[Dailydave] CISPA == MAPP

Dave Aitel dave at immunityinc.com
Tue Apr 17 13:34:50 EDT 2012


So votes are coming up for CISPA
<http://en.wikipedia.org/wiki/Cyber_Intelligence_Sharing_and_Protection_Act>
and I think it's a good time to look into the state of the "Cyber
Politico Arena". In other words, Lieberman had a bill that actually
SOLVED A PROBLEM. It was focused on critical infrastructure protection,
gave DHS the ball, and told everyone to help them run with it.

That said, it was one of those "immensely expensive" things, and people
don't really have much faith in DHS to carry technical balls around, so
it failed completely. Probably also worth mentioning that the
Republicans are going to vote on an administration bill only at gunpoint
this year. McCain in particular took a bee in his bonnet about how it
didn't give the NSA enough power.

Now we're left with CISPA, which is essentially Microsoft MAPP
<http://www.microsoft.com/security/msrc/collaboration/mapp.aspx> for the
US Government. That's it. It's pretty simple, and the reason Symantec
dropped their Huawei partnership
<http://www.nytimes.com/2012/03/27/technology/symantec-dissolves-alliance-with-huawei-of-china.html>.
There are some interesting clauses in it relating to the government
being able to give US Companies information about ongoing attacks even
disregarding clearance requirements it seems. But overall, it's "DNI
<http://twitter.com/#%21/daveaitel/statuses/165260367323336704> - please
go set up MAPP for us!" and that's it.

It goes both directions of course - the US Government will also be able
to take in information, and this probably includes information about US
Citizens and network traffic. It gets trickier here to figure out what
will and won't be allowed, but the general theme is "The Chinese and
Russians are owning every company - and we have information that can
help, so let's coordinate on that."

But they're selling it terribly. It's not SOPA. ACTA
<http://en.wikipedia.org/wiki/Anti-Counterfeiting_Trade_Agreement> is
much more like SOPA - and it's interesting that Hilary Rosen
<http://www.washingtonpost.com/blogs/the-fix/post/who-is-hilary-rosen/2012/04/12/gIQA2zFHDT_blog.html>
(who was the RIAA CEO when they were suing kids and trying to shut down
Napster) is in the news for controversy as a democratic strategist, but
it's not controversial how close the Obama administration is to the RIAA
and MPAA. There's an opening here team Romney if they decide to go for
"digital rights" among the demographic that shares files (aka, everyone
under 30).

-dave
 



-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120417/ee362e3f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120417/ee362e3f/attachment.sig>


More information about the Dailydave mailing list