You are currently browsing the category archive for the ‘CISPA’ category.

“Every curious mind with an increasingly common appliance has the world of answers to virtually any question at their fingertips. The communications alone that the Internet makes possible is a brilliant step forward for humanity.”

Get involved. Net neutrality is about money and who gets it… Humanity needs this Internet. And we need it to be free.

Advertisements

It is clearer now that the biggest benefactors for the NSA spying were commercial enterprises. The Obama administration went along with the Bush plan and accelerated it, primarily to give American companies a heads up, and keep jobs here.  It worked too.

One can’t argue with success. But one can find how American businesses were co-opted to assist the NSA.  From the Guardian, the following, allegedly from Snowden himself.

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a “team sport”.

it is revealing that the beneficiaries of the Patriot Act and probably one of the reasons it has been intact long after terrorism faded offshore, are the exact same who are suing each other left and right, using the anti-piracy laws as their barrage.  It appears that laws are not for people anymore; they are for corporations.  It is corporations who want the US to fund listening posts for every American word and sentence.

The only way to fix that, is to divide the corporations Teddy-Roosevelt-style, thereby giving We, the People a little more clout.  …

Like a zombie it may rise again.  But around 2 o’clock yesterday afternoon, members of the Senate confided to US News that in the way as the CISPA  House Bill was passed, “that” bill is dead.  Pieces of it may be pushed through the Senate in an effort to preserve the parts that protect our cyber-structure,  but  those pieces designed  to protect sitting politicians…  consider them tossed.

Mike Rogers (R-Mich.), CISPA’s sponsor, has been pushing for such a bill for years, and has repeatedly insisted this will be the year it becomes law. President Obama vowed to veto it if it passed in an answer given to over 100,000 signings of a White House petition… 300,000 people petitioned Congress to scrap it.

Cybersecurity lobbying has doubled in 2012 alone, outspending privacy groups by a factor of 14 to one. …$55 million to $4 million.

Essentually CISPA was supposed to help with cyber attacks.  If we were attacked by a Stuxnet virus, CISPA would drop all privacy issue restraints and allow anyone connected to security to roam through any and all accounts with impunity….

Like credit card numbers.  Like patient information.  Like pictures of you in the nude. Like your contacts and business associates. Once compromised and if anything were to happen to you, say, information was leaked to your boss, or your spouse, or put inside a newspaper for everyone to read, you could not sue, you would have no recourse and most likely, you would be completely unaware this was going on until a friend happened to see it and let you know….

The sponsor of the bill, wrongly says this is absolutely necessary to protect us from threats.  However, not being able to sue because you were fired because you boss saw a medical file showing you were being treated for cancer,  does little to protect us from Chinese hackers.

And that is the problem.  Furthermore,  so much stuff flows on the internet, that asking providers for specific data, is like asking someone to retrieve a certain molecule of water from a flowing river.  If CISPA passed, the internet would grind to a halt, as every search engine, every server, struggled to filter and organize all their data so if asked, they could legally provide.

It is a bad bill. Yet it’s sponsor keeps bringing it back. and back. and back.  Here is the Fourth Amendment to the US Constitution.  The one CISPA violates.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

This is the anti-phishing amendment.  If you don’t have any charges to press, and don’t know of any particular evidence in a person’s possession, it is illegal to go to their house when they are not there, and look around for something to pin on them….  yet that is exactly what  CISPA sponsor Mike Rogers bill will do….

It allows Senator Joesph McCarthy hearings to take place without the hearing.

But more odd is how one private company is all over Mr. Roger’s CISPA, there at its inception, its creation, its Reichstag moment, and it’s demise. That private company is the  cybersecurity consulting firm Mandiant…. who is owned and run by Kevin Mandia out of Alexandria  Virginia.  Kevin Mandia was brought in by Mark Rogers to testify as to the dangers our computer system faced.

“China’s economic espionage has reached an intolerable level,” he said at a congressional hearing in October 2011.  As head of the House Intelligence committee  he held a hearing on “Chinese hacking”  and one of those creating the report, was Kevin Mandia who was thanked by Rogers at the hearing’s end.

At the hearing, cyber security groups were in force to testify, but no privacy groups were allowed inside.  The Conversation was one way with the cyber security groups insisting they would only share anonymous information with each other…  Unfortuately that assertion could not be challenged.

But outside the closed hearing, privacy groups are saying  it would let “companies hand over large swaths” of individuals’ private information “to the government, without a warrant.”  Credit card numbers, bank papers, phone contacts….

Rogers argues that is a consequence, not an intent.  No matter the reasoning behind it, CISPA allows it to happen.  Quite possibly thousands or tens of thousands can be looking over your data because you  happen to bank at Bank of America, or shop at Caldor… or Wal*Mart…. when they came under attack….

Then last year’s version was shot down, Rogers was undeterred.

There “appears to be a new level of threat that would target networks from—I’ve got to be careful here—an unusual source,” he said. He joked about how he wanted to share what he knew but couldn’t, because it was classified.  “I look really bad in those orange jumpsuits with the numbers on the back,” he told his audience…..

Then, almost as if on cue for this spring legislative session, in February 2013. the New York Times announced it had been hit by Chinese hackers, followed shortly by the Washington Post and Wall Street Journal. Then Twitter, Facebook, and Microsoft. Their stories differed, as did the severity of the attacks, but everybody agreed: These hacks were sophisticated, and they all seemed to come from China…..

You probably remember the headline, just before the House vote on CISPA….

A cybersecurity firm had found the source of those attacks. In no uncertain terms, the firm claimed to have traced the hacking operation to a single, 12-story building outside of Shanghai: People’s Liberation Army (PLA) Unit 61398. Hiding in plain sight, the report said, was a dedicated hacking operation run by the Chinese government…..

And the firm that released it? Mandiant, whose CEO advised Rogers that day.

Mandiant’s report, backed by pages of data and years of research, relies on a few simple pieces of evidence. A loose coalition of similarly styled hacks all stem from the same source, codenamed APT1 (short for “Advanced Persistent Threat”). Mandiant traced the vast majority of the attacks to China—Shanghai, specifically—and noted that Unit 61398 was uniquely capable of sustaining such a sophisticated operation.

What was just said, was that these hack were traced to Shanghai and in Shanghai there is this building so they had to come from there…

Not so fast, says the head of another cyber-security agency. Jeff Carr, CEO of a different cybersecurity firm, Taia Global. He has a different explanation.

“Mandiant provided lots of facts about the PLA, and they provided a lot of facts about how APT1 works, I’m not disputing those.What I’m disputing is the conclusion that they drew. They created a table: In one column was characteristics of the PLA, the other was APT1, and they seemed to believe that the only possible conclusion was that the PLA is APT1. Well, that’s not the only possible conclusion.”   Those other possibilities include Russia, Israel, and France, which the U.S. has acknowledged engages in cyber-espionage. It could also include Ukraine, Taiwan, or Germany. Or “APT1 could just be a group of professional hackers that are stealing information and selling it,” Carr said. “In fact, that makes more sense to me because of the lack of operation security that’s been exhibited by these guys.”

The fact that most hackers’ Internet protocol (IP) addresses trace back to China doesn’t mean much. Those are easy to fake—heck, moderately sophisticated Internet pirates fake theirs all the time to avoid getting caught. China, indignant, countered the Mandiant report, partially on those lines.   “As we all know, hacker attacks almost always steal IP addresses. It is common practice online,” China’s Department of Defense announced after Mandiant’s report, though it also said it traced a million hacks on its own network to the U.S., via those attackers’ IP addresses.

What that says in plain language was that a million hacks came from the US into the Chinese system and then went back to the US.  A million hacks came from the US … just before CISPA was to be voted upon.    And you have this very cozy relationship with the sponsor of the CISPA bill and a cyber security firm which announced earlier that China was one day going to do massive hacks into the United States….

It worked.  It fooled Democrat John Carney.  He voted for CISPA.

“China is like the boogeyman to promote [CISPA],” cyber security specialist Carr added. “If you increase the fear around China, and then you wave CISPA, hopefully you will attract more movement to simply pass that—some blind attempt to heighten security.”

Bottom line is that CISPA would allow private companies (like Facebook, or your Internet service provider) to share your emails, text messages, or stored files with the government for “cybersecurity purposes,” and it would trump the existing laws that allow you to sue those companies for privacy violations.

All you know is that you got fired without cause and escorted out of your building…..

Sharing information is a flawed concept….   It is absolutely the wrong way to thwart an attack.  Such that it appears the main thrust of the bill is to access information, NOT thwart a cyber attack…

To thwart a cyber attack, one must take this approach….

“The solution is to assume your network is going to be breached, and you need to be able to identify what’s of value on that network, and segregate it and monitor it in real time. If somebody does gain access, and they’re accessing it from an IP address you don’t recognize or at a time of day where they shouldn’t be, you can immediately lock down that file. It’s known as data protection.    “It’s like the TSA. You tried to bring a bomb aboard in your shoe, so from now on we’ll just have everybody take off their shoes. 

But, as for now these details are all for naught ….

CISPA’s gone, one more round, CISPA’s gone…..

I’m really sick today.. You see, when I was growing up, I was a history buff. I read childhood biographies of famous people, usually with the book behind the textbook while the teachers droned on and on, but once as a tyke, who upon seeing the obligatory National Park Film in the Williamsburg Visitors Center, after Patrick Henry sat down, I swore, I would always fight to protect the Constitution…. At that moment, even little as I was, I think I understood that I was temporary… But the Constitution like God, needed to be around forever…

With childish enthusiasm I imagined myself at times on the bridges of Lexington and Concord, roaming the swamps of South Carolina, and firing my muskets at King’s Mountain, and most importantly, crossing that line in the dirt on December 31, 1776 when no one else wanted to, to enlist till the end of the war.. . When it made the real difference, I said, I would step up at my own peril..

Today, I feel as George Washington must have, perched upon his horse on the New Jersey banks of the Hudson, watching the British inhabit New York and knowing there was nothing he or anyone else could do about it… Overmatched, the cause of freedom had taken a body slam.

Perhaps it is more like going back 2000 some years though. And being full of great optimism and hope for a burgeoning empire, a group of city states destined to prosper and rise, one whose morals would be impeccable, and suddenly without warning, ones best friend pulls out a knife and shoves it into your flesh and others pull out theirs, opening wounds where they can.

The Fourth Amendment to the US Constitution states that …. oh damn, here it is in it’s entirety.

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Granted there have been times, particularly at war, when protecting Americans meant going against the grain of this… If someone is about to shoot you, I mean, it certainly would help if you know about it first…..

The problem with too much accumulation of information, is that once you have it, it can be used. Assurances along the lines of “I’ll never do that”… always down the line get replace with platitudes of…. ” I did it because I could…” or… ” I needed to.”

So having every thing you’ve ever done electronically in a file instantly accessed by simply typing in your name, can be a bit disconcerting… It’s a catch 22. If you have not a single demerit because you lead such a bland life, you get castigated for being a wallflower and uninteresting. On the other hand, if you take risks to live life fully, you get castigated for the errors you made… Either way, those with the power will use it to castigate you for something…. And though disguised as their trying to put you in your place, it is really their effective attempt to prove to others they wield power…

Today’s Senate voted overwhelmingly to continue the FISA Admendments Act. Like ACTA or CISPA or any other internet freedom restricting acts, had opposition been organized, it may have demanded another outcome. But today’s bill arose out of nowhere, and leadership demanded it pass, and pass it did….

Numb today, I understand the implications. It is like we chose to keep Japanese interned in concentration camps after the war was over. It is that bad.. If we are doing it for the Japanese, eventually someone argues, why not anyone else? And really, how else can one answer such an argument except to expand the offense to a greater scale?

I didn’t find about the attempted coup until waking up 3 am today. I did see outrage that Zuckerman’s picture was Twittered off a private feed! The silence over government taking our freedom, and the outrage over the release of privacy, is a stunning comparison. It begs the question: what is wrong with all of us? Shouldn’t the outrage be the other way around?

For the first time that I can find, we as a nation, have chosen to continue a war-powers act, on into peace-time. 9/11 is gone. Bin Laden is dead. We’ve preditor’d out Al Qaieda’s 2nd, 3rd, 4th, 5th, 6th, in command. We are out of Iraq. We will soon be out of Afghanistan. We are not in a war for our nation’s survival. So why does the government need access into every American’s email, facebook account, twitter, photo’s? Why does the FBI need to show up at your facebook friends home, with a letter stating that you are under surveillance and then asking questions of their relationship with you, then forcing their silence by telling them that they can be prosecuted themselves if they even reveal to you that they’d had contact with government officials? Gee, did you ever had a friend get weird on you suddenly, like for no reason?

Should our government be allowed to do that?

According to the text of the Fourth Amendment listed above…. Absolutely Not.

And it was over before the child in me could even get his powder cartridge out of his gunnysack…

The House of Representatives passed CISPA late last night.   It passed 248 – 168.  Delaware’s John Carney voted for it…

Most of you know it is bad, but don’t know why…

CISPA is a bill to create better collusion between giant businesses and government.  The idea came about that if China staged an attack,  on banks, water towers, and the Pentagon, with the sharing of information, we would be aware it was a large scale attack in real time, and not, after each department had reported they were down.

The main force behind the bill is that it protects private companies from being sued for turning over information that was so private, it could not have been turned over under previous laws, such as the National Security Act of 1947.   It also removes the protections inside the Wiretap Act and Electronic Communications Privacy Act, that helped keep our private matters private.

The fear is that without lawsuits, there will be no protection with how ones privacy issues get flung around.

Companies like Facebook, Amazon, Google and Netflix  (many of which are supporting CISPA) are facing dozens of privacy-related lawsuits — CISPA might be a way to sidestep some of these.

Furthermore, the government could utilize CISPA to remove all civil liberties.

So we have all these negatives, with no positives.

The bill, as most actions passed by Congress these days, falls short in what it is supposed to do…

Obviously if we have less threats and less vulnerabilities, we have a safer Internet.  So far the system has worked where if a worm appears, a patch is created to patch that hole.  The vulnerabilities continue to exist, but once a patch is created,  their effectivness is over.

CISPA takes a different approach.  If the current system is defensive, the CISPA takes the offensive approach.   The  CISPA acts like our CIA,  looking through every file, trying to find out as much as it can, and thereby have the patch in advance of the problem…

CISPA allows a knucklehead like me, who thinks he knows everything, to say, you know, Dave Burris has been quiet for a while.  He must be up to something.  And just on that flimsy pretext alone, everything of Dave’s is captured, stored, and analyzed.   In todays corrupt society, all it takes is a dollar of the correct dimension, and Dave’s secrets are now the property of someone else.  Dave gets mad, sues, and finds he can’t.  Because of CISPA.

Just to be fair, let’s say Jason and Deldem, are both writing less.  Both has said incendary things about Republicans… Suddenly, dirt, long buried, long fogotten is getting flung around.  Whisper campaigns start and pretty soon, Jason and Deldem are feeling like pariahs.  They have no idea why.  When they find out, turns out it was over a typo.  They didn’t say what they where secretly blamed.  They try to sue, and sorry, can’t… it’s CISPA.

The current insurance commissioner has bad feelings about Mitch Crane.  She tells the large insurers and they pull pictures out of Mitch’s file from college.  Those get published and Mitch spends all his time defending his actions, he never gets to say what a crook the current insurance commissioner is…

Furthermore, as EFF point out, CISPA doesn’t help us average Americans. If a potential threat is discovered,  it’s defense, is only good as long as the enemy, doesn’t know we know how to defeat it.  Therefore, a patch is made, but, it must be kept secret.  Just like when we cracked the code of Hitler,  a lot of security went into keeping that fact secret so the code would continue…

What CISPA does, is if it finds a potential threat, it creates a patch and gives it to only a very select few.   The rest of us are hung out in the wind, our computers crash, and only those, who have the secret, are up and running.

I’m sure as I’m explaining these implications, you can begin to see why the Obama Administration says it will veto this.

It shifts more power away from us to the corporate and privileged class.

In a nutshell, the principal of this bill is this:  China and Russia have been protecting their cyber security for years.   The communist establishment moved seamlessly into controlling the Internet of the private sector.  We just started.  This bill makes us more like China and Russia….

The gut felt antagonism against this bill, ….  is that WE don’t want to live like Chinese of Russians….

We’re Americans… This bill will change that….

Contact John Carney here.   Let him know that he needs to update himself on cyber-security and not take what he gets told for granted…. He made a mistake.  A big one.  If you are a Republican reading this, here is your issue.  You got him.

If this bill passes, nothing of your’s, mine, or his life, is private anymore.