Interesting take on the CISPA law now that just passed in the U.S. House and is now over in the Senate: CISPA row: Slurped citizen data is ENORMO HACK TARGET.
CISPA is the Cyber Intelligence Sharing and Protection Act. From the lead of the above-cited article:
The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva.
The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US.
But the head of the security firm said the legislation could create several problems, not least of which was the equivalent of sticking a giant ‘Hack Me’ sign on the government’s info stores.
Basically what is being proposed here is that the Government is too stupid, or too lazy, to be trusted with such a mass of information. We are, of course, talking about the same Government that couldn’t prevent it’s own Secretary of Defense’s work e-mail from being hacked by the Chinese. So the threat is not merely theoretical.
Is the whole notion of private business sharing this kind of information with the Government a good idea? Maybe, but as usual “the devil is in the details”. The problem with any legislation that tries to encourage information sharing between private business and the Government in this country is that protecting citizen privacy is usually an afterthought. Where Europeans have the benefit of multiple layers of laws protecting the privacy of information about citizens, the United States has a few very narrowly defined statutes such as HIPPA (covering medical information), FCRA (credit) and ECPA (electronic communications). We Americans have just not thought this stuff though very thoroughly, and in those few places that we have, we’ve done it badly.
We are, as I note above, even worse at keeping private data safe once we’ve gathered it — even where there’s clear agreement that a particular bit of information should be kept under lock and key.
Right now odds are that the Senate majority will either not schedule a vote on the bill as referred from the House or will defeat it. In the event it should pass the Senate, the President has already issued an unusually blunt statement that he would veto it.
Of course in Washington, anything can happen. And no one can be trusted.
This is the offical list of CISPA supporters published on the U.S. House of Representatives web site. Note that although some of those listed below may have belatedly softened their support, there comes a time when “too little too late” needs to apply even to business overlords and defiers of gravity.
06-27-12 – Michigan Department of Military & Veterans Affairs, Lansing Supporting CISPA
04-25-12 – American Fuel & Petrochemical Manufacturers Letter to Boehner & Pelosi Supporting CISPA
04-25-12 – American Petroleum Institute Supports CISPA
04-25-12 – 11 Financial Trade Associations Support CISPA
04-24-12 – SIMFA Letter of Support for CISPA
04-23-12 – ASIS Letter Supporting HR 3523
04-23-12 – 9 Utilities Groups Support CISPA
04-20-12 – TechNet Sends Letter of Support for CISPA to Rogers and Ruppersberger
04-18-12 – Multiple Tech Association Letter to Boehner & Pelosi in support of CISPA
04-17-12 – Bay Area Council Supports CISPA
04-17-12 – TechAmerica Supports CISPA
Multi-industry Letter to Speaker Boehner & Minority Leader Pelosi on CISPA
CTIA – The Wireless Association
Cyber, Space and Intelligence Association
The Financial Services Roundtable
Independent Telephone & Telecommunications Alliance
Information Technology Industry Council
Internet Security Alliance
National Cable & Telecommunications Association
US Chamber of Commerce
US Telecom – The Broadband Association
Here’s who voted “yea” and “nay” on it in the House on 18 April 2013: