The American Bear

Sunshine/Lollipops

ACLU: CISPA Is Dead (For Now)

CISPA is all but dead, again.

The controversial cybersecurity bill known as the Cyber Information Sharing and Protection Act, which passed the House of Representatives last week, will almost certainly be shelved by the Senate, according to a representative of the U.S. Senate Committee on Commerce, Science and Transportation.

The bill would have allowed the federal government to share classified “cyber threat” information with companies, but it also provided provisions that would have allowed companies to share information about specific users with the government.* Privacy advocates also worried that the National Security Administration would have gotten involved.

“We’re not taking [CISPA] up,” the committee representative says. “Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we’re going to strengthen cybersecurity. They’ll be drafting separate bills.”

Sen. Jay Rockefeller, D-W.V., chairman of the committee, said the passage of CISPA was “important,” but said the bill’s “privacy protections are insufficient.”

* This is goodish news. However, “provisions that would have allowed companies to share information about specific users with the government” already exist, without CISPA, thanks to the Obama DOJ: U.S. gives big, secret push to Internet surveillance | CNET

h/t quickhits

U.S. gives big, secret push to Internet surveillance | CNET

Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws.

The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors’ Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12.

“The Justice Department is helping private companies evade federal wiretap laws,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. “Alarm bells should be going off.”

Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.

The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as “2511 letters,” a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books.

The Wiretap Act limits the ability of Internet providers to eavesdrop on network traffic except when monitoring is a “necessary incident” to providing the service or it takes place with a user’s “lawful consent.” An industry representative told CNET the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It’s not clear how many 2511 letters were issued by the Justice Department.

[…]

Because it overrides all federal and state privacy laws, including the Wiretap Act, legislation called CISPA would formally authorize the program without the government resorting to 2511 letters. In other words, if CISPA, which the U.S. House of Representatives approved last week, becomes law, any data-sharing program would be placed on a solid legal footing. AT&T, Verizon, and wireless and cable providers have all written letters endorsing CISPA. [continue]

House passes controversial “cybersecurity” bill CISPA in 288-127 vote | Ars Technica

The United States House of Representatives approved the Cyber Intelligence Sharing and Protection Act (CISPA) [Thursday] by a comfortable 288 to 127 margin. Almost half of the House’s Democrats joined 196 Republicans in supporting the measure.

The legislation grants companies broad legal immunity when they share information related to online threats with one another and with the federal government. Advocates argue that the legislation is needed to allow companies to quickly and efficiently share information in order to help secure their networks.

But critics such as the American Civil Liberties Union and the Electronic Frontier Foundation describe the legislation as an attack on user privacy. They worry that companies will use the broad immunity offered by CISPA to ignore other laws that protect consumer privacy. And in a veto threat issued on Tuesday, the White House echoed these arguments.

“The bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities,” the Obama administration said on Tuesday.

“The US House just passed CISPA, undermining the privacy of millions of Internet users,” the Electronic Frontier Foundation said in a tweet. “Now we take this fight to the Senate.”

“I voted against #CISPA because it does not adequately protect the civil liberties of Americans,” Rep. Anna G. Eshoo (D-CA) tweeted. “People deserve both privacy and security.”

So far, the CISPA debate has been a repeat of last year’s legislative process. An earlier version of CISPA passed the House in 2012 despite the objection of civil liberties groups, but companion legislation got bogged down in the Senate.

Obama’s CISPA privacy surprise | Salon.com

It’s a sign of just how badly the Obama administration’s record on civil liberties is regarded that the first reaction to the news that the White House is threatening to veto the Cyber Intelligence Sharing and Protection Act (CISPA) was a sense of surprise.

CISPA is designed to make it easier for private companies to share information about “cybersecurity” issues — hacker attacks, Chinese sabotage, etc. — with government agencies. Under CISPA companies such as Facebook or Microsoft could freely hand over personal information — emails, texts, news feed postings — without having to worry about potential negative consequences, including litigation from outraged users. Naturally, CISPA enjoys wide support from by the tech lobby; IBM sent more than 200 executives to Washington this week to push for its passage. The bill also enjoys bipartisan backing. The House of Representatives is set to vote on the bill either Wednesday or Thursday.

But the White House wants stronger protections for privacy and civil liberties, and stated flatly on Tuesday that “if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill.”

The Administration… remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately.

Privacy activists are delighted by the news. Even if the House ends up passing the bill as it stands, opposition from the White House could doom the legislation’s chances of being taken up in the Senate — a replay of what happened last year, when an earlier version of CISPA failed to become law.

The People’s Record Daily News Update

thepeoplesrecord:

Here’s a collection of news stories for February 9, 2013 that you may not otherwise have a chance to see/learn about.

Residents of the Saudi Arabian capital Riyadh say more than 100 people have demonstrated to call for the release of people detained without charge.

Dozens of security vehicles blocked the intersections of two streets Saturday where the demonstrations were taking place. North of Riyadh in the city of Buraydah, around 30 people — mostly women related to the prisoners — held a similar rally.

In past years, a small number of Saudis have demonstrated in Riyadh to demand the release of thousands of people detained without charge or trial on suspicion of involvement in militant activity. Some have been held for up to 15 years.

Turkish officers are resigning en masse to avoid arrest and sentencing for conspiracy against the government. The cabinet of PM Erdogan is winning the decade-long battle with the country’s once almighty generals.

Mass detentions of both serving and retired officers have been taking place in Turkey over the last decade. The country’s media is closely following a number of trials against top brass accused of plotting against the ruling government. Over at least the past half a century, the Turkish armed forces have been notorious for regular interference in domestic politics, organizing several coups to displace governments and generally having great influence on the political landscape.

In late January 2013 the exodus of Turkish officers from the army was given a new push. Turkey’s number-two naval commander Admiral Nusret Guner resigned, allegedly over the detention of hundreds of his colleagues. His premature voluntary retirement sparked yet another wave of resignations.

In the United States, a Los Angeles police officer who is under investigation for threatening women with jail time if they refused to have sex with him is now being sued by a man he and another officer beat nearly to death after trying to extort money from him last May.

Mulligan “suffered a broken shoulder blade and facial fractures requiring several surgeries at the hands of police officers after they stopped him in the city’s Highland Park neighborhood and forced him to check into a local motel and stay there against his will,” according to The Hollywood Reporter. 

In Russia, a Moscow district court ordered Sergei Udaltsov, a prominent opposition leader, to be placed under house arrest on Saturday, in one of the most aggressive legal measures to date against a leader of the anti-Kremlin protests that began more than a year ago.

Mr. Udaltsov, the leader of the radical socialist Left Front movement, faces a charge of conspiracy to incite mass disorder, under a statute that can bring a maximum sentence of 10 years in prison. According to Saturday’s ruling, he may not leave his house, use the Internet, receive letters or communicate with anyone outside his family and legal team until April 6, the current date for the end of the investigation of his case.

The ruling seemed to signal a new stage in the government’s effort to bring criminal cases against well-known critics of President Vladimir V. Putin.

In Palestine and the occupied territories, Israel’s army forced Palestinian activists to evacuate a West Bank encampment they had set up in protest against illegal Israeli settlement construction and declared the site a “closed military zone”.

Soldiers on Saturday destroyed tents that were being erected in two different areas near the southern West Bank town of Yatta and forced activists to leave, the Palestinian witness said.

At the first site no arrests were made, but soldiers used a cannon that shoots what is commonly referred to as “skunk” water because of its foul smell to disperse activists.

Six people were arrested at the second site, including two photographers.

WARNING: CISPA IS BACK!!!

The Cyber Intelligence Sharing and Protection act (CISPA) will be reintroduced before the US House next week following a spate of cyber espionage and hacking attacks. Civil liberties advocates have criticized the bill for violating privacy laws.

The House Intelligence Committee’s Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) will attempt to breathe new life into CISPA on Wednesday.

The bill will be identical to the version of CISPA that passed the House last spring, but was defeated on the Senate floor in August mainly because the upper house was hammering out its own cyber security bill.

(Source: thepeoplesrecord, via zeram-deactivated20130410)

guardian:

CISPA must be blocked, say Anonymous hackers

This video released by the Anonymous hacking collective urges the US public to stop the Cyber Intelligence Sharing and Protection act (Cispa) in the Senate. The bill, passed by the US House of Representatives on Thursday, encourages companies and the federal government to share information collected on the internet to prevent electronic attacks from cybercriminals, foreign governments and terrorists

(Source: gu.com, via queerencia-deactivated20130103)

Insanity: CISPA Just Got Way Worse, And Then Passed On Rushed Vote

Up until this afternoon, the final vote on CISPA was supposed to be tomorrow. Then, abruptly, it was moved up today—and the House voted in favor of its passage with a vote of 248-168. But that’s not even the worst part.

The vote followed the debate on amendments, several of which were passed. Among them was an absolutely terrible change (pdf and embedded below—scroll to amendment #6) to the definition of what the government can do with shared information, put forth by Rep. Quayle. Astonishingly, it was described as limiting the government’s power, even though it in fact expands it by adding more items to the list of acceptable purposes for which shared information can be used. Even more astonishingly, it passed with a near-unanimous vote. The CISPA that was just approved by the House is much worse than the CISPA being discussed as recently as this morning.

Previously, CISPA allowed the government to use information for “cybersecurity” or “national security” purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Cybersecurity crime is defined as any crime involving network disruption or hacking, plus any violation of the CFAA.

Basically this means CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a “cybersecurity crime”. Basically it says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened—again, notwithstanding absolutely any other law that would normally limit the government’s power.

(Source: azspot, via sarahlee310)

CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a “cybersecurity crime”. Basically it says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened—again, notwithstanding absolutely any other law that would normally limit the government’s power. Leigh Beadon, after CISPA was modified and the voting schedule was moved up so the House could pass it before anyone had a chance to read it or respond to it. (via jonathan-cunningham)

(via mindbabie5-deactivated20120604)

Cispa cybersecurity bill passed by House of Representatives | Technology | guardian.co.uk

The House of Representatives has ignored objections from Barack Obama’s administration and approved legislation aimed at helping to thwart electronic attacks on critical US infrastructure and private companies.

On a bipartisan vote of 248-168, the Republican-controlled House backed the Cyber Intelligence Sharing and Protection Act (Cispa), which would encourage companies and the federal government to share information collected on theinternetto prevent electronic attacks from cybercriminals, foreign governments and terrorists.

"This is the last bastion of things we need to do to protect this country," Republican Mike Rogers, chairman of the House intelligence committee, said after more than five hours of debate.

Yes, Mike Rogers, we are now completely safe from all possible threats. We’ve nerfed the U.S.

CISPA cybersecurity bill opposed by Obama administration | guardian.co.uk

A senior State Department official has stressed the Obama administration’s opposition to a controversial cybersecurity bill ahead of a vote in the House of Representatives later this week.

The Cyber Intelligence Sharing and Protection Act (Cispa) is intended to facilitate sharing of information on online threats across different federal agencies and private companies. It has been criticised by both activists and politicians of both Democrats and Republicans for vague wording and insufficient safeguards.

Ahead of the bill coming in front of the House of Representatives alongside three other cybersecurity bills, Alec Ross, a senior adviser for innovation to Hillary Clinton, reiterated the administration’s opposition to the proposals in more explicit language than previous statements from officials.

“The Obama administration opposes Cispa,” he told the Guardian. “The president has called for comprehensive cybersecurity legislation. There is absolutely a need for comprehensive cybersecurity legislation.

“[But] part of what has been communicated to congressional committees is that we want legislation to come with necessary protections for individuals.”

Ross refused to be drawn, however, on whether the White House would consider vetoing the bill were it to pass through Congress

Ross’s comments came as Republican presidential candidate Ron Paul set out his own strident opposition to Cispa.

“Cispa permits both the federal government and private companies to view your private online communications without judicial oversight provided that they do so of course in the name of cybersecurity,” he said on Monday.

“Simply put, Cispa encourages some of our most successful internet companies to act as government spies, sowing distrust of social media and chilling communications in one segment of the world economy where Americans still lead.”

White House questions #CISPA cybersecurity bill #stopCISPA #antiCISPA

anonymissexpress:

The Obama administration didn’t threaten a veto. But it did say information-sharing bills must preserve “privacy and civil liberties” — something that critics say CISPA does not do.

by , April 17, 2012

The White House today expressed concerns about a controversial cybersecurity bill that would authorize Internet companies to divulge confidential customer records and communications.

Opposition from the Obama administration — which stopped short of a veto threat — could imperil the Cyber Intelligence Sharing and Protection Act, which is scheduled for a House of Representatives floor vote next week. CISPA is intended to improve computer security by allowing companies and government agencies to share sensitive information.

In a statement provided to The Hill newspaper, National Security Council spokeswoman Caitlin Hayden said:

While information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation’s urgent needs.

Three months ago, the Stop Online Piracy Act, or SOPA, was defeated by a broad alliance of companies and civil liberties groups. But no such coalition exists here: the House Intelligence committee proudly lists letters of support from Facebook, Microsoft, Oracle, Symantec, Verizon, AT&T, and Intel (which today called CISPA an “important step forward”). And over two dozen trade associations sent a letter to Congress today (PDF) applauding “greater sharing of information.”

Civil liberties groups, on the other hand, remain steadfastly opposed to legal authorization for such broad information-sharing. The American Library Association, the Electronic Frontier Foundation, the libertarian-leaning TechFreedom, and other groups launched a “Stop Cyber Spying” campaign yesterday — complete with a write-your-congresscritter-via-Twitter app — and over 670,000 people have signed an anti-CISPA Web petition.

CNet: White House questions CISPA cybersecurity bill