Like a zombie it may rise again. But around 2 o’clock yesterday afternoon, members of the Senate confided to US News that in the way as the CISPA House Bill was passed, “that” bill is dead. Pieces of it may be pushed through the Senate in an effort to preserve the parts that protect our cyber-structure, but those pieces designed to protect sitting politicians… consider them tossed.
Mike Rogers (R-Mich.), CISPA’s sponsor, has been pushing for such a bill for years, and has repeatedly insisted this will be the year it becomes law. President Obama vowed to veto it if it passed in an answer given to over 100,000 signings of a White House petition… 300,000 people petitioned Congress to scrap it.
Cybersecurity lobbying has doubled in 2012 alone, outspending privacy groups by a factor of 14 to one. …$55 million to $4 million.
Essentually CISPA was supposed to help with cyber attacks. If we were attacked by a Stuxnet virus, CISPA would drop all privacy issue restraints and allow anyone connected to security to roam through any and all accounts with impunity….
Like credit card numbers. Like patient information. Like pictures of you in the nude. Like your contacts and business associates. Once compromised and if anything were to happen to you, say, information was leaked to your boss, or your spouse, or put inside a newspaper for everyone to read, you could not sue, you would have no recourse and most likely, you would be completely unaware this was going on until a friend happened to see it and let you know….
The sponsor of the bill, wrongly says this is absolutely necessary to protect us from threats. However, not being able to sue because you were fired because you boss saw a medical file showing you were being treated for cancer, does little to protect us from Chinese hackers.
And that is the problem. Furthermore, so much stuff flows on the internet, that asking providers for specific data, is like asking someone to retrieve a certain molecule of water from a flowing river. If CISPA passed, the internet would grind to a halt, as every search engine, every server, struggled to filter and organize all their data so if asked, they could legally provide.
It is a bad bill. Yet it’s sponsor keeps bringing it back. and back. and back. Here is the Fourth Amendment to the US Constitution. The one CISPA violates.
This is the anti-phishing amendment. If you don’t have any charges to press, and don’t know of any particular evidence in a person’s possession, it is illegal to go to their house when they are not there, and look around for something to pin on them…. yet that is exactly what CISPA sponsor Mike Rogers bill will do….
It allows Senator Joesph McCarthy hearings to take place without the hearing.
But more odd is how one private company is all over Mr. Roger’s CISPA, there at its inception, its creation, its Reichstag moment, and it’s demise. That private company is the cybersecurity consulting firm Mandiant…. who is owned and run by Kevin Mandia out of Alexandria Virginia. Kevin Mandia was brought in by Mark Rogers to testify as to the dangers our computer system faced.
“China’s economic espionage has reached an intolerable level,” he said at a congressional hearing in October 2011. As head of the House Intelligence committee he held a hearing on “Chinese hacking” and one of those creating the report, was Kevin Mandia who was thanked by Rogers at the hearing’s end.
At the hearing, cyber security groups were in force to testify, but no privacy groups were allowed inside. The Conversation was one way with the cyber security groups insisting they would only share anonymous information with each other… Unfortuately that assertion could not be challenged.
But outside the closed hearing, privacy groups are saying it would let “companies hand over large swaths” of individuals’ private information “to the government, without a warrant.” Credit card numbers, bank papers, phone contacts….
Rogers argues that is a consequence, not an intent. No matter the reasoning behind it, CISPA allows it to happen. Quite possibly thousands or tens of thousands can be looking over your data because you happen to bank at Bank of America, or shop at Caldor… or Wal*Mart…. when they came under attack….
Then last year’s version was shot down, Rogers was undeterred.
Then, almost as if on cue for this spring legislative session, in February 2013. the New York Times announced it had been hit by Chinese hackers, followed shortly by the Washington Post and Wall Street Journal. Then Twitter, Facebook, and Microsoft. Their stories differed, as did the severity of the attacks, but everybody agreed: These hacks were sophisticated, and they all seemed to come from China…..
You probably remember the headline, just before the House vote on CISPA….
A cybersecurity firm had found the source of those attacks. In no uncertain terms, the firm claimed to have traced the hacking operation to a single, 12-story building outside of Shanghai: People’s Liberation Army (PLA) Unit 61398. Hiding in plain sight, the report said, was a dedicated hacking operation run by the Chinese government…..
And the firm that released it? Mandiant, whose CEO advised Rogers that day.
Mandiant’s report, backed by pages of data and years of research, relies on a few simple pieces of evidence. A loose coalition of similarly styled hacks all stem from the same source, codenamed APT1 (short for “Advanced Persistent Threat”). Mandiant traced the vast majority of the attacks to China—Shanghai, specifically—and noted that Unit 61398 was uniquely capable of sustaining such a sophisticated operation.
What was just said, was that these hack were traced to Shanghai and in Shanghai there is this building so they had to come from there…
Not so fast, says the head of another cyber-security agency. Jeff Carr, CEO of a different cybersecurity firm, Taia Global. He has a different explanation.
The fact that most hackers’ Internet protocol (IP) addresses trace back to China doesn’t mean much. Those are easy to fake—heck, moderately sophisticated Internet pirates fake theirs all the time to avoid getting caught. China, indignant, countered the Mandiant report, partially on those lines. “As we all know, hacker attacks almost always steal IP addresses. It is common practice online,” China’s Department of Defense announced after Mandiant’s report, though it also said it traced a million hacks on its own network to the U.S., via those attackers’ IP addresses.
What that says in plain language was that a million hacks came from the US into the Chinese system and then went back to the US. A million hacks came from the US … just before CISPA was to be voted upon. And you have this very cozy relationship with the sponsor of the CISPA bill and a cyber security firm which announced earlier that China was one day going to do massive hacks into the United States….
It worked. It fooled Democrat John Carney. He voted for CISPA.
Bottom line is that CISPA would allow private companies (like Facebook, or your Internet service provider) to share your emails, text messages, or stored files with the government for “cybersecurity purposes,” and it would trump the existing laws that allow you to sue those companies for privacy violations.
All you know is that you got fired without cause and escorted out of your building…..
Sharing information is a flawed concept…. It is absolutely the wrong way to thwart an attack. Such that it appears the main thrust of the bill is to access information, NOT thwart a cyber attack…
To thwart a cyber attack, one must take this approach….
But, as for now these details are all for naught ….
CISPA’s gone, one more round, CISPA’s gone…..
kavips 
Leave a comment
Comments feed for this article