I kind of hate those amendments (without having read them). I'm not really defending CISPA (I would like better security, but I generally distrust the government both for competence and for goals/morality/ethics).
1) NSA and USAF are specifically the only parts of the USG I want to have access to this data. I trust NSA and DOD way more than I trist FBI, DEA, etc. to not fuck me personally if my data is somehow included in a dump given to them for anti-terrorism purposes.
2) Useless bureaucrat. I don't believe in oversight of government by government; mandatory reporting requirements to the public, with independent watchdogs like EFF/ACLU, are the only thing which would really work for me.
3) Vague thing is vague.
4) I don't really want companies to have to do PII filtering; I'd rather they be able to dump bulk data if under attack, since J. Random big dumb company or non-security startup is in no position to do forensics, filter, etc.
It would have taken me 19 paragraphs to make the same points. I agree with all of them.
Ryan, your head seems to be screwed on properly, so what are the things you would like to see done to CISPA to make it commercially feasible to share bulk data when banks or ISPs come under sustained attack?
in reply to tptacek below (I think I'm still within the too-many-nested-replies thing)
I don't know if it's possible to limit CISPA, while keeping it useful, enough to keep civil libertarians happy. The best solution is probably to take a page from my much more seriously followed personal legislative issue: gun rights.
I'm actually in favor of universal licensing/background checks and such for firearms, if implemented correctly (not building a registry, using a technical solution to make it possible to trace ownership of a gun without enumerating all guns owned by a person, etc.)
But, the gun lobby/gun owners rightly fear any new regulations are just there to kick them down the slippery slope, so they dig in their heels and oppose everything.
The way around it, I think, is to have a good background check bill proposed which ALSO eliminates a bunch of ineffective existing regulations (allow import of 1968+ MGs, non-sporting-use weapons, no 922(r) parts count, sale of transferable new post 1986 MG under existing NFA rules, removal of SBS/SBR/suppressors from NFA, potentially CCW reciprocity). There's enough pro gun stuff in that to make up for the risk/fear of the new licensing regulation.
Maybe do the same thing with CISPA -- information sharing, but at the same time address the NSL issue, fix anti-circumvention in DMCA, potentially limit CALEA (I hate that it applies to anything but POTS telephony), etc. I'm not sure what specific concessions should be made, but the idea of trading some relaxing ineffective or bad existing law for new law seems like the best way forward.
1) NSA and USAF are specifically the only parts of the USG I want to have access to this data. I trust NSA and DOD way more than I trist FBI, DEA, etc. to not fuck me personally if my data is somehow included in a dump given to them for anti-terrorism purposes.
2) Useless bureaucrat. I don't believe in oversight of government by government; mandatory reporting requirements to the public, with independent watchdogs like EFF/ACLU, are the only thing which would really work for me.
3) Vague thing is vague.
4) I don't really want companies to have to do PII filtering; I'd rather they be able to dump bulk data if under attack, since J. Random big dumb company or non-security startup is in no position to do forensics, filter, etc.