Taken from Huffington Post article by: Theresa Payton, Fortalice LLC.
--Does CISPA win the security battle but lose the privacy
war?
There is a fight going on between security and privacy and it is
your personal data and communications at stake.
Many of you might remember hearing about SOPA, PIPA, and ACTA. You might vaguely remember that on January
18th of this year that websites, such as Google and Wikipedia, looked strange
as the web protested these pieces of legislation. When I talk with companies and individuals
they are not sure why SOPA, PIPA, and ACTA are considered “good or bad” and
most are not sure what CISPA is all about.
Only a handful knew that it hit the news this week that it is going to
be voted on.
A quick overview is essential to understanding why you need to
make sure your voice is heard.
Regardless of whether or not you love the idea or do not like the idea
at all, you need to weigh in. It is an
important part of the process to make sure we get the best chance and striking
a balance between security and privacy.
SOPA stands for The Stop Online Piracy Act (SOPA)and is a US bill
that was introduced by U.S. Representative Lamar S. Smith (R-TX) to help fight
against counterfeit goods and stealing intellectual property. PIPA is an acronym of an acronoym. Consider it the nickname for the PROTECT IP
Act. The PROTECT IP stands
for Preventing Real Online Threats to Economic Creativity and Theft of
Intellectual Property Act. This was
another law designed to help copyright holders to fight back against
counterfeiting. It was introduced by Senator Patrick Leahy
D-VT. The support for these bills was
mixed. Companies such as Google,
Wikipedia, and over 7000 other web sites either changed their site or went
offline all day on January 18th to protest SOPA and PIPA. They felt the
enforcement of SOPA and PIPA would be too ominous for the internet
community. Both pieces of legislation
went on “hold” after the January 18th web protests.
ACTA is an international agreement. It stands for
the Anti-Counterfeiting Trade Agreement and it's goal was to establishing
international standards for copyrights and intellectual property rights. ACTA was signed late 2011 by the U.S. and 7
other countries and the European Union signed it in January. ACTA has not
been fully approved or ratified. The general public across the globe is
unhappy because they feel that ACTA was negotiated in secret and most of the
bill or how it will be enforced is not fully known. Just in the last few
months, over 200 cities across Europe protested ACTA.
On the surface, the bills make sense. Doesn't everyone want to protect against
counterfeit goods and fight cybercrime?
The answer is yes, everyone wants the ability to fight crime better.
However, what a lot of companies did not like about the laws was they
were holding the website accountable when users posted content that they should
not meaning they would take the website offline if users violated copyright
laws. This would make it very challenging for companies like Hulu or YouTube
to manage their content which is user-provided.
Now enters CISPA, which stands for the Cybersecurity Intelligence
Sharing and Protection Act and was introduced November 2011 in the House. The bill’s co sponsors are Rep. Mike Rodgers
(R-Mich.) and Rep. Dutch Ruppersberger (D-Md.). According to Mike Rodgers’ website, “H.R.
3523, the Cyber Intelligence Sharing and Protection Act, safeguards U.S. jobs
by making it easier to identify and combat cyber threats, which steal over $200
billion in American intellectual property every year.” The core goal of CISPA is to encourage
better and more frequent information sharing.
As most of those in law enforcement and the security industry will tell
you, the key to fighting cybercrime is to share the details. Think of your neighborhood watch
program. By learning about other crimes
in the neighborhood, how the criminals got away with their misdeeds, and other
important details about the cases helps you be more aware and gives you advice
on how to better protect your personal residence. CISPA creates that same element of a
neighborhood watch program. Information
sharing about cybercrimes by the victimized businesses in today’s environment
has been an ongoing challenge. Many
businesses are reluctant to be public about being a victim. Some businesses believe it could spook their
customers and cost them future business.
Others think that by showing public weakness that it makes them a target
for other attackers. CISPA hopes to
allay these concerns by providing businesses a level of anonymity in
reporting. It also has the backing of industry
giants such as Microsoft, AT&T, Time Warner Cable and Facebook. The Guardian reported last week that 112
members of Congress are supporting the bill.
The bill begins with, “To provide for the sharing of certain
cyber threat intelligence and cyber threat information between the intelligence
community and cybersecurity entities, and for other purposes.” So far so good, so where is the battle with
privacy? Privacy advocates and security
experts want better information sharing.
The bill goes on to say, “IN GENERAL.—The Director of National
Intelligence shall establish procedures to allow elements of the intelligence
community to share cyber threat intelligence with private-sector entities and
to encourage the sharing of such intelligence.” Read further and the language
gets a little vague creating discomfort about how privacy will be
protected.
“CYBER THREAT INTELLIGENCE.—The term ‘cyber threat intelligence’ means information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from—‘‘(A) efforts to degrade, disrupt, or destroy such system or network; or ‘‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.” Privacy advocates are concerned with the vagueness found in this part and other subsequent parts of the bill. It appears that in order to track down the “bad guys” all traffic might be monitored. That means the innocent would be monitored in order to track down the path of the alleged and the guilty. As organizations and individuals speak up about the monitoring and tracking, Rogers and Ruppersberger have made adjustments to the bill. It’s not too late to have your voice heard. Read the bill for yourself, it is brief compared to other bills. Then decide your point of view. We would love to hear all opinions on this bill. You can find the bill at the House of Representatives page under: http://intelligence.house.gov/hr-3523-bill-and-amendments
“CYBER THREAT INTELLIGENCE.—The term ‘cyber threat intelligence’ means information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from—‘‘(A) efforts to degrade, disrupt, or destroy such system or network; or ‘‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.” Privacy advocates are concerned with the vagueness found in this part and other subsequent parts of the bill. It appears that in order to track down the “bad guys” all traffic might be monitored. That means the innocent would be monitored in order to track down the path of the alleged and the guilty. As organizations and individuals speak up about the monitoring and tracking, Rogers and Ruppersberger have made adjustments to the bill. It’s not too late to have your voice heard. Read the bill for yourself, it is brief compared to other bills. Then decide your point of view. We would love to hear all opinions on this bill. You can find the bill at the House of Representatives page under: http://intelligence.house.gov/hr-3523-bill-and-amendments
Theresa is also
the co-author of the new book “Protecting Your Internet Identity: Are You Naked
Online?” available in bookstores, libraries, and online at Amazon, Barnes and
Noble, Books A Million and Google Play.
No comments:
Post a Comment