CISPA: (Cyber Security Snoops) Say Hello To Big Brother

According to Techland Time: CISPA, a bill that would essentially nullify current privacy laws and set companies up to share data about users with the government without the need for court orders. CISPA would amend the National Security Act of 1947 — responsible for merging the Department of Navy and War, splitting the Air Force from the Army and creating both the Central Intelligence Agency (CIA) and National Security Council (NSC) — by adding provisions that would apply to cybercrime. It aims “[to] provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities,” as well as “other purposes.”

What qualifies as a “cyber threat” according to the latest draft of the bill?

…information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from (A) efforts to degrade, disrupt, or destroy such system or network; or (B) efforts to gain unauthorized access to a system or network, including efforts to gain such unauthorized access to steal or misappropriate private or government information.

Congress has attempted to sneak legislation that could change the face of the Internet as we know it, and all in the name of national security. First there was SOPA, the Stop Online Piracy Act, but now CISPA (Cyber Intelligence Sharing Protection Act) is threatening the privacy and freedom of US citizens. No online activity will be safe when it comes to these bills because as of now what’s considered a cyber security threat is a large grey area, but David Seaman, journalist and host of The DL Show, joins us to take a closer look at CISPA.

Vodpod videos no longer available.

CISPA: (Cyber Security Snoops) Say Hello To Big…, posted with vodpod

TEXT OF BILL: HR3523

Official Summary
11/30/2011–Introduced.Cyber Intelligence Sharing and Protection Act of 2011 – Amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing. Defines “cyber threat intelligence” as information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from:
(1) efforts to degrade, disrupt, or destroy such system or network; or
(2) theft or misappropriation of private or government information, intellectual property, or personally identifiable information. Requires the Director of National Intelligence to:
(1) establish procedures to allow intelligence community elements to share cyber threat intelligence with private-sector entities, and
(2) encourage the sharing of such intelligence. Requires the procedures established to ensure that such intelligence is only:
(1) shared with certified entities or a person with an appropriate security clearance,
(2) shared consistent with the need to protect U.S. national security, and
(3) used in a manner that protects such intelligence from unauthorized disclosure. Provides for guidelines for the granting of security clearance approvals to certified entities or officers or employees of such entities. Authorizes a cybersecurity provider (a non-governmental entity that provides goods or services intended to be used for cybersecurity purposes), with the express consent of a protected entity (an entity that contracts with a cybersecurity provider) to:
(1) use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property of the protected entity; and
(2) share cyber threat information with any other entity designated by the protected entity, including the federal government. Regulates the use and protection of shared information, including prohibiting the use of such information to gain a competitive advantage and, if shared with the federal government, exempts such information from public disclosure. Prohibits a civil or criminal cause of action against a protected entity, a self-protected entity (an entity that provides goods or services for cybersecurity purposes to itself), or a cybersecurity provider acting in good faith under the above circumstances. Directs the Privacy and Civil Liberties Oversight Board to submit annually to Congress a review of the sharing and use of such information by the federal government, as well as recommendations for improvements and modifications to address privacy and civil liberties concerns. Preempts any state statute that restricts or otherwise regulates an activity authorized by the Act.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: