It looks like the bill that we need to drive an ability to defend our organizations and country from the onslaught of attacks over the past 7 years is getting resistance in the Senate, as noted in an article on Huffington Post today. I have to say I'm disappointed in the reasons. I've seen a lot of articles talking about the "Fear, Uncertainty and Doubt" of CISPA but the fact remains it's just that, FUD. CISPA does NOT allow for the unfettered sharing of information between the government and corporations as Bill Brenner suggests in his CSO blog posting yesterday. Now I like Bill, a lot, but I completely disagree for a few main reasons.
1) I've worked in this space for many many years and there is no one more supportive or passionate about citizen's privacy than those I've worked side by side in the U.S. Government. Not only that but there are more lawyers in standard meetings than you can shake a stick at and their main focus is to ensure laws and privacy rights are not violated. Now I'm not saying we rest our laurels on that but this notion of "the wolves will come out" is just counter to my experience.
2) The bill is clear in it's statement for the sharing of information. It's not unfettered or for "any" reason. It's clear around a few main areas. Child protection, National Security, Criminal Actions, etc. Anything outside of these reasons would fall back to standard laws around the protection of privacy. Beyond this there is no allowance for a government entity to just come to my office and say "I'd like this" and we are legally protected. There needs to be a clear crime or other issue stated above AND my lawyers have to agree. It isn't forceable. Anyone who's worked in corporations and dealt with the legal team knows that they are the largest risk elimination team out there.
3) The notion that there is the government won't share information, doesn't have any information, etc is false. The main problem that exists today is that they can't share information. Primarily due to the fact that it's classified or limited to an active investigation. This bill goes a great way in clearing the path so that they CAN share that information. Without it the main areas of citizen compromises will continue.
There is more that I can and have said about this. Short point is that we need something passed to allow our companies and government to prevent the attacks that ARE, not could, exposing our citizens' private information to malicious individuals. The irony is huge, in my opinion, is that we are trying to protect citizens' privacy and it's the privacy discussion that's preventing the bill to be passed. It's been over seven years we've been dealing with this problem. It's time to act now!