Rep. Mike Rogers Calls CISPA Opponents "14 Year Old Tweeters in Their Basement"

[tptacek]

How does the bill's definition of an attack include sites with "hacker" in the name?

[lawnchair_larry]

CISPA contains no definition of "attack", nor does it limit itself to "actual attacks", or anything resembling that language.

Furthermore, if it did, it doesn't matter. Bad actors are allowed to be wrong, with impunity, if they promise that it was "in good faith".

[tptacek]

     4) CYBER THREAT INFORMATION.— 
      ‘‘(A) IN GENERAL.—The term ‘cyber 
      threat information’ means information directly 
      pertaining to— 
      ‘‘(i) a vulnerability of a system or net-
      work of a government or private entity; 
      ‘‘(ii) a threat to the integrity, con-
      fidentiality, or availability of a system or 
      network of a government or private entity 
      or any information stored on, processed on, 
      or transiting such a system or network; 
      ‘‘(iii) efforts to deny access to or de-
      grade, disrupt, or destroy a system or net-
      work of a government or private entity; or 
      ‘‘(iv) efforts to gain unauthorized ac-
      cess to a system or network of a govern-
      ment or private entity, including to gain 
      such unauthorized access for the purpose 
      of exfiltrating information stored on, proc-
      essed on, or transiting a system or network 
      of a government or private entity	

You're right that I phrased this more casually than the bill does, which harms my point but I believe still leaves it standing.

[lawnchair_larry]

> You're right that I phrased this more casually

Did you think that I was suggesting you were merely phrasing it casually, or is that a subtle argument technique? ;)

[tptacek]

No, I was owning up to the fact that by saying CISPA only pertained to "attacks", I was making it easier to accept my premise. You were right to point out that the language in the bill is more subtle than that.