CISPA - (Cyber Intelligence and Sharing Protection Act)
So I’ve been reading up on CISPA and here’s what I’ve found:
This has been claimed by some as the new SOPA, but after reading through the bill several times (why in the world do they put definitions at the end of a bill?) it has become clear that CISPA is a good bill indeed. It focuses mainly on cyber attacks intended to “degrade, disrupt, or destroy” systems or networks of the government and private businesses and sharing this information so that the government and businesses can better protect themselves. Vague wording on what is considered a cyber threat and a cyber attack may pose problems. However, even if websites like The Pirate Bay or file sharing programs were deemed a cyber threat neither the government nor businesses have the right to force shutdown. All they could really do is share information so as to better protect themselves from these websites. I need to read up more on the National Security Act of 1947 before I can really say the true implications of such a bill.
Questions I have that might be answered by reading the NSA of 1947:
According to the the bill a certified entity is someone/a business that:
possesses or is eligible to obtain a security clearance, as determined by the Director of National Intelligence; and
is able to demonstrate to the Director of National Intelligence that such provider or such entity can appropriately protect classified cyber threat intelligence.
Here is where things get a little tricky in my interpretation. In my understanding of this small businesses or growing businesses would probably just be thrown by the wayside, even if you have very important information to protect (I can think of a few businesses off the top of my head). How big does a business have to be in order to be included in this bill? (Is this only going to benefit the richest businesses while small businesses get the short end of the stick?)
Now, as for cyber threats themselves, cyber threat intelligence is any information regarding:
a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from-
(A) efforts to degrade, disrupt, or destroy such system or network; or
(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
The question I have in regards to this is: if someone is getting copyrighted information from a blog or a website, this includes all of the amazing gifs on Tumblr, then would that website become a target? How does one determine what a cyber threat really is, because they don’t define a cyber threat. Can the entity then become the target of an investigation? These are not lined out. The repercussions of finding something as a cyber threat are not fully outlined.
Many questions that I have.
Now, it should be noted that my concerns are just pure thought experiment, and overall I support CISPA. I think that businesses really do have to protect their information, however if deviant art, fan fiction, or other similar websites become the focus of investigation because they pose a “cyber threat” to businesses and their proprietary information then we really do have a huge problem on our hands. This bill needs to be interpreted as enabling companies and the government to better protect itself and its proprietary information, not to target and bring in people who are using creative license.
Here’s a link to the bill so you can read it yourself: CISPA