CISPA: Is It As Bad As It Appears? in [Market-Ticker]

Posted 2012-05-03 09:33
by Karl Denninger
in Editorial

CISPA: Is It As Bad As It Appears?

There's been a bunch of buzz around this bill in the House, formally HR 3523.

The bill allegedly "improves" the United States' defenses against cyberattacks of various sorts. Anyone who has followed the news, or the Ticker for that matter, knows that the issues raised in the general sense are real -- there has been an enormous uptick in the instance of things that could be called "cyberwarfare" over the last number of years, with a huge percentage of the attacks coming from China.

The bill facially appears to be pretty pedestrian, essentially trying to "encourage" private and government interaction on sharing of threats detected and actions taken to deter them. What's not to love about such a thing?

Critics point here:

‘‘(4) EXEMPTION FROM LIABILITY.—No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self protected entity, or cybersecurity provider, acting in good faith—
‘‘(A) for using cybersecurity systems to identify or obtain cyber threat information or for sharing such information in accordance with this section;
or
‘‘(B) for decisions made based on cyber threat information identified, obtained, or shared under this section.

Ehhhh..... that's where the problem is.

There's an allegedly "good faith" requirement but that's pretty weak. And further on in the statute is an extremely weak redress provision for intentional breaches by the Federal Government (only!) limiting recovery to $1,000 or actual damages plus harm. There is no liability, civil or criminal, that can be imposed in a punitive form even where the breach is intentional.

Worse, there's an absolute bar against liability being attached to private parties associated with such an action as they're immune!

There is one (and only one) good set of exempted records in the bill, including library records, book sales, firearms records, tax returns, education and medical records -- but that leaves open telephone, internet and other related records.

Nobody is arguing that we shouldn't increase our threat protection when it comes to cybersecurity or that it is isn't a real problem. It is a real problem, but a lot of it is coming from easily-identified places and a plurality of that is coming from one place -- CHINA.

Immunity grants to private parties, however, are inherent vice and must be opposed. There's simply no argument for them -- if you're doing something evil and a private party reports it there's no liability issue involved.

Your right to seek redress under the law for abuses served up at the hand of private entities, however, must be maintained.

CISPA does not do that, and in fact is carefully crafted to prevent you from recovering from firms that violate your rights or even their own written policies, provided they claim there is some "cybersecurity" involvement, and as such it must not become law.

Discussion below (registration required to post)

Main Navigation

Full-Text Search & Archives

Archive Access

Blogtalk 3:30 CT Mondays

Items To Look At

Discuss The Capital Markets along with daily technical analysis with our Gold Donor program.

Where We Are, Where We're Heading (2013) - The annual 2013 Ticker

Links and Blogroll

Our policy on reciprocal links: Send us an email with your information and why you think your blog or news site would make a good addition - in most cases reciprocal link requests will be granted.

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Looking for "The Best of Market Ticker"? Check out Ticker Classics.

Visit the forum to discuss this and other investing-related topics; see the FAQ on the forum for information about Gold Donor status including access to our technical analysis video server.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

Market Ticker content may be reproduced or excerpted online provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media.

Submissions may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Leads on stories of current economic and political interest are always welcome. Our fax tip line is 850-897-9364; please include contact information with your transmission.

User Info	CISPA: Is It As Bad As It Appears? in forum [Market-Ticker]
Winstonsmith2009 Posts: 1060 Incept: 2009-08-05	"Immunity grants to private parties, however, are inherent vice and must be opposed. There's simply no argument for them -- if you're doing something evil and a private party reports it there's no liability issue involved." You miss the point. It's when a private party claims you're doing something evil when you aren't, reports you and gets you ingested into the top secret Amerika security complex, put on a no-fly list, etc., that this protection is "needed." Or when a private party (aka corporation or gov't contractor) compiles more info on you than they should from disallowed sources. This is a preemptive "illegal AT&T wiretapping" legal exemption. Dont' want the gov't or its henchmen ever sued significantly for anything, ya' know. Might actually deter the abuses and/or attract too much attention in the national press, making people begin to wonder, "Gee, if I ever actually try to move, will I feel my chains?" Last modified: 2012-05-03 09:58:20 by winstonsmith2009 2012-05-03 09:56:33 Permalink
Genesis Posts: 130744 Incept: 2007-06-26	I didn't miss the point, I made the point. ---------- I don't care* if it makes sense -- only if it makes money. -- Me* Bank (n): See scam, fraud and theft. *Eat a bankster -- they're low-carb.* *What part of "shall not be infringed" was unclear?* 2012-05-03 10:59:30 Permalink
Greendisease Posts: 65 Incept: 2011-04-11	Yes, CISPA is as bad as it appears when you take it in the context of NDAA and domestic use of aerial drones. It's pretty clear that the federal government is charging ahead with an agenda of constant, illegal surveillance of American citizens. This is coming from someone who is NOT a fan of conspiracy theory. I just look at what's happening, and well...what's the saying? If it walks like a duck... If you haven't yet abandoned social media, now would be a good time. 2012-05-03 11:27:33 Permalink
Rdgdawg Posts: 165 Incept: 2010-04-30 WI... but no brats or cheese...	I was talking to a software security consultant the other day and his take was the reason we allow these attacks to occur without punishment was to deliberately feed them "bad information"... being in IT, I thought about that for a minute, then realized the current administration and its incompetence... Ehhhh, nope... not the plan... ---------- I work hard because millions on welfare depend on me! Last modified: 2012-05-03 11:37:04 by rdgdawg 2012-05-03 11:35:08 Permalink
Lowbeyond Posts: 16897 Incept: 2008-02-11 CO aka West NJ/East CA Online	Rdgdawg wrote.. I was talking to a software security consultant the other day and his take was the reason we allow these attacks to occur without punishment was to deliberately feed them "bad information"... Uh-huh. Im sure there are honey-pots set up. But to say that its only the honey pots getting sucked dry is complete 100% bull**** ---------- Maybe it was a birdy bread-bomber from the future?! 2012-05-03 12:01:00 Permalink
Greendisease Posts: 65 Incept: 2011-04-11	Add an update of CALEA to the list, which basically installs permanent wiretaps in newer web communications services: http://news.cnet.com/8301-1009_3-5742806.... Quote: The FBI is asking Internet companies not to oppose a controversial proposal that would require the firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance. In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned. The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail, alter their code to ensure it's wiretap-friendly. It's a runaway freight train of abuses. 2012-05-04 13:21:06 Permalink

Rdgdawg wrote..

Quote: