
What they really need to do is take out the immunity provision. If Facebook's intentions are so harmless, why do the need special permission to break the law?
Facebook has issued a statement explained why it is supporting the Cyber Intelligence Sharing and Protection Act (CISPA) HR 3523, which is currently being considered by Congress. CISPA would set up a mechanism for the government's security services to share information on new threats with private companies and utilities. In …
Basic Economics: US Corporations can always break the law and then get off the hook by paying a legal settlement, often a no-fault settlement, of a mere percentage of the loot.
With invasion of privacy crime, it is different: In the majority of the cases, there is no loot to pay the settlement and the lawyers with, so naturally corporations need the law written in such a way that it will protect their assets.
http://www.guardian.co.uk/world/2011/apr/03/us-bank-mexico-drug-gangs
My thoughts exactly. This is going to have those old enough to remember look back on J. Edgar and McCarthyism with fond nostalgia. Just imagine fast and furious Eric Holder with a Super-MongoDB on Hadoop able to pick off his political enemies at will. Mao never had it so good.
Considering the fact that they're close to IPO, they will want to make the right noises to potential new clients. One of the immediate issues for an account holder I can see is how much of an individuals on-line activity they are harvesting & who they might sell it to. If, as this article suggests, the bill in its current form is 'vague" in its wording & intent and moves forward as such, the possibilities (& potential revenues) for Facebook are endless.
Personally, I cancelled & blocked Facebook a long time ago - don't like being regarded as a product.
Just my 2 bob's worth.
The Bill seems to be quite explicit about the nature of the relationship between gov security agencies and cybersecurity providers, and the providers themselves are constrained in the bill to be sharing information about threats to clients' systems (and then subject to the client's policies).
So it's difficult to see an easy way for user data to be made widely available (or demanded) on a whim.
Particularly I can't see anything that makes life any easier for companies that want to go after ilegitimate file sharing.
It does tend to extend the US Intelligence function into the cybersecurity providers, which may be of concern. Bottom line, though, is that if sensitive user data is given up it will be because the host (FB, Google or whatever) has willed it.
Since I'm not only horribly versed in legalese, but also terribly lazy, I'm hoping someone will be able to answer this.
On other bills a concern seems to have been the need or lack thereof to tell the user that his data has been handed over. I'm assuming that this bill doesn't have the user being made aware of his data being handed over to the government?
(I suppose I should just assume that data being handed over to the government is already done in secrecy, but well... yeah, I think I'll just do that)
My two pennorth: The bill doesn't seem to contain any requirement to inform system users of the information sharing.
Whether that is an issue or not depends on whether or not the various parties play fast and loose with the terminology. It is supposed to cover sharing of cyber threat intelligence/information, which I would understand to be info derived from network/activity monitoring.
So I wouldn't expect user data to be relevant except where it is incidental to a threat. And I wouldn't expect even that amount to be shared outside of the closed group described by the bill.
"the IP clauses in the bill had been included were intended to go after overseas players going after military or commercial data via network hacking, not file sharers.
"They're not looking for some kid in the Dallas suburbs hacking into his school to change his grade," the staffer said. "This is about foreign intelligence services and organized crime figures from overseas.""
The spirit of the law does not matter one jot. If the letter of the law allows chasing after people for IP protection (even if the idea is to go after military / commercial hacking), then some Movie company lawyer will find a way to use it to run after file sharers. It doesn't matter if there are specific provisions in the law (eg limiting IP protection to damages of $Xmillion), some way will be found (eg some ridiculous estimate of how much $ "damage" a movie download causes)
Personal Data Protection Bill will help us in guarding our data. :-)
Easy to implement, easy to use. Here is the idea:
- person is in control of his/her personal data;
- person can dynamically grant access to personal data;
- data access is granular, ex. mail address, e-mail address, SSN, etc.;
- dynamic access allows person to limit access to the data, ex. Facebook can only see my name;
- person is granted right who queries personal information;
- person can sue the company that leaked his/her data;
- no company but public Data Banks can store personal information locally for longer than a session;
- dynamic access allows person to see who queries and what info.
The above can be done with public Data Banks that will keep your information and share it with Facebook and the likes (API to access personal data). Person uses private key to encrypt data and public key to grant access to personal data. Person can have a keychain with 365/366 keys for re-encryping personal data.
Except it isn't "your" data - you filled out the facebook survey and gave them the data.
They survey question was, "What's on your mind?"
If you really want to share stuff via FB, get a profile and just leave a single link to a website on your own computer.
Much as the idea sounds interesting, you basically point out the big problem: it's impossible to enforce. PID DOES have legitimate uses in your basic commercial transaction, so it has to be in the clear SOMEWHERE, and once it's in the clear, it's open for copying. Even an identity exchange wouldn't be immune. After all, if you entrust the data to someone, how do you vouch for their trustworthiness? And if you handle it yourself, you're liable to find yourself in a tsunami of requests that'll make today's spam look like a kiddy wave.
Given that being photographed with an illegal immigrant will get you arrested in some of the U.S.
That's less controversial than my usual list of things that I don't want government officials to look up without formal good reason - political and labour union activity, and my love life, and interracial association in general - but then, being illegally in the U.S. is a lot more socially acceptable than in other countries.
...who finds the idea of 'voluntary' agreements between government and *anybody* rather creepy in itself? If they *really* need this information, they should insist on getting it. If they don't, they should mind their own business. I don't see any middle way between those possibilities.
Vague wording? Check.
A possibly even vaguer spectre to defend against? Check.
Promises not to abuse their awesome power? Check.
Exhortions to trust them, for they know best? Check.
Private company with long track record of violating privacy "voluntarily" sharing yet more data? Check.
They're ticking all the boxes, but somehow it's not making me more comfortable.
Everybody is a content creator. So, you have a server with 100% made up of crap gossip. How do you tell FB to go away ? Google ? Apple ? Microsoft ? robots.txt ? Seriously ?
The content has already been created, got crap and all that.
Creating not(crap) is something all content creators struggle with, but the issue is how do you stop propagation of existing crap.
"HR 3523 would impose no new obligations on us to share data with anyone – and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today,'"
So why do you need a new law if you're already doing it?
"They're not looking for some kid in the Dallas suburbs hacking into his school to change his grade,"
Not yet...