back to article Facebook defends support for CISPA monitoring bill

Facebook has issued a statement explained why it is supporting the Cyber Intelligence Sharing and Protection Act (CISPA) HR 3523, which is currently being considered by Congress. CISPA would set up a mechanism for the government's security services to share information on new threats with private companies and utilities. In …

COMMENTS

This topic is closed for new posts.
  1. Old Handle
    Thumb Down

    What they really need to do is take out the immunity provision. If Facebook's intentions are so harmless, why do the need special permission to break the law?

    1. James Micallef Silver badge
      Unhappy

      The immunity provision is the whole purpose of the law. Companies like Facebook and ISPs don't want to get caught in the middle between consumers protecting their privacy and government wanting to snoop. That's why Facebook et al support the law

    2. fajensen

      Basic Economics: US Corporations can always break the law and then get off the hook by paying a legal settlement, often a no-fault settlement, of a mere percentage of the loot.

      With invasion of privacy crime, it is different: In the majority of the cases, there is no loot to pay the settlement and the lawyers with, so naturally corporations need the law written in such a way that it will protect their assets.

      http://www.guardian.co.uk/world/2011/apr/03/us-bank-mexico-drug-gangs

  2. beep54
    FAIL

    Uh, yeah. Right....

    "They're not looking for some kid in the Dallas suburbs hacking into his school to change his grade," the staffer said. "This is about foreign intelligence services and organized crime figures from overseas."

    1. frank ly

      Re: Uh, yeah. Right....

      Do foreign intelligence services and international organised crime figures have much of a presence on Facebook?

    2. Eddy Ito
      Big Brother

      Re: Uh, yeah. Right....

      My thoughts exactly. This is going to have those old enough to remember look back on J. Edgar and McCarthyism with fond nostalgia. Just imagine fast and furious Eric Holder with a Super-MongoDB on Hadoop able to pick off his political enemies at will. Mao never had it so good.

      1. Graham Dawson Silver badge

        Re: Uh, yeah. Right....

        Or for those who are of the more lefty persuasion, imagine this power in the hands of a future Rumsfeld or Cheney.

        1. hold2ransom
          Devil

          Re: Uh, yeah. Right....

          Frightening is not strong enough to describe the possible implications. Blair would have loved the power it will give those in "Power"!

  3. Spud2go
    Pint

    Facebook will follow the money

    Considering the fact that they're close to IPO, they will want to make the right noises to potential new clients. One of the immediate issues for an account holder I can see is how much of an individuals on-line activity they are harvesting & who they might sell it to. If, as this article suggests, the bill in its current form is 'vague" in its wording & intent and moves forward as such, the possibilities (& potential revenues) for Facebook are endless.

    Personally, I cancelled & blocked Facebook a long time ago - don't like being regarded as a product.

    Just my 2 bob's worth.

  4. Anonymous Coward
    Anonymous Coward

    Not sure if it's that bad

    The Bill seems to be quite explicit about the nature of the relationship between gov security agencies and cybersecurity providers, and the providers themselves are constrained in the bill to be sharing information about threats to clients' systems (and then subject to the client's policies).

    So it's difficult to see an easy way for user data to be made widely available (or demanded) on a whim.

    Particularly I can't see anything that makes life any easier for companies that want to go after ilegitimate file sharing.

    It does tend to extend the US Intelligence function into the cybersecurity providers, which may be of concern. Bottom line, though, is that if sensitive user data is given up it will be because the host (FB, Google or whatever) has willed it.

  5. Eguro

    A question

    Since I'm not only horribly versed in legalese, but also terribly lazy, I'm hoping someone will be able to answer this.

    On other bills a concern seems to have been the need or lack thereof to tell the user that his data has been handed over. I'm assuming that this bill doesn't have the user being made aware of his data being handed over to the government?

    (I suppose I should just assume that data being handed over to the government is already done in secrecy, but well... yeah, I think I'll just do that)

    1. Anonymous Coward
      Anonymous Coward

      Re: A question

      My two pennorth: The bill doesn't seem to contain any requirement to inform system users of the information sharing.

      Whether that is an issue or not depends on whether or not the various parties play fast and loose with the terminology. It is supposed to cover sharing of cyber threat intelligence/information, which I would understand to be info derived from network/activity monitoring.

      So I wouldn't expect user data to be relevant except where it is incidental to a threat. And I wouldn't expect even that amount to be shared outside of the closed group described by the bill.

  6. James Micallef Silver badge
    Facepalm

    "the IP clauses in the bill had been included were intended to go after overseas players going after military or commercial data via network hacking, not file sharers.

    "They're not looking for some kid in the Dallas suburbs hacking into his school to change his grade," the staffer said. "This is about foreign intelligence services and organized crime figures from overseas.""

    The spirit of the law does not matter one jot. If the letter of the law allows chasing after people for IP protection (even if the idea is to go after military / commercial hacking), then some Movie company lawyer will find a way to use it to run after file sharers. It doesn't matter if there are specific provisions in the law (eg limiting IP protection to damages of $Xmillion), some way will be found (eg some ridiculous estimate of how much $ "damage" a movie download causes)

  7. Alex.Red
    Pint

    It looks like the right time for the PDPB

    Personal Data Protection Bill will help us in guarding our data. :-)

    Easy to implement, easy to use. Here is the idea:

    - person is in control of his/her personal data;

    - person can dynamically grant access to personal data;

    - data access is granular, ex. mail address, e-mail address, SSN, etc.;

    - dynamic access allows person to limit access to the data, ex. Facebook can only see my name;

    - person is granted right who queries personal information;

    - person can sue the company that leaked his/her data;

    - no company but public Data Banks can store personal information locally for longer than a session;

    - dynamic access allows person to see who queries and what info.

    The above can be done with public Data Banks that will keep your information and share it with Facebook and the likes (API to access personal data). Person uses private key to encrypt data and public key to grant access to personal data. Person can have a keychain with 365/366 keys for re-encryping personal data.

    1. P. Lee
      Trollface

      Re: It looks like the right time for the PDPB

      Except it isn't "your" data - you filled out the facebook survey and gave them the data.

      They survey question was, "What's on your mind?"

      If you really want to share stuff via FB, get a profile and just leave a single link to a website on your own computer.

      1. Charles 9

        Re: It looks like the right time for the PDPB

        Much as the idea sounds interesting, you basically point out the big problem: it's impossible to enforce. PID DOES have legitimate uses in your basic commercial transaction, so it has to be in the clear SOMEWHERE, and once it's in the clear, it's open for copying. Even an identity exchange wouldn't be immune. After all, if you entrust the data to someone, how do you vouch for their trustworthiness? And if you handle it yourself, you're liable to find yourself in a tsunami of requests that'll make today's spam look like a kiddy wave.

  8. Mr Young
    Alert

    Every time I read something like this

    I think of the word 'eavesdropper' - cheesy spying, ancient stuff, bunch of tossers, etc

  9. Anonymous Coward
    Anonymous Coward

    This is enough to piss off a pirate

    How dare they?

  10. Robert Carnegie Silver badge

    Facebook is a particularly alarming data donor.

    Given that being photographed with an illegal immigrant will get you arrested in some of the U.S.

    That's less controversial than my usual list of things that I don't want government officials to look up without formal good reason - political and labour union activity, and my love life, and interracial association in general - but then, being illegally in the U.S. is a lot more socially acceptable than in other countries.

  11. Anonymous Coward
    Anonymous Coward

    Am I the only one...

    ...who finds the idea of 'voluntary' agreements between government and *anybody* rather creepy in itself? If they *really* need this information, they should insist on getting it. If they don't, they should mind their own business. I don't see any middle way between those possibilities.

    1. Anonymous Coward
      Anonymous Coward

      Re: Am I the only one...

      Yup, you're the only one...

  12. Anonymous Coward
    Anonymous Coward

    Lessee...

    Vague wording? Check.

    A possibly even vaguer spectre to defend against? Check.

    Promises not to abuse their awesome power? Check.

    Exhortions to trust them, for they know best? Check.

    Private company with long track record of violating privacy "voluntarily" sharing yet more data? Check.

    They're ticking all the boxes, but somehow it's not making me more comfortable.

  13. Gannon (J.) Dick
    WTF?

    Optional

    Everybody is a content creator. So, you have a server with 100% made up of crap gossip. How do you tell FB to go away ? Google ? Apple ? Microsoft ? robots.txt ? Seriously ?

    The content has already been created, got crap and all that.

    Creating not(crap) is something all content creators struggle with, but the issue is how do you stop propagation of existing crap.

  14. Anonymous Coward
    Anonymous Coward

    It's only going to get worse

    for the crims so it's all good.

    1. Dante

      Re: It's only going to get worse

      "It's only going to get worse for us all so it's all good."

      there, fixed that for you.

  15. Anonymous Coward
    Anonymous Coward

    Paranoid

    W O W just how paranoid?

    "They" just want to know everything about everyone!

    Shockingly bad.

  16. Keep Refrigerated
    Flame

    PR bullshit...

    "HR 3523 would impose no new obligations on us to share data with anyone – and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today,'"

    So why do you need a new law if you're already doing it?

    "They're not looking for some kid in the Dallas suburbs hacking into his school to change his grade,"

    Not yet...

  17. Anonymous Coward
    Anonymous Coward

    Listen to them squeal

    It's laughable to here the sky is falling advocates.

  18. Frank Bitterlich
    WTF?

    Dear governments, ...

    ... can you please stop trying to get an "all access" pass to our data?

    ACTA, SOPA, PIPA, RIPA, CISPA... can you *please* stop it, now?

    Thanks,

    Your People

This topic is closed for new posts.

Other stories you might like