Law Enforcement Already Has A Way To Share 'Cybersecurity' Info With Companies; Why Do We Need CISPA?

from the this-makes-no-sense dept

The FBI has been information-sharing with private industry for over a decade without a bill like CISPA in place. In 1997, long-time FBI agent Dan Larkin helped set up a non-profit based in Pittsburgh that “functions as a conduit between private industry and law enforcement.” Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA’s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

The whole CISPA situation keeps looking more and more questionable. For months, we've been raising the question of why we needed such a law in the first place, because the evidence of any online threat that required such a law seemed hyperbolic at best, and perhaps naively anecdotal, at worst. However, there's another dimension to the "why" question. It's not just that the actual risk hasn't been quantified, it's not clear that the government and companies actuallya new law to share such security info in the first place. As we stated, the "right" way to do this would be to look at where the actual roadblocks are today in sharing such info. And there's some evidence that such roadblocks don't even exist.Kashmir Hill has a great post showing how the FBI and companies already share the kind of info that the bill's sponsors claim the bill is needed to allow In other words, if sharing info was important, we already had a perfectly functional model that's been in place for 15 years. This means, either that the Congressional authors and supporters of this bill wereor CISPA is really meant to sneak through something worse. Neither makes CISPA or its supporters look very good. I'm actually hoping that the truth is that they're just ignorant and passing laws on issues they don't understand, because the other choice is even more depressing.

Filed Under: cispa, cybersecurity, fbi, information sharing