Apple, Microsoft,Adobe and more just started lobbying against data security
24 replies, posted
[url]https://www.youbetrayedus.org/[/url]
[quote]Apple, Microsoft, Adobe, Symantec, and a handful of other tech companies just began publicly lobbying Congress to pass the Cybersecurity Information Sharing Act (CISA), a bill that would give corporations total legal immunity when they share private user data with the government and with each other. Many of these companies have previously claimed to fight for their users' privacy rights, but by supporting this bill they've made it clear that they've abandoned that position, and are willing to endanger their users' security and civil rights in exchange for government handouts and protection. [/quote]
I know this is technically not news but it's new to a lot of people and there is no other place for a thread like this.
[B]What is happening?[/B]
Basically CISA absolutes IT companies of any responsibility for crimes commited "if a violation was committed or exposed in the process of sharing data".
So to break it down: just share all of your data with the government and any crime that's somewhat connected to the data(that includes illegal sharing of 3rd party data too!) is null and void.
[B]Why should I care?[/B]
As long as you use an US based service your data falls under this jurisdiction.
Along with the new Win10 EULA every data you use through Win10 too.
The root nameservers and the ICANN are in the US too.
[B]What can I do?[/B]
[url=https://www.faxbigbrother.com/#whatiscisa]Faxing[/url]
I apologize if this isn't quite the usual SH-news where everyone gives his opinion and someone has to show he knows better than some random chump from the internet and we all go passive agressive about it so maybe this is better in GD. If so I'd be glad if a mod moved it.
So basically the US government is saying "We don't care if you commit a crime with someone's data, as long as at the end of the day we see the data"? That's a bit shit.
Will this affect the users that reside outside of US?
[QUOTE=AhoyMate;48744322]Will this affect the users that reside outside of US?[/QUOTE]
[QUOTE=Killuah;48744268]As long as you use an US based service your data falls under this jurisdiction.[/QUOTE]
[QUOTE=AhoyMate;48744322]Will this affect the users that reside outside of US?[/QUOTE]
Unless it eventually escalates to other continents, no. But I doubt that'll happen.
[QUOTE=Anderan;48744337]As long as you use an US based service your data falls under this jurisdiction.[/QUOTE]
From what I've heard
MSoft store userdata as close to the user as possible
but, would that mean Microsoft Australia are a AUS based service? or is it a pyramid scheme?
[QUOTE=Scratch.;48744347]From what I've heard
MSoft store userdata as close to the user as possible
but, would that mean Microsoft Australia are a AUS based service? or is it a pyramid scheme?[/QUOTE]
Storage doesn't matter.
Every data that passes a US node is automatically subjected to this.
That's some Orwellian style bullshit.
Insurance and credit data got sold illegaly? No problem as long as the government gets it too.
[i]sigh[/i] here we go AGAIN
God damn I feel like I'm in the middle of the SOPA horseshit again, [sp]but without the deviantart protests[/sp]
It's kinda scary thinking of the backlash of this bill if it passes
[QUOTE=James xX;48744282]So basically the US government is saying "We don't care if you commit a crime with someone's data, as long as at the end of the day we see the data"? That's a bit shit.[/QUOTE]
From what I understand it's even worse. Basically, if the company is in process of committing a crime, lets say, evades taxes illegally, or launders money, and providing their data about you to the state would be incriminating (for instance, it would be visible you gave them money which they failed to deduce tax for), this legislation makes them exempt from punishment for the crime it might expose.
Correct me if I am wrong, though.
How absolutely fucking appalling.
Because it wasn't clear enough already that the big companies only give a shit about people when it's in the name of profit, they go and pull this 1984-tier bullshit.
Seriously hoping it gets denied on its way in.
Where is Google when you need them.
Does anyone have any proof of this that doesn't come from an activist site? It's so easy for someone to bullshit their way through activism.
People should read [URL="https://www.congress.gov/bill/114th-congress/senate-bill/754"]the whole bill[/URL]. It expands consumer protection, mandates the government to share security vulnerabilities with private agencies, and requires anonymization of private information- in other words, addressing the privacy and security fears people have been associating with the NSA. The legal immunity the site is talking about is this:
[quote](Sec. 6) Provides liability protections to entities acting in accordance with this Act that: (1) monitor information systems, or (2) share or receive indicators or defensive measures, provided that the manner in which an entity shares any indicators or defensive measures with the federal government is consistent with specified procedures and exceptions set forth under the DHS sharing process. [/quote]
Which literally just says that if a private organization cooperates with the government, and follows the laws restricting monitoring and privacy, they won't be held liable for crimes committed using their network. So for example, Google won't be held liable if someone uses a Google server to perform an attack, as long as Google cooperates in the investigation and didn't discover the attack unlawfully. Isn't that kind of immunity what people have been asking for? Now suddenly it's a bad thing?
Now, the most concerning part of the bill is this:
[quote]Permits private entities to monitor, and operate defensive measures to detect, prevent, or mitigate cybersecurity threats or security vulnerabilities on: (1) their own information systems; and (2) with authorization and written consent, the information systems of other private or government entities. Authorizes such entities to monitor information that is stored on, processed by, or transiting such monitored systems.[/quote]
But that has pretty much been the de facto law already, and coupled with the anonymization requirements specified earlier will restrict the amount of private data that corporations or the government can snoop on.
On the other hand, it specifically requires the government to disclose known vulnerabilities, requires the DOJ to review and revise privacy and civil liberty guidelines, requires DHS to make public what conditions will cause them to share data with other agencies, prohibits any government agency from using surveillance to watch lawful activity 'just in case', requires the inspector general of [I]every[/I] involved agency to report every two years on the civil liberty impact, and explicitly prohibits the act from being used by the government to compel a private entity to cooperate.
There are good reasons why big companies that have historically opposed privacy-intruding measures are in favor of CISA and it's not just because it protects them from the government. I strongly suggest that people read the text of the act before jumping on the bandwagon.
The thing is that the parts you quoted can also be interpreted the worst way(OP) possible and that's because it's written so wishy-washy.
[QUOTE=Killuah;48745105]The thing is that the parts you quoted can also be interpreted the worst way(OP) possible and that's because it's written so wishy-washy.[/QUOTE]
I gave you the summary text, of course it's wishy-washy. Here's the full text.
[quote]SEC. 6. Protection from liability.
(a) Monitoring of information systems.—No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the monitoring of information systems and information under section 4(a) that is conducted in accordance with this Act.
(b) Sharing or receipt of cyber threat indicators.—No cause of action shall lie or be maintained in any court against any entity, and such action shall be promptly dismissed, for the sharing or receipt of cyber threat indicators or defensive measures under section 4(c) if—
(1) such sharing or receipt is conducted in accordance with this Act; and
(2) in a case in which a cyber threat indicator or defensive measure is shared with the Federal Government, the cyber threat indicator or defensive measure is shared in a manner that is consistent with section 5(c)(1)(B) and the sharing or receipt, as the case may be, occurs after the earlier of—
(A) the date on which the interim policies and procedures are submitted to Congress under section 5(a)(1); or
(B) the date that is 60 days after the date of the enactment of this Act.
(c) Construction.—Nothing in this section shall be construed—
(1) to require dismissal of a cause of action against an entity that has engaged in gross negligence or willful misconduct in the course of conducting activities authorized by this Act; or
(2) to undermine or limit the availability of otherwise applicable common law or statutory defenses. [/quote]
c(1) is stating that if a company violates the terms of the Act, they're liable, which is [i]directly[/i] contradictory to your statement in the OP that it gives them immunity to prosecution for any wrongdoing so long as they cooperate. c(2) states that this isn't giving them the power to supersede common law, so they're not giving Google & Co carte blanche to spy on the country or whatever is being alleged here.
The reference to 4(a) is the passage that grants an organization the authority to monitor their own systems, subject to the limits of the bill. 4(d), the section on privacy, specifies
[quote] (A) review such cyber threat indicator to assess whether such cyber threat indicator contains any information that the entity knows at the time of sharing to be personal information of or identifying a specific person not directly related to a cybersecurity threat and remove such information; or
(B) implement and utilize a technical capability configured to remove any information contained within such indicator that the entity knows at the time of sharing to be personal information of or identifying a specific person not directly related to a cybersecurity threat.[/quote]
So what this bill is doing is giving Google the authority to monitor traffic on their own networks (which they already do), and share anything that points to illegal activity (which they already do), but adding a legal requirement to strip any personally identifiable information before they can share that traffic with anyone else (which currently, there is no requirement for), and ensuring that multiple agencies will be reviewing the disclosure (which currently, does not happen).
The bill is codifying processes that have already been common practice, while adding new restrictions to ensure privacy, guarantee that multiple federal bodies will be reviewing periodically to ensure it isn't being abused, and clearly stipulate under what conditions a private organization is released from liability.
If you want to argue that Google shouldn't be doing any kind of monitoring on their own networks in the first place then I can at least understand that argument, but this bill isn't giving Google or the federal government any new powers, it's codifying what has typically been seen as a grey area of uncertainty.
[QUOTE=catbarf;48744606]People should read [URL="https://www.congress.gov/bill/114th-congress/senate-bill/754"]the whole bill[/URL]. It expands consumer protection, mandates the government to share security vulnerabilities with private agencies, and requires anonymization of private information- in other words, addressing the privacy and security fears people have been associating with the NSA. The legal immunity the site is talking about is this:
Which literally just says that if a private organization cooperates with the government, and follows the laws restricting monitoring and privacy, they won't be held liable for crimes committed using their network. So for example, Google won't be held liable if someone uses a Google server to perform an attack, as long as Google cooperates in the investigation and didn't discover the attack unlawfully. Isn't that kind of immunity what people have been asking for? Now suddenly it's a bad thing?
Now, the most concerning part of the bill is this:
But that has pretty much been the de facto law already, and coupled with the anonymization requirements specified earlier will restrict the amount of private data that corporations or the government can snoop on.
On the other hand, it specifically requires the government to disclose known vulnerabilities, requires the DOJ to review and revise privacy and civil liberty guidelines, requires DHS to make public what conditions will cause them to share data with other agencies, prohibits any government agency from using surveillance to watch lawful activity 'just in case', requires the inspector general of [I]every[/I] involved agency to report every two years on the civil liberty impact, and explicitly prohibits the act from being used by the government to compel a private entity to cooperate.
There are good reasons why big companies that have historically opposed privacy-intruding measures are in favor of CISA and it's not just because it protects them from the government. I strongly suggest that people read the text of the act before jumping on the bandwagon.[/QUOTE]no catbarf this is facepunch where people react first and think never
[QUOTE=Killer900;48745733]no catbarf this is facepunch where people react first and think never[/QUOTE]
This is true, i turn off my brain when i browse facepunch.
Well after reading following posts this bill seems a lot worse than I had thought, but still I am unsure. I am not much of a political person.
[QUOTE=Handsome Matt;48744561]ye it does, lots of online servers store data where the user wants - both my Microsoft and Amazon AWS store my data in the UK, it doesn't touch the US to get there.[/QUOTE]
To add to this: Microsoft has to store that data inside the EU to operate here legally.
If they didn't then they'd be legally unable to provide most of their services to this market.
Well my brain is fucked. Shows me to not ever trust any OP by it's cover, especially when it's this important
Sorry, you need to Log In to post a reply to this thread.