independantly to look for shoddy construction, procedures and repairs or untrained, incompetent or understaffed personnel is very important. If a crude worm can cause such destruction on a large scale, why bother with hollywood-level hacking? Honestly, you can do just as much damage if not more just by jumping over a fence and taking out 750kw generators on a large scale.