CISPA halted in Senate

'Dead for now:' CISPA halted in the Senate

Privacy advocates can breathe a sigh of relief as the controversial US Cyber Information Sharing and Protection Act (CISPA) appears to be all but dead in the water, with all signs pointing to it being shelved by the Senate.

RT,

25 April, 2013

The bill, which was purportedly designed to allow the federal government to share private user information with corporations in situations of a suspected cyber threat, was the source of widespread ire from privacy advocates.

Senator Jay Rockefeller (D-WV), chairman of the US Senate Committee on Commerce, Science and Transportation, confirmed that CISPA’s passage seemed unlikely due to the bill’s lack of privacy protections, which the Senator deemed “insufficient.”

According to US News & World Report, a representative of the Senate committee stated that, though CISPA seems to be dead for the time being, issues and key provisions from that bill may still re-emerge.

"We're not taking [CISPA] up. Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we're going to strengthen cybersecurity. They'll be drafting separate bills," said the representative.

President Obama had threatened to veto CISPA in its current form due to its lack of personal privacy provisions. A representative with the ACLU, which along with the Electronic Frontier Foundation (EFF) was one of the bill’s most vocal critics, also believed that the legislation now faces an uncertain future.

"I think it's dead for now," says Michelle Richardson, legislative council with the ACLU. "CISPA is too controversial, it's too expansive, it's just not the same sort of program contemplated by the Senate last year. We're pleased to hear the Senate will probably pick up where it left off last year," she told US News.

According to the EFF, CISPA represents a “dangerous” level of access to private information, and would allow the National Security Agency to obtain online communications data without a warrant. 

According to Richardson, it should be three months before any cybersecurity legislation sees a vote in the Senate.

The police state

Obama administration bypasses CISPA by secretly allowing Internet surveillance

Scared that CISPA might pass? The federal government is already using a secretive cybersecurity program to monitor online traffic and enforce CISPA-like data sharing between Internet service providers and the Department of Defense.

RT,

24 April, 2013

The Electronic Privacy Information Center has obtained over 1,000 pages of documents pertaining to the United States government’s use of a cybersecurity program after filing a Freedom of Information Act request, and CNET reporter Declan McCullagh says those pages show how the Pentagon has secretly helped push for increased Internet surveillance.

“Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws,” McCullagh writes.

That practice, McCullagh recalls, was first revealed when Deputy Secretary of Defense William Lynn disclosed the existence of the Defense Industrial Base (DIB) Cyber Pilot in June 2011. At the time, the Pentagon said the program would allow the government to help the defense industry safeguard the information on their computer systems by sharing classified threat information between the Department of Defense, the Department of Homeland Security and the Internet service providers (ISP) that keep government contractors online.

“Our defense industrial base is critical to our military effectiveness. Their networks hold valuable information about our weapons systems and their capabilities,” Lynn said. “The theft of design data and engineering information from within these networks greatly undermines the technological edge we hold over potential adversaries.”

Just last week the US House of Representatives voted in favor of the Cyber Intelligence Sharing and Protection Act, or CISPA — a legislation that, if signed into law, would allow ISPs and private Internet companies across the country like Facebook and Google to share similar threat data with the federal government without being held liable for violating their customers’ privacy. As it turns out, however, the DIB Cyber Pilot has expanded exponentially in recent months, suggesting that a significant chunk of Internet traffic is already subjected to governmental monitoring.

In May 2012, less than a year after the pilot was first unveiled, the Defense Department announced the expansion of the DIB program. Then this past January, McCullagh says it was renamed the Enhanced Cybersecurity Services (ECS) and opened up to a larger number of companies — not just DoD contractors. An executive order signed by US President Barack Obama earlier this year will let all critical infrastructure companies sign-on to ECS starting this June, likely in turn bringing on board entities in energy, healthcare, communication and finance.

Although the 1,000-plus pages obtained in the FOIA request haven’t been posted in full on the Web just yet, a sampling of that trove published by EPIC on Wednesday begins to show just exactly how severe the Pentagon’s efforts to eavesdrop on Web traffic have been.

In one document, a December 2011 slideshow on the legal policies and practices regarding the monitoring of Web traffic on DIB-linked systems, the Pentagon instructs the administrators of those third-party computer networks on how to implement the program and, as a result, erode their customers’ expectation of privacy.

In one slide, the Pentagon explains to ISPs and other system administrators how to be clear in letting their customers know that their traffic was being fed to the government. Key elements to keep in mind, wrote the Defense Department, was that DIB “expressly covers monitoring of data and communications in transit rather than just accessing data at rest.”

“[T]hat information transiting or stored on the system may be disclosed for any purpose, including to the government,” it continued. Companies participating in the pilot program were told to let users know that monitoring would exist “for any purpose,” and that users have no expectation of privacy regarding communications or data stored on the system.

According to the 2011 press release on the DIB Cyber Pilot, “the government will not monitor, intercept or store any private-sector communications through the program.” In a privacy impact assessment of the ECS program that was published in January by the DHS though, it’s revealed that not only is information monitored, but among the data collected by investigators could be personally identifiable information, including the header info from suspicious emails. That would mean the government sees and stores who you communicate with and what kind of subject lines are used during correspondence.

The DHS says that personally identifiable information could be retained if “analytically relevant to understanding the cyber threat” in question.

Meanwhile, the lawmakers in Congress that overwhelmingly approved CISPA just last week could arguably use a refresher in what constitutes a cyberthreat. Rep. Michael McCaul (R-Texas) told his colleagues on the Hill that "Recent events in Boston demonstrate that we have to come together as Republicans and Democrats to get this done,” and Rep. Dan Maffei (D-New York) made unfounded claims during Thursday’s debate that the whistleblowing website WikiLeaks is pursuing efforts to “hack into our nation’s power grid.”

Should CISPA be signed into law, telecommunication companies will be encouraged to share Internet data with the DHS and Department of Justice for so-called national security purposes. But even if the president pursues a veto as his advisers have suggested, McCullagh says few will be safe from this secretive cybersecurity operation already in place.

The tome of FOIA pages, McCullagh says, shows that the Justice Department has actively assisted telecoms as of late by letting them off the hook for Wiretap Act violations. Since the sharing of data between ISPs and the government under the DIB program and now ECS violates federal statute, the Justice Department has reportedly issued an undeterminable number of “2511 letters” to telecoms: essentially written approval to ignore provisions of the Wiretap Act in exchange for immunity.

"The Justice Department is helping private companies evade federal wiretap laws," EPIC Executive Director Marc Rotenberg tells CNET. "Alarm bells should be going off."

In an internal Justice Department email cited by McCullagh, Associate Deputy Attorney General James Baker is alleged to write that ISPs will likely request 2511 letters and the ECS-participating companies “would be required to change their banners to reference government monitoring.”

"These agencies are clearly seeking authority to receive a large amount of information, including personal information, from private Internet networks," EPIC staff attorney Amie Stepanovich adds to CNET. "If this program was broadly deployed, it would raise serious questions about government cybersecurity practices."

Breaking the Set

CISPA: Worse than the Patriot Act

Interview with Michelle Richardson

Abby Martin talks to Michelle Richardson, Legislative Counsel with the ACLU, about the renewed push for CISPA, and how its implications could be worse than the Patriot Act.

See also - 

CISPA - US senate uses distraction

Hr.624.CISPA passed (18 April 2013) China style Internet in effect... ALERT

What were our leaders doing during this distraction??? They can't let a good crisis go to waste...

We knew this day would come.... But hey! It's for our protection. Don't you feel safer already?

CISPA passed in United States

Cispatriot Act: US Reps approve CISPA cybersecurity bill

The controversial Cyber Intelligence Sharing and Protection Act has been approved by the House of Representatives. One of the Congressman evoked Monday's deadly bombings in Boston as a reason to pass it. RT America's website producer, Andrew Blake is closely following the debates over the bill

US fascism

Zombie law: CISPA cyber bill resurrected from the dead

Reuters / Larry Downing

RT,

13 February, 2013

The two US lawmakers responsible for last year’s failed cybersecurity bill known as CISPA are reintroducing the act, and renewed interest from Washington means it might have a fighting chance this time at being signed into law.

Less than ten months after the Cyber Intelligence Sharing and Protection Act stalled on Capitol Hill after being overwhelmingly approved in the House of Representatives, the architects of bill that’s been called “Worse than SOPA” are once more pitching their effort to politicians.

If approved, CISPA could reshape the way American businesses interact with the federal government by setting up a system for private sector entities to share cyberthreat information with any agency administered by Uncle Sam, a notion being called a national security necessity by an increasing number of figures in Washington. Critics of the act condemn the bill’s vague verbiage, though, and less than one year ago orchestrated an online opposition movement with hopes of snuffing CISPA for good. But while the bill — the brainchild of Rep. Mike Rogers (R-Mich.) and Sen. Dutch Ruppersberger (D-Calif.) — failed to garner the support needed within Washington to make it become a law last year, urging from both Congress and the commander-in-chief — and coupled with a new slew of alleged cyber intrusions — could help CISPA be added to the books in no time.

CISPA, a bill “to provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities,” was approved by the House by a 248-168 vote last April, but ended in political purgatory after lawmakers in the Senate failed to see eye-to-eye with their congressional counterparts. Even had CISPA made it that far, though, aides for US President Barack Obama insisted problems with the bill would make it the subject of an executive veto. During just a few short months, however, the White House has rallied support for cybersecurity legislation, and just this week Pres. Obama signed an executive order to establish the framework needed to protect the country’s critical and wired infrastructure in lieu of Congress’ inability to do so on their own part, whether through CISPA or by other means. Pres. Obama announced the order during his State of the Union address Tuesday evening, and added a plea to the politicians in his audience to work towards a Legislative Branch solution.

“Earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks,”Pres. Obama said.

An executive order from Pres. Obama isn’t exactly a rare occurrence, and a laundry list of directives signed in the wake of last year’s Sandy Hook massacre aimed to establish gun reform was faced with furious opposition on the Hill. Either way, though, the orders he’s made from the Oval Office have led some lawmakers to suggest that the commander-in-chief is bypassing both Congress and the Constitution.

“Obama's increasing reliance on executive orders to push policy and skirt congressional deliberation is worrisome,”Sen. Ted Cruz (R-Texas) tweeted this week.

But in a joint statement issued by the officers of Rep. Rogers and Sen. Ruppersberger on the day of the annual address, the CISPA co-authors said they were “pleased” with the president’s remarks and agreed that “our biggest barriers to bolster our cyber defenses can be fixed only with legislation.” CISPA, said the lawmakers, will “help US companies better protect themselves and the privacy and civil liberties of their customers” from international hackers per the president’s request.

“This is clearly not a theoretical threat – the recent spike in advanced cyberattacks against the banks and newspapers makes that crystal clear: American businesses are under siege,” Rep. Rogers said. He added that American companies need to have their networks better protected because, as he explains in an op-ed published last week in The Detroit News, “thousands of highly-trained computer engineers wake up” every morning in China with the mission to “Steal American intellectual property that the Chinese can in turn use to compete against us in the international market.”

“It is time to stop admiring this problem and deal with it immediately,” Rogers added this week. “Congress urgently needs to pass our cyber threat information sharing bill to protect our national security, our economy and US jobs.”

To CISPA’s critics, though, one very important item isn’t taken into consideration when it comes to offering protection. Opponents of the bill insist that approving CISPA could have damning repercussions for personal privacy and would put off-the-record conversations online and in the hands of any government investigator who can call that data relevant to a case. For that reason, it’s been opposed by the Electronic Frontier Foundation, the American Civil Liberties Union, the Center for Democracy and Technology and others. Even Mozilla, a leading Silicon Valley software maker, strayed from the pack last year and said, “While we wholeheartedly support a more secure Internet, CISPA has a broad and alarming reach that goes far beyond Internet security,”

“The bill infringes on our privacy,” Mozilla’s privacy and public policy official said in a statement to Forbes last year.

Even still, others say the overly vague language of the bill itself could lead to broad interpretation.

Speaking to RT when CISPA was last up for vote in April 2012, Demand Progress co-founder Aaron Swartz said the act has “all the censorship problems” of other cyber legislation that’s been proposed in under the Obama administration such as SOPA and PIPA — the Stop Online Piracy Act and Protect IP Act, respectively — but warned that CISPA is “incredibly broad and dangerous” since “it also goes much further and allows them to spy on people using the Internet, to get their personal data and e-mails.” All, of course, in the name of cybersecurity. But as Congress is still only in its infancy in terms of understanding computers, that ill-defined term can allow for Washington to interpret CISPA in a variety of ways.

“CISPA is essentially an Internet monitoring bill that permits both the federal government and private companies to view your private online communications with no judicial oversight, provided, of course, that they do so in the name of cyber security,” former presidential hopeful and congeressman Ron Paul said on the campaign trail last year.

Since CISPA was first introduced in November 2011, it’s undergone a handful of revisions and has received a number of amendments. But while those changes have been touted as the installation of privacy safeguards for the public by some, others say some of CISPA’s edits have made it an even worse act. One amendment, approved in April’s House vote, was celebrate by some CISPA supporters because it refined the government’s use of shared cyber threat information under the bill to five specifics purposes: cybersecurity; investigation and prosecution of cybersecurity crimes; protection of individuals from the danger of death or physical injury; protection of minors from physical or psychological harm; and protection of the national security of the United States. When that amendment made it to TechDirt.com blogger Leigh Beadon last year, she said it was “absolutely terrible” because, instead of limiting the government’s power, it really only expanded the scope of “cybersecurity” in terms of what the feds can and can’t do with private data.

“Basically it says the Fourth Amendment does not apply online, at all,” Beadon wrote. “Basically this means CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a ‘cybersecurity crime.’”

During Pres. Obama’s Tuesday evening address, members of the international hacktivist movement Anonymous launched an unsuccessful cyber battle against the White House in protest of the administration’s relentless war on the Internet. “We reject the State of the Union. We reject the authority of the President to sign arbitrary orders and bring irresponsible and damaging controls to the Internet,” read a statement made by the group that morning, which included a call to arms for Anons to disrupt that evening’s SOTU broadcast.

Now with CISPA about to be formally reintroduced, they face one more cyber hurdle. If they want to fight back, though, this time they’ll likely face an uphill battle unheard of since last year’s protests.

Anonymous' promise

Anonymous promises to disrupt Obama’s State of the Union

AFP Photo / Gianluigi Guercia

RT,

13 February, 2013

Eyes and ears will be on US President Barack Obama Tuesday evening as he presents the State of the Union address from Capitol Hill in Washington, DC. Hacktivists aligned with the Anonymous movement have other plans, however.

A call to arms has been issued by Anonymous, the shadowy underground collective of hackers and activists, and the group says they hope to disrupt select online broadcasts of the annual address in protest of President Obama and his administration’s assaults on the civil liberties and constitutional rights of Americans, as well as the world’s Internet.

“Operation SOTU,” or “OpSOTU,” is latest mission from Anonymous, and members involved in the initiative say it will serve as a decisive factor in the “battle royale for the future of the Internet.”

In a statement drafted by members of Anonymous and circulated on the Web early Tuesday, the group recalls a series of recent victories for Internet activists who waged battles and won against proposed legislation that would have drastically changed the modern landscape of computer and technology law.

“Last year we faced our greatest threat from lawmakers. We faced down SOPA, PIPA, CISPA and ACTA,” the message begins. “But that victory did not come easily. Nor did it come without a price.”

While the controversial Stop Online Piracy Act and the Protect IP Act were killed in Congress before they could come to fruition, opponents of those bills argue that Washington’s assault on computer users has only escalated in the year since. In January, 26-year-old anti-SOPA advocate Aaron Swartz was found dead of an apparent suicide in the midst of a heated legal battle with the US Justice 

Department over his allegedly unauthorized downloading of academic and journal files from the website JSTOR. Other young technologists, including those accused of hacking the Stratfor intelligence firm as members of Anonymous, are facing life in prison for nonviolent computer crimes.

But despite calls for the White House and Washington to relinquish their mission to censor the Internet and strip online freedoms away from Americans, a war against overzealous cybersecurity legislation remains rampant. In lieu of reform — reform even advocated by some members of Congress — both the Executive and Legislative branches alike are preparing to push for new rules that some say will only ruin the Internet.

Pres. Obama is believed to have already signed a cybersecurity executive order this week that, when unveiled, is expected to include privacy-damning provisions that will put in place a direct plan of action for the private sector to share consumer information with the government. According to some reports, the order could be made public as soon as during Tuesday evening’s address. On Wednesday, however, the architects of last year’s Cyber Intelligence Sharing and Protection Act, or CISPA, plan to reintroduce their bill during a seminar in Washington, rekindling a mission Anonymous says would turn “private companies into government informants.” Regardless of if either is discussed during Tuesday night’s address, however, hacktivists are preemptively asking for a world-wide attack on the State of the Union to be led by a legion of Anons.

“We reject the State of the Union. We reject the authority of the President to sign arbitrary orders and bring irresponsible and damaging controls to the Internet,” Anonymous writes. “The President of the United States of America, and the Joint Session of Congress will face an Army tonight.”

“There will be no State of the Union Address on the web tonight.”

Anonymous is asking for people around the globe to prepare for an online battle Tuesday evening that will take a multi-prong approach in hopes of rendering some Internet streams of the president’s address unavailable and educating the world’s about his administration’s ruthless interpretation of both computer law and the US Constitution alike. In addition to waging a distributed denial-of-service attack (DDoS) against websites carrying the SOTU stream, Anons also plan to spam Facebook, Twitter, Reddit and other social media sites with information about the president’s cybersecurity order, CISPA and other items likely to be left out of Tuesday’s speech.

“He will not be covering the NDAA [National Defense Authorization Act], an act of outright tyrannical legislation allowing for indefinite detention of citizens completely outside due process and the rule of law,” reads the press release in part. “He will not be covering the extra-judicial and unregulated justifications for targeted killings of citizens by military drones within the borders of America, or the fact that Orwellian newspeak had to be used to make words like ‘imminent’ mean their opposite.”

Elsewhere, Anonymous attacks the president’s hesitance to publically discuss Private first class Bradley Manning, the 25-year-old accused whistleblower who has been imprisoned without trial for nearly 1,000 days for allegedly leaking information about the United States’ own war crimes. Nor will he discuss, claims Anonymous, “the secret interpretations of law that allow for warrant-less wiretapping and surveillance of any US citizen without probably cause of criminal acts.”

Indeed, the matters of Pfc Manning and the recent renewal of the Foreign Intelligence Surveillance Act (FISA) and other Fourth Amendment-eroding legislation have been by-and-large removed from talking points touched on by the president during his first term in office. Next, Anonymous fears, a tightening grip on the Internet could mean even more infringement, authorized by an administration that aims to gain control of the world’s main method of communication.

“We will form a virtual blockade between Capitol Hill and the Internet,” warns Anonymous. In a separate statement issued by the AnonRelations sect, one member writes, “President Obama and the State of the Union Address will be BANISHED from the Internet for the duration of live delivery.”

“This action is being taken to underline a fact that appears to be sorely unrecognized by the Obama Administration — that the Internet is a sovereign territory, and does not fall under the jurisdiction of any nation state.”

In a public discussion held for planning purposes online, one Anon writes, 

“Anyone and everyone on the Internet who opposes the current efforts by the US government to control the Internet and their actions against liberty at home and abroad will be DIRECTLY ENGAGED in LULZ WARFARE.” The group has since collected a number of news links relating to relevant White House policies and the URLs for websites that might be momentarily brought down by a coordinated DDoS attack, including the official White House stream for the president’s address. FBI.gov, House.gov and the website for C-SPAN have all been listed as potential targets as well.

“Armed with nothing more than Lulz, Nyancat and PEW-PEW-PEW! Lazers, we will face down the largest superpower on Earth,” the AnonRelations bulletin reads.

OpLastResort, the Anonymous-led mission launched in retribution for the death of Aaron Swartz that is largely attributed to alleged prosecutorial overreach by the Obama administration, has endorsed the planned assault on the State of the Union. On the website OpLastResort.com, the administrator insists there will be no State of the Union broadcast on the Web “for freedom, for Aaron Swartz, for the Internet, and of course, for the lulz.” A member of AnonRelations calls the latest action a continuation of OpLastResort, but also “a direct response to intelligence gathered about upcoming executive order.”

Since Mr. Swartz’ passing in December, Anonymous has hacked into a database of Federal Reserve emergency numbers, defaced the website of the US Sentencing Commission and posted the log-in credentials for over 4,000 US banking executives on a hacked frontpage for the Alabama Criminal Justice Information Center. When asked whether he thought these maneuvers were making a difference, former Anonymous member Gregg Housh tells RT that the operations are not going unrecognized.

“I think the ops are having an interesting effect,” Housh says in an online chat hours before Tuesday’s State of the Union Address. “It has their attention . . . in a way I haven’t seen before.”

“I think something is happening,” adds Housh, “it is just happening at the pace at which Washington is used to going, and the Internet is used to ‘Internet time,’ which is much faster.”

Cyber warfare

Obama signs executive order on cyber security

U.S. President Barack Obama gestures as he arrives to deliver his State of the Union Speech on Capitol Hill in Washington, February 12, 2013. (Reuters / Jason Reed)

RT,

13 February, 2013

Barack Obama has signed an executive order on cybersecurity following rumors that he would do so. In his State of the Union address he cited “growing threat from cyber-attacks” as the reason he used his executive power against the will of lawmakers.

America must face the rapidly growing threat from cyber-attacks, President Obama told the nation in his address.

“We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.”

Years from now Americans cannot look back and wonder “why we did nothing in the face of real threats to our security and our economy,” Obama said.

The order directs government officials to come up with standards to reduce cyber security risks within the next 240 days and encourage companies to adopt the new framework. It however has no legal power to force companies to adopt the framework of cybersecurity best practices.

The framework will be technology-neutral and aimed at addressing security gaps in the computer networks of crucial parts of the country's infrastructure – the electric grid, water plants and transportation networks.

Obama urged Congress to follow his lead and pass legislation giving Washington “a greater capacity to secure networks and deter attacks.”