Some more regarding why CISPA really doesn't do much of what it claims to do and whole bunch that it's supporters claim it doesn't.
By Dan Tynan, April 23, 2012, 2:33 PM
The latest 'cyber security' bill is less about protecting us from hackers and spies, and much more about using Facebook and Google to prosecute whistleblowers.
It’s the oldest trick in the Congressional playbook. When you’ve got a piece of legislation you know people will object to because it violates their basic Constitutional rights, call it a “security” bill. Anyone who opposes that bill automatically becomes a friend of the terrorists, the communists, or any other boogieman-du-jour.
So it was with the Patriot Act, a Christmas gift for law enforcement that had been sitting around for years, waiting for an event so horrific Congress would happily gut the Fourth Amendment in the rush to remain ‘secure.’ Yes, the Patriot Act broke down bureaucratic barriers between different security agencies, enabling them to share information more efficiently in a post-9/11 world. It also expanded the government’s ability to spy on American citizens who were not suspected of wrongdoing and avoid judicial checks and balances in cases that had nothing to do with terrorism.
And so it is with the Cyber Intelligence Sharing and Protection Act (CISPA), another “security” bill that enables the free flow of information – in this case from private companies to the Federal government, and vice versa.
As I wrote last week, one of CISPA’s biggest problems is that its definition of “cyber threat” includes “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”
Upload the latest Gotye MP3 to a torrents hub? That’s a cyber threat. Publish proprietary training manuals for a skeezy religious cult on the Web? That’s a cyber threat. Leak the Pentagon Papers to the New York Times and Washington Post? That too would be a cyber threat.
One might be willing to write off a bill whose definition of security threats includes the Pirate Bay, WikiLeaks, and our nation’s paper of record as just sloppy legislating. But this is no accident. CISPA is directly targeting people who leak government and nongovernment secrets to journalists or anyone else – and they want to deputize Facebook, Google, Twitter, and Microsoft to help do their dirty work.
Stephen Aftergood, author of the Secrecy News blog for the Federation of American Scientists, found the smoking gun in the transcripts to a May 2011 hearing of the US Senate’s Select Committee on Intelligence [PDF], which were made public last week.
The hearing concerned the confirmation of Lisa O. Monaco to head up the Justice Department’s National Security Division. The senators were keenly interested to hear about how the DOJ is prosecuting government whistleblowers for leaking information to the media, and how they can increase that number. Here’s one of the prehearing questions [PDF] Monaco answered:
Are there any steps that the Department could take to increase the number of individuals who are prosecuted for making unauthorized disclosures of classified information to members of the news media?
Her answer? She would direct the DOJ to “aggressively pursue” those cases – and she has. As Aftergood notes,
…the number of individuals charged with Espionage Act violations by the Obama Administration for disclosing information to the media without authorization is unprecedented and exceeds all previous cases in all prior Administrations combined.
The reasons? One is the intense focus on this demanded by the US Congress, inspired clearly by the Bradley Manning-WikiLeaks case. But another is the relative ease of tracing communications between inside sources and journalists via their “electronic footprints,” says Aftergood. And that is where CISPA comes in.
Having a private DM conversation with a journalist on Twitter or via a Facebook chat? Those convos are no longer private, if Uncle Sam says so. The very fact that a person with access to sensitive information is talking to the media is enough to make them fall under suspicion -- and to intimidate others from ever talking at all.
By enabling the Feds to gain access to all of our electronic communications -- while offering legal immunity to companies like Facebook or Google who cooperate in good faith -- all of our electronic footprints can be shadowed, no matter where they fall. Private companies can just hand over any information that is requested, no subpoena required. And this doesn’t apply only to classified government information, as in the Bradley Manning case – it applies to anything with a copyright attached or that is deemed “intellectual property” by a private entity.
In short, it’s a war on whistleblowers and corporate leakers. And in that CISPA becomes a direct threat to the First Amendment.
This means that the fight against CISPA will be even tougher than it looks. That vague and overbroad language in the bill is not a mistake; it is what CISPA is all about, which means it’s unlikely to be amended out.
I don’t know about you, but that makes me feel less secure, not more.
Re: How CISPA threatens our First Amendment rights
April 26 2012, 10:15 AM
Well it is good to see that at least some Congressmen are moving beyond the "you are with the terrorists if you object to having your constitutional rights trampled upon" routine.
CISPA sponsors say they'll further amend bill to address privacy concerns
April 25, 2012 | By David Perera
CDT says 'fundamental flaws' remain
Co-sponsors of Cyber Intelligence Sharing and Protection Act said April 24 they'll propose a series of amendments on the House floor to address privacy concerns provoked by their bill, which watchdogs have criticized for allowing excessive Internet use data to flow to the government.
Among the amendments Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) said they'll support is one (PDF) that would further limit federal use of cyber threat information shared with the government.
The amendment stipulates that the government could use the information for cybersecurity purposes and the investigation and prosecution of cybersecurity crimes, as well as in investigations and prosecutions involving serious bodily harm or for the protection of minors from child pornography or serious physical threats, and to "protect the national security of the United States."
Automate Correspondence Tracking with Intelligent Imaging
Another amendment (PDF) would require the federal government to "undertake reasonable efforts to limit the impact on privacy and civil liberties of the sharing of cyber threat information" and prohibit agencies from retaining or using shared cyber threat information for purposes other than those specified in the bill.
A third (PDF) would tighten the definition of information that could be shared with the government by the private sector, specifically excluding violations of consumer terms of service or consumer licensing agreements that aren't otherwise attempts at unauthorized access.
Rogers said the purpose of the bill is to protect U.S. companies from advanced foreign cyber threats in a "manner that doesn't sacrifice the privacy and civil liberties of Americans, and I am confident that we have achieved that goal."
The Center for Democracy and Technology, an outspoken critic of the bill, responded with an April 24 blog post stating that the amendments make progress against the issues they've raised, but "fundamental flaws remain."
Among the objections they raise that remain unresolved is the ability of Internet service providers under the bill to share information directly with federal agencies such as the National Security Agency. "This is a fundamental remaining concern, since the bill could result in the NSA having a wider window into traffic on private sector networks," CDT says.
The "national security" use of shared information is also a big concern, CDT says.
"We don't think the information should be used for intelligence gathering," said Kendall Burman, CDT senior national security fellow, in a brief interview.
In addition, the watchdog says language in the bill permitting ISPs to use "cybersecurity systems" to identify and obtain cyber threat information to automatic sharing with the government could open the door to private sector use of the EINSTEIN system, a network monitoring tool used by the government of shaky constitutional permissibility.
Re: How CISPA threatens our First Amendment rights
April 27 2012, 11:27 PM
"Annnnd it passes. "
But it still has to pass the Senate and the President...not sure what the support looks like for it in the Senate, but I know Obama has been talking about adding some more privacy to it.
White House threatens CISPA veto
By David Perera, April 25, 2012
The White House says it'll veto the Cyber Intelligence Sharing and Protection Act if Congress approves it in its current form.
The House is set to consider the controversial cybersecurity bill (H.R. 3523) April 26. In a statement of administration policy (.pdf) issued the day before, the Obama administration said CISPA treats domestic cybersecurity as an intelligence activity whereas it should be a civilian one. It also repeals "important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards," and does not address the protection of critical infrastructure systems, administration officials wrote.
A rebuttal quickly issued by the bill's two main sponsors, House Intelligence Committee Chairman Mike Rogers (R--Mich.) and Ranking Member Dutch Ruppersberger (D-Md.), took issue with the administration's points. Critical infrastructure, they said, is outside their committee's purview, and the statement doesn't address proposed amendments taken in response to privacy and civil liberties concerns the two say they'll support.
But even those amendments aren't enough to satisfy privacy and civil liberties concerns, wrote Center for Democracy & Technology Senior Counsel Greg Nojeim in an April 25 blog post. They leave unaddressed two key issues: cyber threat information sharing from the private sector to the National Security Agency, and the still-too broad purposes for which that information can be utilized by federal agencies, he wrote.
In a statement to reporters issued late on April 25, the CDT said it now opposes the bill after having spent earlier days attempting to work with Congress to introduce additional language narrowing the bill's scope.
The House Rules Committee approved 16 amendments (.pdf) (including those also endorsed by Rogers and Ruppersberger) for consideration by the floor--and not included in those 16 are two that would have restricted defense and intelligence agencies from the CISPA cyber threat sharing program, and one that would have required probable cause before shared information were to be used besides for cybersecurity purposes.
"Now that the House leadership has decided to block amendments addressing two of our core issues, CDT cannot stand silent. We must oppose CISPA," the statement says.
Debate on the bill is set to commence at noon. Also set for consideration April 26 is a less controversial bill (H.R. 4257) that would modify the Federal Information Security Amendments Act to mandate continuous monitoring security programs at federal agencies. The Congressional Budget Office says the bill, sponsored by Reps. Darrell Issa (R-Calif.) and Elijah Cummings (D-Md.) would cost $710 million to implement over 5 years.