Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Privacy Security The Internet IT

Who Needs CISPA? FBI Has a Non-Profit Workaround 79

nonprofiteer writes "What has been left out of the CISPA debate thus far is the FBI's long time workaround for information sharing with private industry: 'In 1997, long-time FBI agent Dan Larkin helped set up a non-profit based in Pittsburgh that "functions as a conduit between private industry and law enforcement." Its industry members, which include banks, ISPs, telcos, credit card companies, pharmaceutical companies, and others can hand over cyberthreat information to the non-profit, called the National Cyber Forensics and Training Alliance (NCFTA), which has a legal agreement with the government that allows it to then hand over info to the FBI. Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTA's office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.'"
This discussion has been archived. No new comments can be posted.

Who Needs CISPA? FBI Has a Non-Profit Workaround

Comments Filter:
  • In other words, (Score:5, Insightful)

    by fredrated ( 639554 ) on Friday April 27, 2012 @12:05PM (#39822993) Journal

    who needs laws in a country ruled by money?

    • by Anonymous Coward

      I love to hear people complain about how corrupt and hopeless government is. And then do nothing about it.

      Sure, you can't get your politicians to fix it for you because they are the problem.

      So why aren't more people working on getting rid of the politicians [metagovernment.org]. It is a long and difficult road, but... what precisely is the alternative?

      • by PPH ( 736903 )
        This is Slashdot. So the obvious choice is: complain.
      • by TheLink ( 130905 )

        So why aren't more people working on getting rid of the politicians

        They need to vote to do that[1].

        However given that >90% of those who actually vote, vote for one of the Two Parties, go figure. The people are voting for what they want. If the people actually want something different they should vote accordingly. Just because you think what the people want is stupid doesn't mean your vote should be worth more than theirs. You should educate and convince them to vote differently.

        [1] And if you think people should use bullets instead, you'd just end up with a Dictatorship

        • Voting for third party at the Legislature, governor, and Congressional level is appropriate. We have established history where third parties have won seats in all these positions.

          • by Anonymous Coward

            I see you are continuing to confuse "it is worth it to vote 3rd party" with "this 3rd party guy has a chance of winning".

            Thank you for continuing to be a part of the problem.

        • However given that >90% of those who actually vote, vote for one of the Two Parties, go figure.

          I get what you're saying, and you're absolutely right, but I'll tell you something, I voted my conscience twice, in both 2000 and 2004, and we ended up with that fucking asshole Bush both times. You'll have to forgive the proles if they're reticent to keep bashing their heads against the wall and "voting their conscience". I've argued and debated and circulated petitions and fact-checked and provided evidence until I've been blue in the face and it doesn't fucking make a difference, not because people are

          • by TheLink ( 130905 )
            As long as the elections aren't being diebolded, the voters voted for those people, and so the voters should get what they voted for, however bad it is. That's what democracy is about - the majority getting what they deserve rather than worse (or extremely rarely- better) than what they deserve.

            Using nonpeaceful ways of solving the problem is likely to give you a worse problem as I have already mentioned.

            Revolution is unnecessary in a democracy if the voters do their duty responsibly. Because in a democracy
            • As long as the elections aren't being diebolded, the voters voted for those people, and so the voters should get what they voted for, however bad it is. That's what democracy is about - the majority getting what they deserve rather than worse (or extremely rarely- better) than what they deserve.

              The problem I see is voters are poorly educated and do not take their responsibilities seriously - and just take the time to inform themselves once every few years.

              Poor voter education is completely intentional on the part of the people currently in power (the democrat/republican/corporate oligarchy). Ignorant people are easier to manipulate and it's easier to keep them ignorant if you make the subject matter as esoteric, opaque, and generally inaccessible as possible. You don't need to make laws in secret if you make the proceedings so boring that nobody can tolerate watching them.

              Maybe we need to take the robot chicken idea and combine c-span with x-games.

      • I love to hear people complain about how corrupt and hopeless government is. And then do nothing about it.

        Doing nothing is consistent with beliving that it is hopeless.

        Sure, you can't get your politicians to fix it for you because they are the problem.

        The single most effective thing the average individual could do about that is to get their children out of the public schools. Large numbers of people not doing this is the origin of the environment in which the politicians we known today are the most successful. We have a majority of people who care more about whether Zimmerman is a racial minority than about whether the nation is going to financially collapse. And we have a system of schooli

        • by hoggoth ( 414195 )

          > get their children out of the public schools
          Done.
          What's step 2?

        • Yeah, I mean, just look at how crappy everything is in Europe. A democratic disaster. Obviously public schooling is the root of all evil.
          • Yeah, I mean, just look at how crappy everything is in Europe. A democratic disaster. Obviously public schooling is the root of all evil.

            Hehe that's so cute, the way you can write a one-liner dismissing something in a nice smug way instead of informing yourself [cantrip.org] about it [johntaylorgatto.com]. All of that is just too much work! Besides, it makes you feel good about yourself like that other guy must just be such an idiot! I mean, actually putting forth a viewpoint and trying to contribute, what was he thinking?! 'Course, you know that's the only way a lot of people ever feel "good" about anything.

            • Take your kids out of school if you want, but don't get rid of free public schools. After all, would you rather have "improperly" educated poor people, or poor people with no formal education whatsoever?

              When you think about your taxes spent on public school, don't think "I'm paying to teach someone else's kid", instead think "I'm helping to prevent illiteracy and ignorance". Unless, ofcourse, an uneducated proletariat is your personal goal.

      • by Desler ( 1608317 )

        Because a different set of politicians will make any difference? That they are somehow magically incorruptable?

      • by sjames ( 1099 )

        Do you have any idea how hard it is to find a fumigation tent big enough to cover all of D.C.?

    • Re:In other words, (Score:5, Interesting)

      by causality ( 777677 ) on Friday April 27, 2012 @12:24PM (#39823295)

      who needs laws in a country ruled by money?

      The film Network summed it up nicely. The protagonist, Howard Beale, meets with a tycoon named Jesson. Among other things, Jesson says to him:

      "YOU HAVE MEDDLED WITH THE PRIMAL FORCES OF NATURE, MR. BEALE, AND I WON'T HAVE IT! Is that clear?! You think you merely stopped a business deal? That is not the case! The Arabs have taken billions of dollars out of this country and now they must put it back! It is ebb and flow, tidal gravity, it is ecological balance!

      "You are an old man who thinks in terms of nations and peoples. There are no nations! There are no peoples! There are no Russians, there are no Arabs, there are no Third Worlds, there is no West! There is only one holistic system of systems, one vast and immane, interwoven, interacting, multivariate, multinational dominion of dollars. Petro-dollars, electro-dollars, multi-dollars, reichmarks, rins, rubles, pounds, and shekels. It is the international system of currency which determines the totality of life on this planet. That is the natural order of things today. That is the atomic and subatomic and galactic structure of things today! And YOU have meddled with the primal forces of nature, and YOU... WILL... ATONE! Am I getting through to you, Mr. Beale?

      "You get up on your little twenty-one inch screen and howl about America and democracy. There is no America. There is no democracy. There is only IBM, and ITT, and AT&T, and DuPont, Dow, Union Carbide, and Exxon. Those are the nations of the world today.

      "What do you think the Russians talk about in their councils of state? Karl Marx? They get out their linear programming charts, statistical decision theories, minimax solutions, and compute the price-cost probabilities of their transactions and investments, just like we do. We no longer live in a world of nations and ideologies, Mr. Beale. The world is a college of corporations, inexorably determined by the immutable bylaws of business. The world is a business, Mr. Beale. It has been since man crawled out of the slime.

      "And our children will live, Mr. Beale, to see that... perfect world... in which there's no war or famine, oppression or brutality. One vast and ecumenical holding company, for whom all men will work to serve a common profit, in which all men will hold a share of stock. All necessities provided, all anxieties tranquilized, all boredom amused. And I have chosen you, Mr. Beale, to preach this evangel."


      That's how they think. They don't see the dehumanization.

      • Re:In other words, (Score:4, Insightful)

        by girlintraining ( 1395911 ) on Friday April 27, 2012 @01:01PM (#39823829)

        That's how they think. They don't see the dehumanization.

        No, they see it, they just rationalize it;
        They're just lazy! If they really wanted a job, they'd have one.
        Poor people want to be poor.
        They're oppressing themselves.
        I am successful because of my ________, not because of luck.
        Some are born to lead, the rest follow.
        ...

        The rich overwhelmingly rationalize their behavior with the belief in a natural moral order. Survival of the fittest, predators verus prey, white versus black, strong versus weak. They view their every achievement through the lens of that belief, and inevitably conclude they have the fortune they do because they deserve it because of intrinsic qualities which have them at the top of the natural moral order. This thinking has strong parallels with monarchies and the concept of divine rule. It is also why the rich are overwhelmingly conservative in nature; If the difference between liberalism and conservativism was boiled down to a single ideological statement, it would be that "conservatives believe in a natural moral order, with some humans being inherently superior to others, and liberals believe in a peer to peer relational model, where individual achievement is the result of good teamwork."

        If you have something others want, it's only natural as a defense mechanism to loudly proclaim you deserve it and shouldn't have to share; Whereas if you are one of the people that wants something you don't have, it's just as natural to proclaim others have to share. That's the curveball; This isn't liberal or conservative thinking, but whenever one is confronted by the other, the argument usually is an exchange of these two statements. So be careful when you hear statements similar to this, or pronunciations of "fairness" or "equality" -- they could be based on self-interest, not ideology.

        In the end, neither group's ideology leads to its stated objective; Too much of either leads to societal collapse; With a strict social hierarchy, capitalism fails because workers cannot move into positions where their skills and abilities are most optimal; People who do not possess natural leadership ability would be leading, and people who did wouldn't; The net result is gross inefficiency. The reverse is also true; Large-scale democracy has never been possible in any context... it begins to break down with as little as a few thousand people, and consensus (majority vote) can take so long that the window of opportunity passes before action can be taken.

        I would like to think that anyone who takes the time to critically consider these two ideologies, as well as the problem of wealth inequity, would come to realize that our system, as corrupt and inefficient as it is, is mostly the correct one. I say mostly because it has become too top-heavy; There will (and must) be a stratification of wealth -- there will always be poor people, and will always be rich people, however the majority of the wealth in the system should be concentrated in the middle. For as many millionares as are generated in a year, the number of people who are economically destitute should be the same; It should ideally resemble a bell curve, and with the GDP in this country, the median income is about $42,000 right now -- that's what most people should be making as well.

        The system has become unbalanced; And it actually has nothing to do with ideologies, but instead is the result of investment. Compound interest is what has caused the problem -- and the solution is to prevent cash from becoming stagnant. There should be a limit to the amount of unsed assets a person (or organization) can possess; Companies and individuals shouldn't have billions in cash reserves sitting there, doing nothing. For an economy to grow -- and for wealth inequity to cease, money needs to change hands. There needs to be an increase in trade. It's macroeconomics 101, but sadly, it's been "overlooked" by certain social elements to the detriment of us all. That is the real culprit in our economy.

        • No, they see it, they just rationalize it

          Don't confuse the means with the result.

          Rationalization is the primary (but not the only) means by which they avoid seeing it. It cushions the full horror, brings it back down to being within the realm of denial. It avoids nasty questions like what responsibility one bears for participating.

          You wonder how people can do such stupid things, make such bad decisions, embrace and defend things which are so contrary to their interests? It is not because they don't see what is in front of them. It is bec

          • I say this rarely on slashdot, so if you are reading it, be proud. I agree completely with everything you just said. I'm not sure what other mechanisms exist besides rationalization, however; It is an umbrella term that describes any thinking process that normalizes something 'wrong' into something 'acceptable'. You go into more detail in your post about a couple thought patterns, but I don't see how it departs from the umbrella of rationalizations.
            • I say this rarely on slashdot, so if you are reading it, be proud. I agree completely with everything you just said. I'm not sure what other mechanisms exist besides rationalization, however; It is an umbrella term that describes any thinking process that normalizes something 'wrong' into something 'acceptable'. You go into more detail in your post about a couple thought patterns, but I don't see how it departs from the umbrella of rationalizations.

              I appreciate the compliment. Not the rarity, or lack thereof, but the fact that you will not compromise your criteria for what you will and won't accept as true. That's what I would expect from a real person who cares about the Truth. That is refreshing to me anywhere I encounter it. It never gets old. It is novel each time.

              We're in danger of quibbling at this point, because my answer to you is not really intended to contradict you. It is possible for you and I to have different opinions on precise

              • If you want a prototype, imagine the irresponsible woman who has lots of sex, uses no birth control, gets knocked up, has a bunch of children she cannot afford, and then complains that poverty sucks.

                You just described my ex, perfectly. Naturally, she blamed me and told everyone it was my fault for months after. I'm not entirely sure how I was responsible for getting her pregnant, since that would require a magic, detachable, invisible, asexual, teleporting penis... but you know, pick and choose your battles. :)

      • One vast and ecumenical holding company, for whom all men will work to serve a common profit, in which all men will hold a share of stock.

        In the end, that basically describes worldwide communism.

      • This is one of my favourite movies. Do you have an e-copy of the script?

  • Isn't this pretty obvious? I'm sure if you went into the Address Book of any CIO, they would have the cell phone and e-mail for the other CIOs. And it proves that CISPA is worthless, a waste of time, a distraction, and I want a refund of the salaries of elected officials wasting their time on this bill.
  • Not news (Score:5, Insightful)

    by girlintraining ( 1395911 ) on Friday April 27, 2012 @12:06PM (#39823009)

    Private organizations and citizens can collect evidence that the police cannot due to legal restrictions. This is not news. However, sharing with a non-profit can still violate contractual agreements; This is what CISPA aims to kill, along with the notion that companies can refuse until a warrant is served. By removing all risk, law enforcement can just look at a company and say "Gee, that's a really nice data center you have there. A shame it would be if we had to search it for drugs..." And viola, instant and total compliance -- company lawyers can no longer say there's a liability, so even the slightest coerceion makes surrendering the data the right business move.

    • This is what the government (DHS) will use to acquire your online tax return. Your websurf history. Your down and uploads. And then prosecute you if you did something naughty (like look at a naked girl who's APPEARS to be under 18, or shared a movie via torrent).

      • As if any government agency exists that is so efficient it could look at every citizen's web surfing history and make those assessments with any degree of accuracy. Collecting a boatload of information has become easy. Filtering that information into useful and useless is the real trick- especially with the signal-to-noise ration being much higher. The government could try to monitor every citizen, but for real surveillance they would need closer to a 1:1 ratio of monitoring agents to citizens. So basically
        • Why would you need a bunch of employees sifting through the data? That's what data mining algorithms are for. And, in case you get the oddball thought that it has to be accurate or bust, just take a look at our no-fly list.
        • by lpt1 ( 46613 )

          Bleah. The government doesn't need to watch everybody, they just need to publicly prosecute a few.

          Reference: Chilling Effect

    • by Jawnn ( 445279 )

      Private organizations and citizens can collect evidence that the police cannot due to legal restrictions. This is not news. However, sharing with a non-profit can still violate contractual agreements; This is what CISPA aims to kill, along with the notion that companies can refuse until a warrant is served. By removing all risk, law enforcement can just look at a company and say "Gee, that's a really nice data center you have there. A shame it would be if we had to search it for drugs..." And viola, instant and total compliance -- company lawyers can no longer say there's a liability, so even the slightest coerceion makes surrendering the data the right business move.

      Well, yeah. Sure, but what's this all got to do with a small stringed musical instrument, which is usually played with a bow?

  • I am afraid that we have moles in our company, Consolidated Blacksheep LLC, that are feeding infornation on our illegal activities in bid-rigging, international bribery for market position, political fixing, governmental espionage, and all around dirty deeds done dirt cheap. This information, in the right hands, could have a material effect on our profitability. Can you check to see if there is indeed such activity going on? Mr. Cayman Islands, heh, would like to meet with you.

    signed,

    CEO

  • by ShiftyOne ( 1594705 ) on Friday April 27, 2012 @12:12PM (#39823119)
    Interesting to think about whether the Fourth Amendment applies here. The Fourth Amendment only protects us from government action. This non-profit would be considered a private person, whom are only covered when they are acting in their capacity as an agent of the government. This is determined by the level of government involvement in the situation and the totality of the circumstances. I'm not a lawyer, but based on the facts here it seems like this non-profit would be considered an agent of the government, and therefore you may not be able to sue them for money damages, but the material they collect probably cannot be used as evidence in a crime.
    • Civil cases either (Score:4, Interesting)

      by PPH ( 736903 ) on Friday April 27, 2012 @12:19PM (#39823225)

      and therefore you may not be able to sue them for money damages,

      And since they are a non-profit, there's probably nothing you can sue them for in a civil case either. They'll just declare bankruptcy and open under a different name.

      And you can't sue the private entities behind NCFTA, because that communication is protected as free speech.

    • If a private company is working for the government (agent of government) then they are covered by the same laws as the government. If it's illegal to give the government a piece of information then it's illegal to give that info to a company who's job is giving that info to the government. If a non profit is knowingly breaking the law then the board of directors are personally liable.
    • by gl4ss ( 559668 )

      ..the whole nonprofit was setup to circumvent law.

      and to give a nice job for a few people, nonprofit doesn't mean no-employees.

      so while the fbi already has a solution for cispa.. which isn't maybe really news.. a comment above explains the shitfest quite nicely "who needs laws in a country ruled by money?". indeed, why bother with new laws if the companies and government agencies already circumvent the old laws when it suits them.

  • by crazyjj ( 2598719 ) * on Friday April 27, 2012 @12:13PM (#39823129)

    There has been a crazy boom [washingtonpost.com] in contracting out U.S. intelligence work in the last ten years. And hey, they even contract out [wikipedia.org] their torturing to other countries. So why not contract out their rape of the 4th Amendment too?

  • by Anonymous Coward

    First off .... If you're claiming to be a professional service, make sure your formatting is correct in EVERY BROWSER! (I hate that)

    Now, I'm really trying to find out legally how they can do this, since they claim to be getting 'network data', and not 'personally identifiable information' from private industry, and being the conduit of that to Agecies of interest.

    Non-profit? It started in 1997. Ok. Do a full IRS audit on every member from that point forward to confirm said 'Non-profit' status. Anyone want t

    • by Bengie ( 1121981 )
      " make sure your formatting is correct in EVERY BROWSER" Code to the standard, not the browser. Well, that's the ideal anyway.
  • Wow ... (Score:5, Informative)

    by gstoddart ( 321705 ) on Friday April 27, 2012 @12:37PM (#39823463) Homepage

    So they're going to exploit a legal loophole to violate the intent of the law.

    This is truly a sad thing to hear. Hopefully a court will rule that this is expressly illegal and revokes the charitable status -- this is just doing an end-run around the law.

    Brilliant, we'll set up a charity which can be used to facilitate giving data to the FBI they'd otherwise be legally prevented from having.

    Very sad. How do those freedom fries taste, guys?

    • exploit a legal loophole

      Hopefully a court will rule that this is expressly illegal

      No - the court should rule on what the law states, not what somebody thinks the intent is. Hopefully the lawmakers will make this explicitly illegal.

    • Re:Wow ... (Score:4, Interesting)

      by hellkyng ( 1920978 ) on Friday April 27, 2012 @01:17PM (#39824095)

      This is an absurd characterization of the NCFTA and the work they do. As someone who's worked with the NCFTA and actively opposed CISPA, SOPA etc I can say for certain they do very different work. NCFTA facilitates a common sense exchange of "personal" data in order to better combat fraud across the board. The NCFTA is a great organization and does very good work preventing internet based crime.

      For a good example do a little reading on Dark Market and the take down the occurred there. Throwing the NCFTA and CISPA/SOPA into the same container is completely ignorant end poor journalism imo.

      • This is an absurd characterization of the NCFTA and the work they do.

        Well, then, by all means, if you have any actual facts, go ahead and share.

        So far, you're a random person on the internet claiming something with nothing to back it up.

        Conveniently, the FBI has a unit, the Cyber Initiative and Resource Fusion Unit, stationed in the NCFTAâ(TM)s office. Companies can share information with the 501(c)6 non-profit that they would be wary of (or prohibited from) sharing directly with the FBI.

        So if someone

        • Since you were too lazy to comprehend what I wrote, or google what I wrote here is a decent summary of some good work:

          http://en.wikipedia.org/wiki/DarkMarket [wikipedia.org]

          Here is an example for you as well regarding the sharing of information. If I am a bank and I have a bunch of customers with stolen credit cards, already compromised and being used for fraud. I can't legally provide those to the FBI for both legal and regulatory reasons. The customers are already taking losses, as a bank I am taking losses, and the bad

          • So the regulations that do not allow sharing of data with the FBI, somehow magically allow the same data to be shared with NCFTA? I somehow doubt that. Even if they do, the banks can have the regulations changed instead of resorting to workarounds.

          • Since you were too lazy to comprehend what I wrote, or google what I wrote here is a decent summary of some good work:

            It's not my job to research your assertions. You made 'em, you back 'em up.

            CISPA is terrible legislation as far as I am concerned, but don't shit on a legitimate and valuable organization because you don't understand it. Sacrificing mod points, because this is an organization that helps more than it hurts.

            You've still failed to say in what way you believe a non-profit conduit somehow absolv

      • Almost everybody believes that what they're doing is a good thing. Everyone wants to think that the work they're doing is beneficial in some way. I'd say you likely aren't in a position to objectively assess the work that the NCFTA does.

        --Jeremy

  • Smell the Freedom (tm)?
    .
    .
    .
    Nope, me neither.
    If FedGov was honest (HA!), they'd just drop the pretense of all their lofty oaths. "Protect and defend the Constitution, yadda-yadda, rutabaga, rutabaga, rutabaga...."
  • by mounthood ( 993037 ) on Friday April 27, 2012 @01:04PM (#39823871)

    This FBI/Private Non-Profit is no more legal then what the NSA has been doing, and its why they want to pass CISPA: it legalizes warrantless wiretapping.

    Now that it's undeniable the government hasn't been obeying it's own laws for a decade, they have to either make it legal or face political consequences. Political consequences because, while people don't really care, they can no longer deny it, and they can't ignore it forever. A decade of massively illegal activity (unconstitutional!) must eventually be acknowledged and condemned by the average person.

    It's like the US Internment camps for Japanese citizens [wikipedia.org] during WWII -- the government gets a decade long 'free pass' to do whatever, then we either make it legal or fix it.

    • The non-profit is nothing more than a virtual condom. And we all know that rape while using a condom is still rape.
  • From TFA:

    As part of a non-profit, Plesko could not comment specifically on CISPA, which would, as currently drafted, allow companies to share much richer and more individualized data directly with the government. “We get network data,” says Plesko. “Not PII (personally identifiable information).”

    That means the NCFTA can pass along information, for example, about suspicious servers or IP addresses and content from spear-phishing emails that companies are seeing in their networks, but

  • http://www.bloomberg.com/news/2012-04-26/wall-street-tracks-wolves-as-may-1-protests-loom.html [bloomberg.com] This post reminds me of this article. The banks are doing the investigations and identifying people who they feel may be a threat and passing the information on to police. I guess it's totally legal for them to do this, but if you were arrested for a crime, would your conviction be based on evidence gathered by police or by the "firms"?
  • We do the same thing at work, we hand off information of users whose files match md5 sums of known child porn to a non-profit that works with law enforcement. People don't realize anytime you use a cloud service provider, good change those files are scanned not just for viruses but for illicit content.

    Does your phone auto-backup its content?

  • Is legal, and don't tell me that none of you would use them to your advantage f you could. If you say you will, you are either lying or deluded.

    The key is that they are LEGAL..

Fast, cheap, good: pick two.

Working...