OFF THE WIRE
CISA is the latest creation of Dianne Feinstein to destroy your
Constitutional rights. It grants the government authorization to ask
companies to ‘voluntarily’ give them your personal information with no
legal process whatsoever while it protects the companies for complying.
Every year a host of cybersecurity bills are introduced in Congress. This year, the Cyber Intelligence Sharing and Protection Act (CISPA) was introduced in
the US House, and is moving through Congress. CISPA would add a
dangerously vague “cybersecurity” exemption to all existing federal and
state privacy laws. Click here to read our FAQ on CISPA 2.0
CISPA purports to allow companies and the
federal government to “share” threat information for a “cybersecurity”
purpose—to protect and defend against attacks against computer systems
and networks. But the bill is written broadly enough to permit your
communications service providers to identify, obtain, and share your
emails and text messages with the government. While business leaders have conceded that
they do not need to share personally identifying information to combat
computer threats, the bill provides an exception to existing law
designed to protect your personal information.
The newly granted powers are intended to
thwart computer security threats against a company’s rights and
property. But the definitions are broad and vague. The terms allow
purposes such as guarding against “improper” information modification
and ensuring “timely” access to information, functions that are not
necessarily tied to attacks. Once handed over, the government is able to
use this information for investigating crimes that are unrelated to the
underlying security threat and, more broadly, for “national security”
purposes, which is a poorly defined term that includes “threats to the
United States, its people, property, or interests” and “any other matter
bearing on United States national or homeland security.”
The bill’s vague definitions like
“cybersecurity purpose” and “cybersecurity system” also raise the
frightening possibility of a company using aggressive countermeasures.
If a company wants to combat a threat, it is empowered to use
“cybersecurity systems” to identify and obtain “cyber threat
information.” But the bill does not define exactly how far a company can
go, leaving it open to the possibility of abuse.
Companies would also be immune from both
civil and criminal liability for any action, including but not limited
to violating a user’s privacy, as long as the company used the powers
granted by CISPA in “good faith.” The immunity even extends to
“decisions made based on” any information “directly pertaining” to a security threat. The consequences of such a clause are far-reaching.
http://downtrend.com/robertgehl/like-a-sieve-new-bill-would-funnel-all-your-personal-information-to-feds/
