Hr 3523 (cispa)

Status
Not open for further replies.

Rail Driver

Member
Joined
Apr 16, 2010
Messages
2,525
Location
Quincy, FL
While this isn't directly related to RKBA, this has the very real potential to destroy THR, the Internet as a whole, and our right to privacy as we know it, while protecting those who would violate our privacy from litigation. The wording is so vague as to give unspecified entities (both Government and Private) the "legal" right to invade our privacy.

It hasn't received any mainstream media attention, and even such internet giants as Google, Facebook, and others are actually supporting this bill.

It goes to vote in the House on Monday, April 23. That's just a few days away.

Please read the bill (link to full text to follow) and call, write or email your representatives as soon as possible to tell them that We The People do NOT want this.

If this bill is signed into law, we may very well be forced to learn firsthand what the 2nd Amendment is really for.

Yesterday was the 236th anniversary of the beginning of the Revolutionary war. If we allow this bill to be passed and signed into law, all of our American Soldiers for the past two centuries who have fought, bled and died for our freedom will have died in vain.

There is a "twitter bomb" planned to go on from Midnight this morning until Sunday night, so if you're registered on Twitter, please join us in "tweeting" our outrage and displeasure to our representatives.

http://www.govtrack.us/congress/bills/112/hr3523/text
 
Planning?

Two things:

1) Could you excerpt or summarize the bill to provide some foundation for this statement:
If this bill is signed into law, we may very well be forced to learn firsthand what the 2nd Amendment is really for.

Yesterday was the 236th anniversary of the beginning of the Revolutionary war. If we allow this bill to be passed and signed into law, all of our American Soldiers for the past two centuries who have fought, bled and died for our freedom will have died in vain.


2) Do you have any further plan of action for this?


If the bill is an imminent threat to 1st or 4th Amendment protections or some other civil right on which the foundation of THR rests, then activism against the bill is appropriate and worthy of our support.

You caught me as I was checking out for the night, as I have to be up at 5:00 am.

I'll look in on this thread tomorrow and see if it stays or goes.

 
Exerpt from HR 3523

I've posted here an exerpt from the bill showing some of the more frightening portions of the bill such as the exemption from liability and definitions of the terms, as well as illustrating the vague wording of the bill. Ellipses (...) show where I've snipped, and bold text is mine.

HR 3523 said:
To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.

"Other Purposes" is not defined or addressed in the bill. This is a HUGE hole.

‘(1) IN GENERAL-

‘(A) CYBERSECURITY PROVIDERS- Notwithstanding any other provision of law, a cybersecurity provider, with the express consent of a protected entity for which such cybersecurity provider is providing goods or services for cybersecurity purposes, may, for cybersecurity purposes--

‘(i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such protected entity; and

‘(ii) share such cyber threat information with any other entity designated by such protected entity, including, if specifically designated, the Federal Government.

‘(B) SELF-PROTECTED ENTITIES- Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes--

Same as (i) and (ii) above

If this is signed into law, it empowers any company to "use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property" of the company. "Notwithstanding any other provision of law" is the operative term in this and other subsections of the bill - Essentially it allows entities to ignore individuals' right to privacy in everything from email and private online storage to search queries and remotely stored photos, ignoring any relevant privacy protection laws in effect. This means that companies providing cybersecurity services to other companies, or companies utilizing cybersecurity to protect their own systems - can use those cybersecurity systems to mine the data passing through or stored by their system - This means internet providers and/or website operators and hosts monitoring your email, monitoring website or forum posts, even medical records and so on, ad infinitum.

...

‘(3) EXEMPTION FROM LIABILITY- No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith--

‘(A) for using cybersecurity systems or sharing information in accordance with this section; or

‘(B) for not acting on information obtained or shared in accordance with this section.

This section is obvious in its intent: to protect those who would inspect and share our data from criminal or civil litigation. It allows the sharing of private information WITHOUT JUDICIAL OVERSIGHT OR WARRANT. It amounts to a violation of the 4th Amendment right to protection from unreasonable search or seizure.

‘(4) RELATIONSHIP TO OTHER LAWS REQUIRING THE DISCLOSURE OF INFORMATION- The submission of information under this subsection to the Federal Government shall not satisfy or affect any requirement under any other provision of law for a person or entity to provide information to the Federal Government.

This section further isolates information from protections under any other provision of law.

‘(c) Federal Government Use of Information-

‘(1) LIMITATION- The Federal Government may use cyber threat information shared with the Federal Government in accordance with subsection (b) for any lawful purpose only if--

‘(A) the use of such information is not for a regulatory purpose; and

‘(B) at least one significant purpose of the use of such information is--

‘(i) a cybersecurity purpose; or

‘(ii) the protection of the national security of the United States.

...

‘(g) Definitions- In this section:

‘(1) CERTIFIED ENTITY- The term ‘certified entity’ means a protected entity, self-protected entity, or cybersecurity provider that--

‘(A) possesses or is eligible to obtain a security clearance, as determined by the Director of National Intelligence; and

‘(B) is able to demonstrate to the Director of National Intelligence that such provider or such entity can appropriately protect classified cyber threat intelligence.

‘(2) CYBER THREAT INFORMATION- The term ‘cyber threat information’ means information directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from--

‘(A) efforts to degrade, disrupt, or destroy such system or network; or

‘(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.

‘(3) CYBER THREAT INTELLIGENCE- The term ‘cyber threat intelligence’ means information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from--

(same as (A) and (B) above)

‘(4) CYBERSECURITY PROVIDER- The term ‘cybersecurity provider’ means a non-governmental entity that provides goods or services intended to be used for cybersecurity purposes.

‘(5) CYBERSECURITY PURPOSE- The term ‘cybersecurity purpose’ means the purpose of ensuring the integrity, confidentiality, or availability of, or safeguarding, a system or network, including protecting a system or network from--

(same as (A) and (B) above)

‘(6) CYBERSECURITY SYSTEM- The term ‘cybersecurity system’ means a system designed or employed to ensure the integrity, confidentiality, or availability of, or safeguard, a system or network, including protecting a system or network from--

(same as (A) and (B) above)

‘(7) PROTECTED ENTITY- The term ‘protected entity’ means an entity, other than an individual, that contracts with a cybersecurity provider for goods or services to be used for cybersecurity purposes.

‘(8) SELF-PROTECTED ENTITY- The term ‘self-protected entity’ means an entity, other than an individual, that provides goods or services for cybersecurity purposes to itself.’.

One of the most frightening portion of this bill are the definitions. As you can plainly see, the definitions outlined in this bill are so vague and broad in scope that nearly anything could be meant or implied by the definitions. These definitions show that the bill seeks to subvert our right to privacy under the guise of protecting our private information from being stolen and/or misused by inspecting that private information to find out if it's been stolen or misused.

HR 3523 said:
‘(C) if shared with the Federal Government--

‘(i) shall be exempt from disclosure under section 552 of title 5, United States Code;

‘(ii) shall be considered proprietary information and shall not be disclosed to an entity outside of the Federal Government except as authorized by the entity sharing such information; and

‘(iii) shall not be used by the Federal Government for regulatory purposes.

Finally, information shared with the Federal Government is classified. We will not be told what information is shared, we will not be told if information is shared at all, and we will not be told how information will be used (though we'll obviously find out if that information is used against us). The bill would also permit the sharing of private information with other companies at the investigating company's discretion like a bunch of old ladies gossiping about what their neighbors do in their fenced in backyards over a game of bridge.
 
Last edited:
In violating our 4th Amendment right to protection from unreasonable search and seizure, this bill will severely stifle our 1st Amendment rights to free speech and assembly (or possibly just free speech... I'm unsure whether online communication can be considered assembly as used in the 1st Amendment or not).

As far as a plan for further action, I intend to open a thread in the subforum to discuss the proper methods of dealing with this legislation pending the House vote on Monday. Right now, I suggest participating in the "Tweet Bomb" by registering for a Twitter account and "tweeting" your State Representatives in regards to this issue, as well as emailing them and contacting their offices both in your state and in Washington D.C. by telephone to leave messages or ideally, speak directly to those representatives voicing your concerns about this bill. I would also like to enlist the help of a printing company or companies willing to donate fliers printed with information about this bill, and people willing to help me initiate a campaign to pass out fliers in order to spread the word in our communities about this horrendous legislation. I am already engaged in spreading the word via social networking sites and email campaigns, and I urge everyone to do the same.

A government that seeks to root out unspecified threats by rifling through our collective underwear drawers is no different than a prison warden "tossing cells" for contraband. This bill intends to transform our nation of Freedom, Liberty, and Individual Rights for all citizens into a police state where its subjects fear to speak out against the tyranny they are being subjected to.
 
Last edited:
Status
Not open for further replies.
Back
Top