•  About

    Our team of Virginia business lawyers discuss legal issues in corporate finance and growth, business operations, business ownership, mergers and acquisitions, venture capital and business leadership.

  •  Authors

  •  Tweets

 

CISPA – Evil Spawn of SOPA and PIPA?

By: Thomas L. Bowden, Sr. This was posted Thursday, May 3rd, 2012

Rate how helpful this article is:
Not HelpfulSomewhat HelpfulPretty HelpfulVery HelpfulExtremely Helpful

(No Ratings Yet)
Loading ... Loading ...

The House of Representatives has passed The Cyber Information and Security Protection Act, sponsored by Rep. Mike Rogers (R-MI) and introduced not long after SOPA and PIPA were abandoned in the wake of a popular uprising of opposition. Its fate in the Senate is uncertain, but it’s clear the federal government is determined to find a way to further reduce any semblance of privacy and protection of your electronic information… for your own good, of course.

I am all for fighting off cyber-attacks and terrorism, but when Ron Paul, Barack Obama and the ACLU are all aligned against a bill, we have to ask ourselves whether we are moving in the right direction.

This all may be much ado about nothing if, as promised, President Obama vetoes CISPA (assuming it gets through the Senate), but if the bill should find itself on the President’s desk, and he should change his mind for any reason, (it is an election year after all – wouldn’t want to look soft on cyber-threats) it will be too late to kill it at that point.

So let’s look at what the bill does, and try to determine whether we should be concerned.

CISPA is drafted to allow the government to share information about “cyber threats” with commercial companies. So far so good – but do we need an act for that? Wouldn’t you expect your government to warn you if you were about to be attacked? You don’t have to be a Pearl Harbor or 9/11 conspiracy theorist to wonder why this would require special legislation. One possible reason is that some of the information that might be shared, might have been obtained through technical means that the government would otherwise rather not be made public – or even hinted at. In other words, they would tell you but … you know how it goes.

The flip side is that companies who have confidential information that might suggest the possibility of a cyber threat would now be allowed and “encouraged” to share that information with the government. Again, at first glance, you again might ask – what’s the big deal – shouldn’t Bank of America tell the FBI if, for example, they detect a sophisticated threat? Certainly they should – but they should do so without violating laws already on the books to protect the privacy of your information. CISPA, however, would grant corporations legal immunity for sharing information if it fits within the definition of a cyber threat scenario as defined by CISPA.

OK – now we get it. Under CISPA, Corporations and Government, in the name of protecting us all from cyber attack, could, with immunity, violate our privacy wholesale by sharing all kinds of data that we have come to think of as legally protected. Do you really think, for example, that a major corporation will take the time to carefully anonymize terabytes of information if, instead, it can just claim immunity under CISPA and turn it over to the government in bulk? I can hear the senate hearings now:

Committee Chairman: “Mrs. Smith, when your bank released all of its private customer transactional data to the government in response to the threat of a foreign government sponsored hacking campaign, what precautions did you take to preserve the privacy of your account holders?”

Witness Smith: “Well Senator, under the circumstances, which seemed pretty serious, we thought the better approach was to simply turn it all over and cooperate as much as possible.”

Chair: “Weren’t you concerned that your customers or even perhaps another government entity might sue or prosecute you for such a wholesale violation of privacy laws?”

Smith: “Uhhh – actually, no, not really, because, er, um, I mean, well, our attorneys advised us that we had immunity under CISPA, so we thought it best to just release the information.”

Chair: “But of course, the threat turned out to be non-existent, isn’t that correct?”

Smith: “Yes Senator, but at the time it seemed quite real.”

Chair: “And has the government then deleted all of that information, since it no longer seems relevant to national security or any threat to our commercial systems?”

Smith: “Well, Senator, I would have no way of knowing that.”

Chair: “Thank you, Mrs. Smith.”

That’s what worries me. Does it worry you, too?

Tags: , , , , , , , , , , ,


Comments:

  • Is CISPA A Government Trojan Horse?

    U.S. Government Can Use CISPA To Control and Forfeit Corporations & Businesses.
    CISPA: The Cyber Information Sharing and Protection Act if passed by Congress would allow U.S. Spy and other government agencies to share confidential Internet and other information with Government Certified Self Protected Cyber Entities, Certified Cyber Entity Employees and Elements in both government and private sectors to help protect them—against Cyber threats.

    However—CISPA would also allow Government agencies, police and government quasi/contractors (WITHOUT WARRANTS) OR LIABILITY to take out of context—any innocent hastily written email, fax or other Internet activity to allege a crime or violation was committed to cause a person’s arrest, assess fines or civilly forfeit a business or person’s property. U.S. There are more than 350 laws and violations that can subject property to government asset forfeiture. Government civil asset forfeiture requires only a civil preponderance of evidence for police to forfeit property, little more than hearsay. No one need be charged with a crime. Corrupt Police can even create the hearsay. Government can use CISPA to (certify any Self Protected Cyber Entity or their employee—to spy on their employers and clients: (CIVIL Asset Forfeiture Incentive). U.S. Government is not prohibited from paying any Government Certified Cyber Self Protected Entity or Employee; or Element part of government forfeited assets or other compensation that result from the aforementioned providing U.S. Government a corporation’s or clients’ private/confidential information—that (now) require a warrant or court order. Federal. Government currently contracts on a fee/commission-sharing basis with Self Protected Cyber Entities, Elements and Contractors that have security clearances to participate in facilitating arrests and Government asset forfeitures. It is expected U.S. Government, police and private contractors’—Civil Asset Forfeiture of Americans’ property will greatly escalate if CISPA is passed allowing Government certified private cyber entities and their employees—No Warrant Searches of persons’ and Businesses’ confidential Internet Information—that can be handed over to the government e.g. private emails, faxes, phone and transmitted files for investigation, prosecution and asset forfeiture—circumventing the Fourth Amendment.

    Since CISPA, two additional cyber-security bills have been created in the Senate called, “The Cyber Security Act of 2012” and “SECURE IT Act”. Both bills appear unconstitutional; appear designed to circumvent the Fourth Amendment and public Freedom of Information Requests. The Cyber Security Act of 2012 formally known as S. 2105 was created by Senate Democrats, Joe Lieberman and Susan Collins. Similar to CISPA, the Cyber security Act of 2012 would abolish legal walls that stop Federal government and private companies sharing information.

    The SECURE IT ACT: S. 2151 was introduced by Senate Republicans on March 1st 2012: would (require) federal contractors to alert government about any cyber threats, forcing such communications between government regulators and corporations. The SECURE IT Act authorizes sharing of persons’ private Internet information (without a warrant) going beyond what is necessary to report a believed cyber threat. SECURE It Act fails to create a regulatory system at the Federal level to oversee cyber-security threats opening the door for persons’ and businesses’ confidential information to be misused and misappropriated by government agencies and private sector government certified cyber entities.

    Under CISPA: Government should be prohibited from using so-call (Certified Self Protected Cyber Entities, their Employees) and Elements to circumvent the Fourth Amendment; escape Public Freedom of Information Requests. CORRUPTED: Government Certified Self Protected Cyber Entities and Employees, U.S. Government Agencies, Contractors and Police too easily may use someone’s confidential Internet Information, e.g. transmitted files and private emails collected (without warrants) to extort Americans, corporations, politicians; for compensation, target a businesses’ competitor; or sell private information gleaned from warrant-less Internet Surveillance.

    If CISPA is passed allowing NO Warrant private self protected cyber entity spying, some Internet writers and political activists might be dead-meat under NDAA. Americans” who write on the Internet or verbally express an opinion against any entity of U.S. Government or its coalition partners—may under The Defense Authorization Act of 2012—be deemed by U.S. Government (someone likely to engage in, support or provoke violent acts or threaten National Security)— or (Belligerent) to order an American writer or activist’s indefinite prison detention.

    Posted by: Rwolf | May 30th, 2012 at 1:45 am
     

Leave a Reply