If it weren’t 2012, I would say this has 1984 written all over it. Yeah right, corporate America would stop when told too, just like some of the cell phone companies were giving out customer information to anyone who wanted it a few years ago.  This too will be used as a political football to prove Obama is soft on security.  Everythig thing he has done since the 2010 election has been about the 2012 election.

There are three problems I still see:

1.  Cybersecurity is still left undefined, or defined to included “degradation of service” which could result from watching too many kitten videos.  Even “unauthorized access” could plausibly mean “logged in under a pseudonym,” which, if you don’t think is important, talk to an abuse victim.

2.  The information can be used for “national security purposes,” which can be interepreted to include just about anything, since some people believe that our collective cultural values should be frozen.  So, does that mean they can use Facebook posts to arrest illegal immigrants?  Gays?  Arrest anybody who disagrees with government policy?  Those could all be (and have been) viewed as harming the security of the country, after all.

3.  This protects nothing, because it’s still legal to run a fifteen-year-old version of a webserver and it’s still legal to sell a way to exploit bugs you found in Internet Explorer to some hacker in the Ukraine.  Worse, it’s still illegal to publish evidence of those bugs so that people can avoid the dangerous software.

That doesn’t even touch the Constitutional problem of deputizing private companies to watch us on behalf of the government without making them observe bans on illegal search and seizure, bans on self-incrimination, and the right to face your accuser.  In fact, since it gives them immunity to lawsuits, it encourages them to ignore civil liberties while acting as government agents.

Personally, I’d like to see the “use case.”  What is the “digital Pearl Harbor” that this will actually stop?  From where I sit, the only crimes it can stop are away from the computer.  It’s far easier to use these rules to stop a drug deal than a hacker, which makes it poorly-targeted.

Megha, what I think would be useful is if you applied the same kind of journalistic curiosity and investigatory skills as Tracy Weber and Charles Ornstein applied to the pharmaceutical business.

You don’t seem to realize that behind this rabid anti-SOPA and anti-CISPA campaign is the powerful Google Big Ad agency and all its related lobbying organizations, starting with the Electronic Frontier Foundation.

It’s not even especially about “following the money,” although that’s part of it. In fact, Google can do its lobbying on a shoestring because it now has Google+ and all its properties to use as a lobbying platform for free and push featured stories and ads to all its customers, right in their face, scraping their personal data relentlessly ALREADY, more than anything the government plans to do.

And Google essentially “owns” all the tech blogs with their culture of loving Google and open source and viewing only telecoms and Hollywood as the enemy (and they’ve been gulled into that with bombardment with the tech blogs that Google from time immemorial has always put first in search, which then, like Wikipedia, becomes a self-fulfilling propheacy as people see it first, link it, and that keeps it on top).

Just because these lobbyists claim that there would be some privacy violation, doesn’t mean it’s true. Try to have the same curiosity that Weber and Ornstein show toward big pharma. These cyber bills had plenty of exceptions, remedies and strict definitions to prevent their misuse. It’s not true that no warrant would be required. In fact, these companies already have Terms of Service that require they themselves should be acting on IP theft anyway—and they don’t. Google said they get 5 million DMCA requests a year, and take down 75 percent of them—that’s millions of items that they’ve used to sell ads and retain customers that they didn’t license.

As for CISPA, it’s about voluntary data sharing in the interests of stopping Anonymous hacking and DDOS attacks and the Chinese, Iranian, and Russian governments. You’re not telling the other side of this story, and just essentially cutting and pasting from TechDirt or ACLU or EFF blogs.

The bill narrowly defines the acts and the measures. It’s not social media companies handing all of customers’ information always and everywhere for no reason. It’s for *when* there is a case of a cyber-attack that law-enforcement is trying to investigate, and needs cooperation with social media platforms. Law-enforcers have to make their case. The rabid Big IT lobbyists never concede this because it’s not in their business interests. They want absolutely licentiousness on the Internet so they can make ad revenue, full stop. They are addicted to click ads as a business model.

You failed to mention that Facebook, IBM and other big IT companies back CISPA. Ask yourself why. It’s because they don’t like anymore than the Pentagon likes being disabled by extremists, anarchists and foreign intelligence agencies.

Catherine, you’re worried about Anonymous?

Do you know how those imbeciles get in where they shouldn’t?  People don’t update their software.  That’s the big secret:  Their targets are actually stupider than they are, and that’s saying a lot.

They get time on infected machines around the world (a bot-net), which got infected because someone decided a firewall and virus scanner was slowing down their pirated software.  Then the infected machines are turned against the target, leveraging flaws that (in most cases) everybody who cared knew about years ago.

Full disclosure.  I’m a programmer for an engineering firm (not in security), and run a company that supplies web services.  I’ve never run an ad in my life, and don’t plan to.  I think Google is an atrocity, and the breadth of what they (and Facebook, another atrocity) collect is EXACTLY what leads me to believe that “voluntary sharing” with the government is dangerous.

Bush gave the phone companies immunity for wiretaps, and this is the same thing, except it might include my business deals, investments, personal correspondence, medical records, contacts, and schedule, rather than just “suspicious” phone calls.  Don’t be surprised if sometime, somewhere, someplace where you least expect it, someone steps up to you and says, “Smile, you’re under surveillance.”

Funny thing, I’ve read the bill.  Your calling it narrow tells me that you have not.  The “remedy” you cite is that you can sue the government for up to two years after your privacy has been violated, but nobody will tell you it happened (except Google, ironically, who’s usually good at that), so, duh.

Back to the (ugh) “cybersecurity” problems.  There are four big factors or entry points:

1.  Nobody updates their servers, with known bugs, and the motivation is obviously to hide this until it’s too late.
2.  Hackers get big money from organized crime and governments for hidden exploits, completely legally.
3.  Bot-nets make it easy to spread a denial of service or other attack around the world cheaply.
4.  Security researchers are hit with DMCA notices when they announce bugs that aren’t getting fixed.

Which of these does CISPA treat?  None of them.

Instead, CISPA assumes that you or I must be a “potential hacker,” and therefore should be treated as a criminal, reporting “thought crimes,” rather than just sealing the security holes.

You can stop more DDOS attacks by giving everybody a copy of Windows 7 (dismantling the bot-nets overnight) and a virus scanner than allowing all the even potential measures of CISPA.

That’s enough of my ranting.  Instead, I challenge you, Catherine:  Please outline the “Pearl Harbor” CISPA would prevent and how it would solve the problem.  I think that’s fair, since I outlined what would solve the problem and showed how CISPA can be abused.

Or, you could just recycle the tired SOPA arguments that “Google makes money off of stealing IP.”