House Resolution 3523, Cyber Intelligence Sharing and Protection Act Bill

by William on 25th Apr 12

clip_image002

The CISPA bill and its content posted abridgedly, and why it affects the citizen more than had the SOPA bill.

clip_image004

As posted on curiosidadesofworld.blogspot.pt

In the spirit of newspapers of record, Urban Times shall publish the current version of the United StatesCyber Intelligence Sharing and Protection Act, a piece of legislation similar to the lines of SOPA and PIPA, though with a fundamental difference—whereas SOPA, ACTA, and PIPA dealt with the shutting down of websites “infringing” on copyright, CISPA manages to entice, as opposed to alienate, companies and corporations by encouraging cooperation between intelligence organizations of the United States and the private information held by said corporations, thereby putting all culpability and infringement not upon internet corporations and websites, but upon their users, citizens of the world. Internet corporations are encouraged to share private user information with the United States federal government, in exchange for immunity from prosecution though liability—information shared, not through a forced hand via subpoena or court warrant, but by arbitrary decisions based on the management of said private corporation.

This means that there shall be no great protests directly from Facebook, or Google, against this legislation, for they are supporters of the bill. The bill is up for debate tomorrow, Thursday, April 26th, 2012, and for vote by Friday. It is past the eleventh hour, and many have missed the previous 66 bell tolls warning that once Internet companies are benefited by legislation, they will not care about you, the user. They are corporations. They don’t care about you. A corporation, as much as a person as it may be according to certain laws, has no feelings. It is up to you, the user, to fight back, and knowledge is the first step to understanding your enemy.

There is an idiom that goes, “read between the lines”. Government legislation and law interpretation are truly, truly the times where this idiom is not just good advice to live by, but a necessary thought process for your happiness, well being, and more dramatically, survival, in the face of deliberately misleading rhetoric and ambiguous terminologies.

The bill has been formatted to facilitate its reading.

Cyber Intelligence Sharing and Protection Act of 2012

http://www.gpo.gov/fdsys/pkg/BILLS-112hr3523rh/pdf/BILLS-112hr3523rh.pdf (link)

‘‘(a) INTELLIGENCE COMMUNITY SHARING OF CYBER THREAT INTELLIGENCE WITH PRIVATE SECTOR.—

‘‘(1) IN GENERAL.—The Director of National Intelligence shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and to encourage the sharing of such intelligence.

‘‘(2) SHARING AND USE OF CLASSIFIED INTELLIGENCE.—The procedures established under paragraph (1) shall provide that classified cyber threat intelligence may only be—
‘‘(A) shared by an element of the intelligence community with—
‘‘(i) certified entities; or
‘‘(ii) a person with an appropriate security clearance to receive such cyber threat intelligence;
‘‘(B) shared consistent with the need to protect the national security of the United States; and
‘‘(C) used by a certified entity in a manner which protects such cyber threat intelligence from unauthorized disclosure.

‘‘(3) SECURITY CLEARANCE APPROVALS.—The Director of National Intelligence shall issue guidelines providing that the head of an element of the intelligence community may, as the head of such element considers necessary to carry out this subsection—
‘‘(A) grant a security clearance on a temporary or permanent basis to an employee or officer of a certified entity;
‘‘(B) grant a security clearance on a temporary or permanent basis to a certified entity and approval to use appropriate facilities; and
‘‘(C) expedite the security clearance process for a person or entity as the head of such element considers necessary, consistent with the need to protect the national security of the United States.

‘‘(4) NO RIGHT OR BENEFIT.—The provision of information to a private-sector entity under this subsection shall not create a right or benefit to similar information by such entity or any other private-sector entity.

‘‘(b) PRIVATE SECTOR USE OF CYBERSECURITY SYSTEMS AND SHARING OF CYBER THREAT INFORMATION.—
‘‘(1) IN GENERAL.—
‘‘(A) CYBERSECURITY PROVIDERS.—Notwithstanding any other provision of law, a cybersecurity provider, with the express consent of a protected entity for which such cybersecurity provider is providing goods or services for cybersecurity purposes, may, for cybersecurity purposes—
‘‘(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such protected entity; and
‘‘(ii) share such cyber threat information with any other entity designated by such protected entity, including, if specifically designated, the Federal Government.
‘‘(B) SELF-PROTECTED ENTITIES.—Notwithstanding any other provision of law, a selfprotected entity may, for cybersecurity purposes—
‘‘(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such self protected entity; and
‘‘(ii) share such cyber threat information with any other entity, including the Federal Government.

‘‘(2) USE AND PROTECTION OF INFORMATION.—Cyber threat information shared in accordance with paragraph (1)—
‘‘(A) shall only be shared in accordance with any restrictions placed on the sharing of such information by the protected entity or self protected entity authorizing such sharing, including appropriate anonymization or minimization of such information;
‘‘(B) may not be used by an entity to gain an unfair competitive advantage to the detriment of the protected entity or the self-protected entity authorizing the sharing of information; and
‘‘(C) if shared with the Federal Government—
‘‘(i) shall be exempt from disclosure under section 552 of title 5, United States Code;
‘‘(ii) shall be considered proprietary information and shall not be disclosed to an entity outside of the Federal Government except as authorized by the entity sharing such information; and
‘‘(iii) shall not be used by the Federal Government for regulatory purposes.

‘‘(3) EXEMPTION FROM LIABILITY.—No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, selfprotected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith—
‘‘(A) for using cybersecurity systems or sharing information in accordance with this section; or
‘‘(B) for not acting on information obtained or shared in accordance with this section.

‘‘(4) RELATIONSHIP TO OTHER LAWS REQUIRING THE DISCLOSURE OF INFORMATION.—The submission of information under this subsection to the Federal Government shall not satisfy or affect any require ment under any other provision of law for a person or entity to provide information to the Federal Government.

‘‘(c) FEDERAL GOVERNMENT USE OF INFORMATION.—

‘‘(1) LIMITATION.—The Federal Government may use cyber threat information shared with the Federal Government in accordance with subsection (b) for any lawful purpose only if—
‘‘(A) the use of such information is not for a regulatory purpose; and
‘‘(B) at least one significant purpose of the use of such information is—
‘‘(i) a cybersecurity purpose; or
‘‘(ii) the protection of the national security of the United States.
‘‘(2) AFFIRMATIVE SEARCH RESTRICTION.—The Federal Government may not affirmatively search cyber threat information shared with the Federal Government under subsection (b) for a purpose other than a purpose referred to in paragraph (1)(B).

‘‘(3) ANTI-TASKING RESTRICTION.—Nothing in this section shall be construed to permit the Federal Government to—
‘‘(A) require a private-sector entity to share information with the Federal Government; or
‘‘(B) condition the sharing of cyber threat intelligence with a private-sector entity on the provision of cyber threat information to the Federal Government.

‘‘(d) REPORT ON INFORMATION SHARING.—
‘‘(1) REPORT.—The Inspector General of the Intelligence Community shall annually submit to the congressional intelligence committees a report containing a review of the use of information shared with the Federal Government under this section, including—
‘‘(A) a review of the use by the Federal Government of such information for a purpose other than a cybersecurity purpose;
‘‘(B) a review of the type of information shared with the Federal Government under this section;
‘‘(C) a review of the actions taken by the Federal Government based on such information;
‘‘(D) appropriate metrics to determine the impact of the sharing of such information with the Federal Government on privacy and civil liberties, if any; and
‘‘(E) any recommendations of the Inspector General for improvements or modifications to the authorities under this section.

‘‘(2) FORM.—Each report required under paragraph (1) shall be submitted in unclassified form, but may include a classified annex.
‘‘(e) FEDERAL PREEMPTION.—This section supersedes any statute of a State or political subdivision of a State that restricts or otherwise expressly regulates an activity authorized under subsection (b).
‘‘(f) SAVINGS CLAUSE.—Nothing in this section shall be construed to limit any other authority to use a cybersecurity system or to identify, obtain, or share cyber threat intelligence or cyber threat information.
‘‘(g) DEFINITIONS.—In this section:

‘‘(1) CERTIFIED ENTITY.—The term ‘certified entity’ means a protected entity, self-protected entity, or cybersecurity provider that—
‘‘(A) possesses or is eligible to obtain a security clearance, as determined by the Director of National Intelligence; and
‘‘(B) is able to demonstrate to the Director of National Intelligence that such provider or such entity can appropriately protect classified cyber threat intelligence.

‘‘(2) CYBER THREAT INFORMATION.—The term ‘cyber threat information’ means information directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from—
‘‘(A) efforts to degrade, disrupt, or destroy such system or network; or
‘‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

‘‘(3) CYBER THREAT INTELLIGENCE.—The term ‘cyber threat intelligence’ means information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from—
‘‘(A) efforts to degrade, disrupt, or destroy such system or network; or
‘‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

‘‘(4) CYBERSECURITY PROVIDER.—The term ‘cybersecurity provider’ means a non-governmental entity that provides goods or services intended to be used for cybersecurity purposes.

‘‘(5) CYBERSECURITY PURPOSE.—The term ‘cybersecurity purpose’ means the purpose of ensuring the integrity, confidentiality, or availability of, or safeguarding, a system or network, including protecting a system or network from—
‘‘(A) efforts to degrade, disrupt, or destroy such system or network; or
‘‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

‘‘(6) CYBERSECURITY SYSTEM.—The term ‘cybersecurity system’ means a system designed or employed to ensure the integrity, confidentiality, or availability of, or safeguard, a system or network, including protecting a system or network from—
‘‘(A) efforts to degrade, disrupt, or destroy such system or network; or
‘‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

‘‘(7) PROTECTED ENTITY.—The term ‘protected entity’ means an entity, other than an individual, that contracts with a cybersecurity provider for goods or services to be used for cybersecurity purposes.
‘‘(8) SELF-PROTECTED ENTITY.—The term ‘self-protected entity’ means an entity, other than an individual, that provides goods or services for cybersecurity purposes to itself.’’.

It is ironically appropriate that the end of the bill’s main content is the definition of “self-protected entity”, a definition that when defined includes ANY entity other than an individual. It is important to encourage persons and citizens of democratic nations to read their laws and the legislation that affects them. Undoubtedly for some, this may be the first text of legislation they have ever read their entire lives, and it is important that they begin reading such texts. Do not let government spokesmen, or political and social commentators, though the screen or through text, tell you what is going to affect you, and how its going to affect you: You have a responsibility as a citizen to know what is going to affect you and your life, and of the lives that shall come after you. Internet Censorship.

It’s a democracy, after all.

Read more:

http://www.theurbn.com/2012/04/house-resolution-3523-cyber-intelligence-sharing-and-protection-act-bill/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s