Mozilla Calls CISPA an "Alarming" Threat to Privacy 107
Sparrowvsrevolution writes "Mozilla has taken a public stand against the controversial Cyber Intelligence Sharing and Protection Act, saying that it has a 'broad and alarming reach' that 'infringes on our privacy.' That makes it the first major tech firm to speak out against CISPA. Facebook, Microsoft, IBM, Intel, Oracle and Symantec are all included among the companies that support the bill, which passed the House late last month and is now being considered in the Senate. Google has so far declined to take a stand supporting or opposing the bill."
Legalspeak (Score:3, Interesting)
I finally got up the courage to try taking a look at the actual bill; fortunately it's not very long, and isn't too dense, but may leave a few loopholes that could be of concern. A few thoughts:
In Sec. 2(b)(1):
`(B) SELF-PROTECTED ENTITIES- Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes--
`(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such self-protected entity; and
`(ii) share such cyber threat information with any other entity, including the Federal Government.
Sounds like individuals are at least allowed to own/use security systems/software for protection and testing of their own network, so no reduction to rights in that regard.
In Sec. 2(b)(3): Cyber threat information shared in accordance with paragraph (1)--
`(A) shall only be shared in accordance with any restrictions placed on the sharing of such information by the protected entity or self-protected entity authorizing such sharing, including appropriate anonymization or minimization of such information;
Any information shared by an entity must be treated in accordance to the desires of that entity; so a lot of the privacy issues fall to the sharing entity itself for protection. Possible loop-hole here: what happens if information is not well-protected by a sharing agency? Does this give the government open reign on information if it's not explicitly forbidden them? Or worse, the final part of this section states:
In Sec. 2(b)(3): Cyber threat information shared in accordance with paragraph (1)--
`(D) shall be exempt from disclosure under a State, local, or tribal law or regulation that requires public disclosure of information by a public or quasi-public entity.
If a business chooses to share personal information about customers, there is no way for customers to find out or be aware it is happening. I'm sure there are good reasons to put an exemption like this in the bill, but the lack of explicit protection to the individual customers and citizens is glaring.
As for the limits on what can be done with the information:
Sec 2(c):
`(2) AFFIRMATIVE SEARCH RESTRICTION- The Federal Government may not affirmatively search cyber threat information shared with the Federal Government under subsection (b) for a purpose other than a purpose referred to in paragraph (1)(B).
I'm not familiar with the legal-speak here; what is meant by "affirmatively" searching?
There are some good things I found too. The remainder of Sec 2 is a good start, but it's hard to know if it is sufficient protection for individual rights and privacy or not. Overall, I'm really not sure how I feel about this bill. I don't see anything obvious that tells me its a bad idea, but I don't fully understand all of the nuances of what could happen with it. It seems any government that wants to exploit its citizens will do so, regardless of the legal code, so I'm not sure how this bill would make that kind of abuse any more likely.
Re:Maybe there is no stopping these people at all? (Score:4, Interesting)
Don't feel too bad.
They can regulate wired connections to a point. Obviously, because it takes major corporations to own and operate those physical connections .
When the Internet becomes so un-free that everyday people begin seeking an alternative, one will be found. Have people stopped smoking weed because it is illegal? No. Stopped speeding? No. Will they stop enjoying a free Internet because it becomes illegal? Hell no.
You can design an infrastructure to be anonymous and private from the very beginning, and we are starting to do this on many fronts. While there have been some fights against such infrastructures with moderate successes, it has been against a fledgling infrastructure with pitiful participation by everyday people.
Look at TBP, Kazaa, Limewire for example. People have demonstrated that they will find a way to engage in the behavior they wish to engage in. Period. You have an entire generation growing up that started with a free Internet, and a generation behind that created it. Neither will sit back and accept destruction.
Those are the kiddie pool versions. Darknets and Mesh Networking can usher in a new age where shutting down dissenting opinion and punishing people will actually require roving vans triangulating signals like in Pump Up The Volume.
The PTB has just started, but so have we. The war has not even begun yet and you are throwing in the towel. Don't be that guy man. Hack the Planet! :)
Re:What is being offered this time? (Score:5, Interesting)
Why, when so many tech companies were opposed to SOPA, are they behind CISPA? What benefit are they now being offered that they weren't before?
SOPA required tech companies to spend money and allocate resources toward something that did not benefit them. CISPA gives the tech companies unrestrained ability to profit from selling what was previously considered your private data. As a bonus, the law provides them immunity from lawsuits, so no matter what they do with the data, lawful or not, they cannot be held accountable.
Re:Google (Score:4, Interesting)
Does this count as doing evil?
Re:Google (Score:3, Interesting)
No more "Marius" momments in the press, it would all be logged under national security.
https://www.eff.org/deeplinks/2012/04/how-expansive-immunity-clauses-cispa-will-facilitate-abuse-user-privacy-0 [eff.org]
"If a company learns about a security flaw, fails to fix it, and users' information is misused or stolen, companies cannot be held liable as long as the company acted “in good faith” according to CISPA."
Until then its "Alright sir, I just need to check inside your sever."
Yes, you're a smart admin, aren't you sir?