Tuesday, April 16, 2013

CISPA to be pushed through congress soon, act now!

Hello reader, Sorry for the lack of updates but I've been following on and off a bit about some new laws that are being pushed in the name of copyright protection that far overstep what their for, I suspect that Most anyone on secondlife has Heard about SOPA, and then CISPA which got pushed hard when SOPA failed, While I stand against violation of copyrights I also stand against the stripping of rights and freedoms in the name of such with laws that do nothing to protect such things and legalise criminal behaviour we see from various online companies such as those I've Protested against in my Blog. CISPA strips away the Responsibility companies that violate privacy laws may have and allows companies to attack individuals online so long as they act in good faith, but as we know law that relies on good faith only relies on a companies claims of such regardless of how Disingenuous they may be.

Such Laws I find to be extremely destructive and cannot be allowed to pass. CISPA pretty much authorizes companies that need to secure themselves or for that matter specialize in security to carry out attacks, I would like to remind you of previous posts Redzone, Was sold as a security system meant to protect companies within secondlife, but allowed them to collect information without the users knowledge and consent, and to top it off it turned out that wasnt the core goal, but was also used to bait people into a situation where they may inadvertently reveal private information they hold such as passwords.

Redzones creator did indeed do some time in prison for his crimes but with such laws relying on good faith of companies someone doing much the same could state they were stealing passwords for the sake of shutting down accounts used in attacks, when really their carrying out such attacks for profit rather than protecting themselves, and then claim such good faith, I find CISPA would open the door to such pathetic things, but would allow criminals and felons that specialize in attacking individuals in such a way a get out of jail free card

All things considered like during the incidents during redzone companies can act on perceived threats, but however companies can create and make up their own threats.

Consider Redzone for example the system claimed to protect it's users from the copybot threat, really Its hard to prove a word of this but I feel zFire played both sides of the crime. Consider this such a scripted object in Secondlife given the intentional coding limitations of secondlifes scripting language LSL a viewer would pretty much in order to be identified as a copybot or not by a scripted object would have to be coded to have a specific response to a message it was listening for, essentially the redzone system would practically have to be messaging on a hidden channel "hi im redzone", and the viewer would have to be messaging back "Hi im copybot", or for that matter if not coded to respond would not respond at all like any regular viewer, given as such really, during the redzone incidents, this likely also made zFire redzones creator on both the supply and response side of the problem, Yes I'm saying I find it likely that zFire xue Produced a copybot viewer at some point under another name because how else can you detect such a thing with such a limited scripting language?

However this post is about CISPA and considerations regarding it, since nobody knows zFire may of been on the providing side of the problem if such a law had been in effect when he was committing his crimes, and stealing account information and passwords through his forums, in a CISPA world I find it would be easy for such felons to claim good faith and say they honestly thought they were providing security and continue their attacks, thus having no responsibility for their various crimes, but enough of the secondlife specifics... essentially a company wanting to attack another company only has to make up an attack on itself.

since CISPA is so broadly worded it allows companies to make attacks against eachother and individuals, imagine signing onto a service and getting banned by a moderator of that service, whether you deserved it, or they were ill-informed such companies behind such could likely commit a DDoS attack temporarily rendering your internet service useless, and such companies committing attacks themselves could make false claims such as we were preventing the creation of a new account, having in the past assisted in network administration at a college, where many users misbehaved and we would have to find new ways constantly of preventing such misbehaviour while keeping the network usable to the students who may be using information from any number of sources in many areas of study, I could easily see the network of falling under such an attack, worse yet with such broad language in a law which alleviates responsibility and broadens what you can do in the name of so called defence(it isn’t really defence its offence) we could broaden this quite a bit beyond how it effects you in secondlife, or how it could of effected me, consider this... a common modern problem today is DDoS attacks, oftentimes DDoS the first D standing for distributed in Denial of Service involves several systems being involved in an attack, obviously one individual isn't likely to carry out an attack alone, but collaborating exposes them, so a common problem today that bolsters such a problem is Botnets, a number of machines infected with a virus or malware looking for cues online to take various actions and to perform such actions as DDoS attacks which require multiple connections and alleviate the need for collaboration in such attacks given as such I find it conceivable that corperations may create botnets to help engage in such attacks, and the lack of responsibility would allow for various malware to be embedded in big name software, consider this youtube coming under attack from various recording companies because their users make unauthorized uploads thus making the service less usable or unusable because of a company actively participating in attacks in the name of its own security, or for that matter the college I did administration at because one student took action that was said to be perceived as an attack, or maybe my colleges connection coming under attack because someone set a custom port to be used by a torrent app to get around the firewall, the possibilities of whom may come under attack with such a measure in place are endless.

With CISPA in play I find such madness a possibility, as without CISPA a company could receive large fines and potentially be fined beyond their income, with CISPA in play there would be nothing to hold such companies back.

Consider the Business and Professions code I mentioned often during the redzone incidents. The business and professions code imposes a hefty fine for such violations like the one zFire was committing under the business and professions code a company can be fined $2500 for each individual business and professions code violation, and can be fined again for every day that violation is allowed to continue, Multiple violations results in multiple fines, if a piece of software contained a violation a company could be fined for $2500 for every system infected every day the company did not issue a patch to correct the violation. Obviously this can add up fast and can put even a large corporation on its knees in violating the privacy of potentially millions of customers and receiving fines day to day. This sometimes works as a deterrent to large companies acting much the same way zfire had.

Measures such as CISPA only serve the biggest corporate giants with the largest pools of resources at their disposal and only erode the rights of people and small business.

To me CISPA only makes everything harder for the individual and makes legal compliance one sided by applying only to them and making it harder on them than it is already hard enough and undeserved, and gives corporations a free ticket to operate with complete lawlessness and impunity stripping them of responsibility for their own actions.

By all Means I would like to encourage my readers to help join in the protest against CISPA please read from the URL below form your own opinion regarding CISPA if you haven’t yet, and help in the protest.

http://cms.fightforthefuture.org/cispa/