Feeds

back to article Facebook defends support for CISPA monitoring bill

Facebook has issued a statement explained why it is supporting the Cyber Intelligence Sharing and Protection Act (CISPA) HR 3523, which is currently being considered by Congress. CISPA would set up a mechanism for the government's security services to share information on new threats with private companies and utilities. In …

COMMENTS

This topic is closed for new posts.
Silver badge
Thumb Down

What they really need to do is take out the immunity provision. If Facebook's intentions are so harmless, why do the need special permission to break the law?

15
2
Silver badge
Unhappy

The immunity provision is the whole purpose of the law. Companies like Facebook and ISPs don't want to get caught in the middle between consumers protecting their privacy and government wanting to snoop. That's why Facebook et al support the law

2
1

Basic Economics: US Corporations can always break the law and then get off the hook by paying a legal settlement, often a no-fault settlement, of a mere percentage of the loot.

With invasion of privacy crime, it is different: In the majority of the cases, there is no loot to pay the settlement and the lawyers with, so naturally corporations need the law written in such a way that it will protect their assets.

http://www.guardian.co.uk/world/2011/apr/03/us-bank-mexico-drug-gangs

0
0
FAIL

Uh, yeah. Right....

"They're not looking for some kid in the Dallas suburbs hacking into his school to change his grade," the staffer said. "This is about foreign intelligence services and organized crime figures from overseas."

3
4
Silver badge

Re: Uh, yeah. Right....

Do foreign intelligence services and international organised crime figures have much of a presence on Facebook?

16
0
Silver badge
Big Brother

Re: Uh, yeah. Right....

My thoughts exactly. This is going to have those old enough to remember look back on J. Edgar and McCarthyism with fond nostalgia. Just imagine fast and furious Eric Holder with a Super-MongoDB on Hadoop able to pick off his political enemies at will. Mao never had it so good.

16
1
Silver badge

Re: Uh, yeah. Right....

Or for those who are of the more lefty persuasion, imagine this power in the hands of a future Rumsfeld or Cheney.

4
1
Devil

Re: Uh, yeah. Right....

Frightening is not strong enough to describe the possible implications. Blair would have loved the power it will give those in "Power"!

6
0
Bronze badge
Pint

Facebook will follow the money

Considering the fact that they're close to IPO, they will want to make the right noises to potential new clients. One of the immediate issues for an account holder I can see is how much of an individuals on-line activity they are harvesting & who they might sell it to. If, as this article suggests, the bill in its current form is 'vague" in its wording & intent and moves forward as such, the possibilities (& potential revenues) for Facebook are endless.

Personally, I cancelled & blocked Facebook a long time ago - don't like being regarded as a product.

Just my 2 bob's worth.

7
0
Silver badge

Not sure if it's that bad

The Bill seems to be quite explicit about the nature of the relationship between gov security agencies and cybersecurity providers, and the providers themselves are constrained in the bill to be sharing information about threats to clients' systems (and then subject to the client's policies).

So it's difficult to see an easy way for user data to be made widely available (or demanded) on a whim.

Particularly I can't see anything that makes life any easier for companies that want to go after ilegitimate file sharing.

It does tend to extend the US Intelligence function into the cybersecurity providers, which may be of concern. Bottom line, though, is that if sensitive user data is given up it will be because the host (FB, Google or whatever) has willed it.

0
2
Bronze badge

A question

Since I'm not only horribly versed in legalese, but also terribly lazy, I'm hoping someone will be able to answer this.

On other bills a concern seems to have been the need or lack thereof to tell the user that his data has been handed over. I'm assuming that this bill doesn't have the user being made aware of his data being handed over to the government?

(I suppose I should just assume that data being handed over to the government is already done in secrecy, but well... yeah, I think I'll just do that)

4
0
Silver badge

Re: A question

My two pennorth: The bill doesn't seem to contain any requirement to inform system users of the information sharing.

Whether that is an issue or not depends on whether or not the various parties play fast and loose with the terminology. It is supposed to cover sharing of cyber threat intelligence/information, which I would understand to be info derived from network/activity monitoring.

So I wouldn't expect user data to be relevant except where it is incidental to a threat. And I wouldn't expect even that amount to be shared outside of the closed group described by the bill.

1
1
Silver badge
Facepalm

"the IP clauses in the bill had been included were intended to go after overseas players going after military or commercial data via network hacking, not file sharers.

"They're not looking for some kid in the Dallas suburbs hacking into his school to change his grade," the staffer said. "This is about foreign intelligence services and organized crime figures from overseas.""

The spirit of the law does not matter one jot. If the letter of the law allows chasing after people for IP protection (even if the idea is to go after military / commercial hacking), then some Movie company lawyer will find a way to use it to run after file sharers. It doesn't matter if there are specific provisions in the law (eg limiting IP protection to damages of $Xmillion), some way will be found (eg some ridiculous estimate of how much $ "damage" a movie download causes)

10
0
Pint

It looks like the right time for the PDPB

Personal Data Protection Bill will help us in guarding our data. :-)

Easy to implement, easy to use. Here is the idea:

- person is in control of his/her personal data;

- person can dynamically grant access to personal data;

- data access is granular, ex. mail address, e-mail address, SSN, etc.;

- dynamic access allows person to limit access to the data, ex. Facebook can only see my name;

- person is granted right who queries personal information;

- person can sue the company that leaked his/her data;

- no company but public Data Banks can store personal information locally for longer than a session;

- dynamic access allows person to see who queries and what info.

The above can be done with public Data Banks that will keep your information and share it with Facebook and the likes (API to access personal data). Person uses private key to encrypt data and public key to grant access to personal data. Person can have a keychain with 365/366 keys for re-encryping personal data.

0
0
Silver badge
Trollface

Re: It looks like the right time for the PDPB

Except it isn't "your" data - you filled out the facebook survey and gave them the data.

They survey question was, "What's on your mind?"

If you really want to share stuff via FB, get a profile and just leave a single link to a website on your own computer.

0
0
Silver badge

Re: It looks like the right time for the PDPB

Much as the idea sounds interesting, you basically point out the big problem: it's impossible to enforce. PID DOES have legitimate uses in your basic commercial transaction, so it has to be in the clear SOMEWHERE, and once it's in the clear, it's open for copying. Even an identity exchange wouldn't be immune. After all, if you entrust the data to someone, how do you vouch for their trustworthiness? And if you handle it yourself, you're liable to find yourself in a tsunami of requests that'll make today's spam look like a kiddy wave.

0
0
Alert

Every time I read something like this

I think of the word 'eavesdropper' - cheesy spying, ancient stuff, bunch of tossers, etc

0
0
Anonymous Coward

This is enough to piss off a pirate

How dare they?

0
3
Bronze badge

Facebook is a particularly alarming data donor.

Given that being photographed with an illegal immigrant will get you arrested in some of the U.S.

That's less controversial than my usual list of things that I don't want government officials to look up without formal good reason - political and labour union activity, and my love life, and interracial association in general - but then, being illegally in the U.S. is a lot more socially acceptable than in other countries.

0
0
Anonymous Coward

Am I the only one...

...who finds the idea of 'voluntary' agreements between government and *anybody* rather creepy in itself? If they *really* need this information, they should insist on getting it. If they don't, they should mind their own business. I don't see any middle way between those possibilities.

1
0
Anonymous Coward

Re: Am I the only one...

Yup, you're the only one...

0
3
Anonymous Coward

Lessee...

Vague wording? Check.

A possibly even vaguer spectre to defend against? Check.

Promises not to abuse their awesome power? Check.

Exhortions to trust them, for they know best? Check.

Private company with long track record of violating privacy "voluntarily" sharing yet more data? Check.

They're ticking all the boxes, but somehow it's not making me more comfortable.

3
0
Bronze badge
WTF?

Optional

Everybody is a content creator. So, you have a server with 100% made up of crap gossip. How do you tell FB to go away ? Google ? Apple ? Microsoft ? robots.txt ? Seriously ?

The content has already been created, got crap and all that.

Creating not(crap) is something all content creators struggle with, but the issue is how do you stop propagation of existing crap.

0
0
Anonymous Coward

It's only going to get worse

for the crims so it's all good.

0
1

Re: It's only going to get worse

"It's only going to get worse for us all so it's all good."

there, fixed that for you.

2
0
Anonymous Coward

Paranoid

W O W just how paranoid?

"They" just want to know everything about everyone!

Shockingly bad.

0
0
Flame

PR bullshit...

"HR 3523 would impose no new obligations on us to share data with anyone – and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today,'"

So why do you need a new law if you're already doing it?

"They're not looking for some kid in the Dallas suburbs hacking into his school to change his grade,"

Not yet...

1
0
Anonymous Coward

Listen to them squeal

It's laughable to here the sky is falling advocates.

0
0
WTF?

Dear governments, ...

... can you please stop trying to get an "all access" pass to our data?

ACTA, SOPA, PIPA, RIPA, CISPA... can you *please* stop it, now?

Thanks,

Your People

0
0
This topic is closed for new posts.