I’ve written before on this topic (https://forums.wincustomize.com/423486/page/1/#3140935). This is more of an update. The House of Representatives passed the bill last week, and it’s moving on to the Senate.
“CISPA would allow for voluntary information sharing between private companies and the government in the event of a cyber attack. If the government detects a cyber attack that might take down Facebook or Google, for example, they could notify those companies. At the same time, Facebook or Google could inform the feds if they notice unusual activity on their networks that might suggest a cyber attack.” - http://www.pcmag.com/article2/0,2817,2417993,00.asp
OK… ostensibly that’s a good thing. Cyber attacks are not good things right? Right. However, the EFF has argued that “CISPA would override the relevant provisions in all other laws—including privacy laws.” (https://www.eff.org/cybersecurity-bill-faq#company).
“Right now, well-established laws like the Cable Communications Policy Act, the Wiretap Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act provide judicial oversight and other privacy protections that prevent companies from unnecessarily sharing your private information, including the content of your emails.
And these laws expressly allow lawsuits against companies that go too far in divulging your private information. CISPA threatens these protections by declaring that key provisions in CISPA are effective “notwithstanding any other law,” a phrase that essentially means CISPA would override the relevant provisions in all other laws—including privacy laws. CISPA also creates a broad immunity for companies against both civil and criminal liability. CISPA provides more legal cover for companies to share large swaths of potentially personal and private information with the government…CISPA allows a company to obtain and share "cyber threat information" if it has both a "cybersecurity purpose" and believes it is protecting its rights and property.
A "cybersecurity purpose" only means that a company has to think that a user is trying to harm its network. What does that mean, exactly? The definition is broad and vague. The definition allows purposes such as guarding against “improper” information modification, ensuring “timely” access to information or “preserving authorized restrictions on access…protecting…proprietary information” (i.e. DRM).”
Worse, under CISP there is essentially nothing you can do even if you are harmed. This is a fundamental violation of our right “to seek redress” since such a suit would be neutralized by “a belief cybers security was violated.” It doesn’t even have to be proven. This is nonsense. Also, companies don’t need to share personally identifying information to have such material removed and neutralized. Indeed, if companies need to share an email, such as a phishing email message, existing exceptions allow the recipient to divulge the information; there is no need for the blanket authority in CISPA.
More, your info once in the hands of DHS can be distributed to any agency it wants, and
“Even though the information was passed along to the government for only “cybersecurity purposes”—the government can use your personal information for cybersecurity, investigating any cybersecurity crime or criminal exploitation of minor, protecting individuals from death or serious physical injury, or protecting the national security of the United States. Under the National Security Act, which CISPA amends, national security interests can include:
(i) threats to the United States, its people, property, or interests;
(ii) the development, proliferation, or use of weapons of mass destruction; or
(iii) any other matter bearing on United States national or homeland security.”
Who’s supporting it? The list is here: https://intelligence.house.gov/hr-624-letters-support
Google, face book and others who supported prior versions haven’t expressed support for the current version.
You can read more about CISPA here: https://www.eff.org/cybersecurity-bill-faq#company
There are some useful links in the article.