"Members should seriously consider whether CISPA - which inflamed grassroots activists last year and was under a veto threat for these and other flaws - is the right place to start."
Last October, Obama signed a secret directive. It addressed cyberattack defense. It set guidelines for confronting cyberspace threats. It lets military personnel act more aggressively.
Called Presidential Policy Directive 20, it's "the most extensive White House effort to date to wrestle with what constitutes an 'offensive' and a 'defensive' action in the rapidly evolving world of cyberwar and cyberterrorism, where an attack can be launched in milliseconds by unknown assailants utilizing a circuitous route."
"For the first time, (it) explicitly makes a distinction between network defense and cyber operations to guide officials charged with making often rapid decisions when confronted with threats."
The order updates Bush's 2004 presidential directive. It vets operations outside government owned systems.
Fiber operations previously considered offensive (because they go outside defended networks) are now called defensive. They include "severing the link between an overseas server and a targeted domestic computer."
Pentagon officials are expected to finalize new cyberwar rules of engagement. They set guidelines for military commanders. They'll be able to act outside government networks.
They'll be able to compromise personal privacy. Preventing cyberattacks will be claimed as pretext.
Last fall, Defense Secretary Leon Panetta warned of a "cyber Pearl Harbor." It could "cause physical destruction and loss of life," he said. It could "paralyze and shock the nation and create a new profound sense of vulnerability."
US officials never lack for hyperbole. Fear-mongering is longstanding policy. Lies substitute for truth and full disclosure.
CISPA 2.0 reflects old wine in new bottles. Troublesome issues remain. EFF addressed them.
New legislation lets business use cybersecurity systems. Doing so permits accessing alleged cybersecurity threat information (CTI).
Personal communications are included. Perceived threats to networks or systems are pretexts.
Imposed limitations are weak. They only involve acting for vaguely defined cybersecurity purposes.