Richard Lazzara,owner: Shankar Gallery:"Art for the Soul" http://www.shankar-gallery.com, http://www.absolutearts.com/shankargallery/, http://www.clustershot.com/richardlazzara/, http://twitter.com/shankargallery

Monday, December 03, 2012

Cybersecurity Bill FAQ: The Disturbing Privacy Dangers in CISPA and How To Stop It | Electronic Frontier Foundation 

This week, EFF—along with a host of other civil liberties groups—are protesting the dangerous new cybersecurity bill known as CISPA that will be voted on in the House on April 23. EFF has compiled an FAQ detailing the how the bill's major provisions work and how they endanger all Internet users' privacy.

UPDATE: The White House released a statement on Tuesday criticizing CISPA and said any cybersecurity bill with information sharing provisions "must include robust safeguards to preserve the privacy and civil liberties of our citizens." The White House declared they would not support a bill that would "sacrifice the privacy of our citizens in the name of security." Below are all the ways CISPA would violate that principle.

What is “CISPA”?

CISPA stands for The Cyber Intelligence Sharing and Protection Act, a cybersecurity bill written by Rep. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) (H.R. 3523). The bill purports to allow companies and the federal government to share information to prevent or defend from cyberattacks. However, the bill expressly authorizes monitoring of our private communications, and is written so broadly that it allows companies to hand over large swaths of personal information to the government with no judicial oversight—effectively creating a “cybersecurity” loophole in all existing privacy laws.  Because the bill is so hotly debated now, unofficial proposed amendments are also being circulated and the actual bill language is in flux.

Under CISPA, can a private company read my emails?

Yes.  Under CISPA, any company can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company. This phrase is being interpreted to mean monitoring your communications—including the contents of email or private messages on Facebook.

Right now, well-established laws, like the Wiretap Act and the Electronic Communications Privacy Act, prevent companies from routinely monitoring your private communications.  Communications service providers may only engage in reasonable monitoring that balances the providers' needs to protect their rights and property with their subscribers' right to privacy in their communications.  And these laws expressly allow lawsuits against companies that go too far.  CISPA destroys these protections by declaring that any provision in CISPA is effective “notwithstanding any other law” and by creating a broad immunity for companies against both civil and criminal liability.  This means companies can bypass all existing laws, as long as they claim a vague “cybersecurity” purpose.

What would allow a company to read my emails?

CISPA has such an expansive definition of "cybersecurity threat information" that many ordinary activities could qualify. CISPA is not specific, but similar definitions in two Senate bills provide clues as to what these activities could be. Basic privacy practices that EFF recommends—like using an anonymizing service like Tor or even encrypting your emails—could be considered an indicator of a “threat” under the Senate bills. As we have stated previously, the bills’ definitions “implicate far more than what security experts would reasonably consider to be cybersecurity threat indicators—things like port scans, DDoS traffic, and the like.”

A more detailed explanation about what could constitute a “cybersecurity purpose” or “cyber security threat indicator” in the various cybersecurity bills can be read here.

Under CISPA, can a company hand my communications over to the government without a warrant?

Yes. After collecting your communications, companies can then voluntarily hand them over to the government with no warrant or judicial oversight whatsoever as long is the communications have what the companies interpret to be “cyber threat information” in them. Once the government has your communications, they can read them too.

Under CISPA, what can I do if a company improperly hands over private information to the government?

Almost nothing. CISPA would affirmatively prevent users from suing a company if they hand over their private information to the government in virtually all cases. A broad immunity provision in the proposed amendments gives companies complete protection from user lawsuits unless information was given to the government:

(I) intentionally to achieve a wrongful purpose;
(II) knowingly without legal or factual justification; and
(III) in disregard of a known or obvious risk that is so great as to make it highly probably that the harm of the act or omission will outweigh the benefit.

As Techdirt concluded, “no matter how you slice it, this is an insanely onerous definition of willful misconduct that makes it essentially impossible to ever sue a company for wrongly sharing data under CISPA.” This proposed immunity provision is actually worse than the prior version of the bill, under which companies could be sued if they acted in “bad faith.”

UPDATE: The most current version has switched back to the standard giving companies immunity as long as they act in "good faith" - still a very weak standard that would leave users with no recourse in virtually all cases.

What government agencies can look at my private information?

Under CISPA, companies can hand “cyber threat information” to any government agency, which then passes that information to the Department of Homeland Security (DHS). Once it’s in DHS’s hands, the bill says that DHS can then hand the information to other intelligence agencies, including the National Security Agency, at its discretion.

Can the government use my private information for other purposes besides “cybersecurity” once they have it?

Yes. When the bill was originally drafted, information could be used for all other law enforcement purposes besides “regulatory purposes.” A new amendment narrows this slightly. Now—even though the information was passed along to the government for only cybersecurity purposes—the government can use your personal information for either cybersecurity or national security investigations. And as long as it can be used for one of those purposes, it can be used for any other purpose as well.

Can the government use my private information to go after alleged copyright infringers and whistleblower websites?

Up until last Friday the answer was yes, and now it’s changed to maybe. In response to the overwhelming protest from the Internet community that this bill would become a backdoor for SOPA 2, the bill authors have proposed an amendment that rids the bill of any reference to “intellectual property.”

The bill previously defined “cyber threat intelligence” and “cybersecurity purpose” to include “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.” Now the text reads:

(B) efforts to gain unauthorized access to a system or network, including efforts to gain such unauthorized access to steal or misappropriate private or government information

But it is important to remember that this proposed amendment is just that: proposed. The House has not voted it into the bill yet, so they still must follow through and remove it completely.

A more detailed explanation of how this provision could be used for copyright enforcement and censoring whistleblower sites like WikiLeaks can be read here.

What can I do to stop the government from misusing my private information?

CISPA does allow users to sue the government if they intentionally or willfully use their information for purposes other than what is described above.  But any such lawsuit will be difficult to bring.  For instance, the statute of limitations for such a lawsuit is two years from the date of the actual violation.  It’s not at all clear how an individual would know of such misuse if it were kept inside the government.

Moreover, suing the government where classified information or the “state secrets privilege” is involved is difficult, expensive, and time consuming. EFF has been involved for years in a lawsuit over Fourth Amendment and statutory violations stemming from the warrantless wiretapping program run by the NSA—a likely recipient of “cyber threat information.” Despite six years of litigation, the government continues to maintain that the “state secrets” privilege prevents the lawsuit from being heard.

Given that DHS is notorious for classifying everything—even including their budget and number of employees—they may attempt to prevent users from finding out exactly how this information was ever used. And if the information is in the hands of the NSA and they claim “national security,” then it would get even harder.

In addition, while CISPA does mandate an Inspector General should issue a report to Congress over the government’s use of this information, its recommendations or remedies do not have to be followed.

Why are Facebook and other companies supporting this legislation?

Facebook and other companies have endorsed this legislation because they want to be able to receive information about network security threats from the government. This is a fine goal, but unfortunately CISPA would do far more than that—it would eviscerate existing privacy laws by allowing companies to voluntarily share users’ private information with the government.

Facebook released a statement Friday saying that they are concerned about users’ privacy rights and that the provision allowing them to hand user information to the government “is unrelated to the things we liked about HR 3523 in the first place.” As we explained in our analysis of Facebook’s response: the “stated goal of Facebook—namely, for companies to receive data about cybersecurity threats from the government—does not necessitate any of the CISPA provisions that allow companies to routinely monitor private communications and share personal user data gleaned from those communications with the government.” Read more about why Facebook should withdraw support from CISPA until privacy safeguards are in place here.

What can I do to stop this bill?

It’s vital that concerned Internet users tell Congress to stop this bill. Use EFF’s action center to send an email to your Congress member urging them to oppose this bill. 

We’re also joining other civil liberties organizations in Stop Cyber Spying Week, a week of action to protest CISPA.   The goal of this week of action is simple: get Congress to back off of any cybersnooping legislation that sacrifices the civil liberties of Internet users. We’ve set up a dedicated Twitter tool to help Internet users tweet messages to their Congressional representatives opposing CISPA. 

Want to do more to help us fight back against this cyberspying legislation? Click here for more suggestions.

Comments: Post a Comment

Art for the Soul by Richard Lazzara on absolutearts.com

Print & frame my art at Imagekind...

toolbar powered by Conduit

Skype Me™!


    follow me on Twitter


     Subscribe in a reader

    Add to Google Reader or Homepage

    Subscribe in NewsGator Online

    Subscribe in Rojo

    Add to My AOL

    Subscribe in FeedLounge

    Add to netvibes

    Subscribe in Bloglines


    Add to The Free DictionaryAdd to The Free Dictionary

    Add to Plusmo

    Subscribe in NewsAlloy

    Add to Excite MIX

    Add to netomat Hub

    Add to Webwag

    Add to Attensa

    Subscribe in podnova

    Add to Pageflakes

    Subscribe to Art for the Soul

    Powered by FeedBurner

    I heart FeedBurner

    AddThis Social Bookmark Button

    AddThis Feed Button


    Add to Technorati Favorites Add to Technorati Favorites
    shankargallery's photos More of shankargallery's photos

    StumbleUpon Toolbar Stumble It!

    StumbleUpon My StumbleUpon Page

    StumbleUpon My StumbleUpon Page

    3D Live Statistics

    Art & Artist Blogs - Blog Catalog Blog Directory

    Lijit Search

    Richard Lazzara Portfolio



    This Page is powered by Blogger. Isn't Yours?

    See shankargallery on photoblog.com

    richardlazzara is on shutterchance.com

    shankargallery is on fotolog.com

    Artmajeur International Online Art Gallery

    Artmajeur International Online Art Gallery

    Listed on BlogShares

    Art SALE by Richard Lazzara on absolutearts.com

    View My Profile

    Subscribe to Art for the Soul on your cell phone

    View Richard Lazzara's profile on LinkedInView Richard Lazzara's LinkedIn profileView Richard Lazzara's profile

    Art & Design Online


    Richard Lazzara on Faves

    Created with Paul's flickrSLiDR.

    Check out LiveJournal.com! It's Free!
    Check out LiveJournal.com! It's Free!

    Check out LiveJournal.com! It's Free!

    About The Artist by Richard Lazzara on shankar-gallery.com

    Richard Lazzara
    Art for the Soul
    Shankar Gallery
    Boulder, Colorado, 80304
    Work: 303-447-9606
    Visit MyBlogLog To See All My Blog Log Pages !

    Lingams by Richard Lazzara on shankar-gallery.com.com

    Yatra by Richard Lazzara on shankar-gallery.com

    Nada Series by Richard Lazzara on shankar-gallery.com

    Maha Samadhi by Richard Lazzara on shankar-gallery.com

    Contact Us by Richard Lazzara on shankar-gallery.com

    Black Kala by Richard Lazzara on shankar-gallery.com

    Advaita Miniatures by Richard Lazzara on shankar-gallery.com

    Sumi-e Doors by Richard Lazzara on shankar-gallery.com

    Yog Mountain Rivers To Sea by Richard Lazzara on shankar-gallery.com

    Yantra by Richard Lazzara on shankar-gallery.com

    Mandala by Richard Lazzara on shankar-gallery.com

    www.shankar-gallery.com/contact.html www.shankar-gallery.com richardlazzara.slide.com/ www.absolutearts.com/portfolios/s/shankargallery/ art.la-passerelle.net/art_pages/richard_lazzara/links.htm www.artmajeur.com/shankargallery/ www.flickrticker.com/?username=shankargallery/ www.photoblog.com/shankargallery>See My Photos on Photoblog.com www.fotolog.com/shankargallery> READ ABOUT Richard Lazzara on www.whohub.com/richardlazzara/ BEHANCE My Profile in BEHANCE on www.behance.net/shankargallery WOOLOO me at WOOLOO on www.wooloo.org/shankargallery Ovations Please see my OVATION.TV site community.ovationtv.com/shankargallery It's an artfaceoff with Richard Lazzara on richardlazzara.artfaceoff.com Hear My HUMBLE VOICE Of Art on www.humblevoice.com/richardlazzara take the DEVIANTART path SEE MY ART at shankargallery.deviantart.com Just give me your CreativeShake on www.creativeshake.com/richardlazzara/ BUY MY ART GIVE ME YOUR OFFER ON en.artoffer.com/richardlazzara/ You are on MY ART PLOT vi$it www.myartplot.com/users/richardlazzara/plot.mhtml RICHARD THE ARTIST is the Best out of Many on saatchi-gallery is RICHARD LAZZARA www.saatchi-gallery.co.uk/yourgallery/artist_profile/a/503.html IT IS MY ART SPACE on www.myartspace.com/artistInfo.do?populatinglist=home&subscriberid=vw0mb5gc49qebni1 Richard Lazzara is VISIONARY on www.visionarygallery.com/artists/shankargallery/index.php/ Italian Artist Richard Lazzara is on www.babelearte.it/tipoartista.asp?arid=357&lid=ita/ Richard Lazzara is on www.mirolcentre.com/mirol/art/exhibition_richard_lazzara.htm/ Richard Lazzara is on www.hometownartgallery.com/Gallery/ArtistView.aspx?Artist=d098ac41-14e7-4e75-b0bd-94f97ce6881e&Gallery=3d2e0cdc-66d3-4d9d-8ece-8a962c1e48cc Follow Me on shankargallery.artlog.com/ see my PICURETRAIL on www.picturetrail.com/photos/shankargallery/

    Favorite Links by Richard Lazzara on shankar-gallery.com

    AddThis Social Bookmark Button

    Buy art

    Art for the Soul by Richard Lazzara on absolutearts.com


    toolbar powered by Conduit
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

    This page is powered by Blogger. Isn't yours?