Aletho News

ΑΛΗΘΩΣ

Tone Deaf Dianne Feinstein Thinks Now Is A Good Time To Revive CISPA

By Mike Masnick | Techdirt | September 25, 2013

We had believed, along with a number of others, that the Snowden leaks showing how the NSA was spying on pretty much everyone would likely kill CISPA dead. After all, the key component to CISPA was basically a method for encouraging companies to have total immunity from sharing information with the NSA. And while CISPA supporters pretended this was to help protect those companies and others from online attacks, the Snowden leaks have reinforced the idea (that many of us had been pointing out from the beginning) that it was really about making it easier for the NSA to rope in companies to help them spy on people.

Also, if you don’t remember, while CISPA had passed the House, the Senate had shown little appetite for it. Last year, the Senate had approved a very different cybersecurity bill, and had expressed very little interest in taking up that fight again this year. Except now, in an unexpected move, Senate Intelligence Committee boss, and chief NSA defender because of reasons that are top secret, has now announced that she’s been writing a Senate counterpart to CISPA and is prepared to “move it forward.”

Yes, it seems that even though the NSA gleefully hid the evidence of widespread abuses from Feinstein’s oversight committee, she’s playing the co-dependent role yet again. Yes, there’s a chance that this new version of the bill will actually take into account privacy and civil liberties, but I doubt many people would take a bet on that being likely.

Right now what the public is concerned about are not “cyberattacks” from foreigners — they’re concerned about our own government undermining the security and privacy of Americans themselves. Giving those responsible for that destruction of privacy and trust more power to abuse the privacy of Americans is not what people are looking for. Quite the opposite.

September 25, 2013 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , , | Comments Off on Tone Deaf Dianne Feinstein Thinks Now Is A Good Time To Revive CISPA

Supporters Say All The Wrong Things to Try and Pass CISPA

By Mark M. Jaycox | EFF | April 8, 2013

Ever since reintroducing CISPA, the so-called “cybersecurity bill,” its supporters promote the bill with craftily worded or just plain misleading claims. Such claims have been lobbed over and over again in op-eds, at hearings, and in press materials.  One “fact sheet” by Rep. Rogers and Ruppersberger titled “Myth v. Fact” is so dubious that we felt we had to comment.

Here are some of the statements supporters of CISPA are pushing and why they’re false:

Supporters of CISPA say, “There are no broad definitions”

Supporters are keen to note that the bill doesn’t have broad definitions. In the “Myth v. Fact” sheet, the authors of CISPA specifically point to the definition of “cyber threat information.” Cyber threat information is information about an online threat that companies can share with each other and with any government agency—including the NSA. In hearings, experts have said that they don’t need to share personally identifiable information to combat threats. But the definition in the bill allows for any information related to a perceived threat or vulnerability—including sensitive personal information—to be shared. Cyber threat information should be a narrowly defined term.

Another example of a broad (or missing) definition is the term “cybersecurity system.”  Companies can use a “cybersecurity system” to “identify or obtain” information about a potential threat (“cyber threat information”). The definition is critical to understanding the bill, but is circular.  CISPA defines a “cybersecurity system” as “a system designed or employed” for a cybersecurity purpose (i.e. to protect against vulnerabilities or threats). The language is not limited to network security software or intrusion detection systems, and is so broadly written that one wonders if a “system” involving a tangible item—e.g., locks on doors—could be considered a “cybersecurity system.”  In practical terms, it’s unclear what is exactly covered by such a “system,” because the word “system” is never defined.

The best example of a dangerous undefined term in the bill is found within the overly broad legal immunity for companies. The clause grants a company who acts in “good faith” immunity for “any decisions made” based off of the information it learns from the government or other companies. Does this cover decisions to violate other laws, like computer crime laws? Or privacy laws intended to protect users? Companies should not be given carte blanche immunity to violate long-standing computer crime and privacy law. And it is notoriously hard to prove that a company acted in bad faith, in the few circumstances where you would actually find out your privacy had been violated.

Supporters of CISPA say, “The bill is not a government surveillance program”

Supporters are adamant CISPA doesn’t create a wide-ranging “government surveillance program.” It’s true the bill doesn’t create such a surveillance program like the one described in the ongoing warrantless wiretapping lawsuits.

But the trick here is what is meant by “government surveillance.”  We think that if the bill aims at having our information flow to the government, it’s tantamount to government surveillance, whether or not the government initially collected the information.

The bill creates a loophole in the privacy laws that prevented companies from disclosing your information to the government and gives companies broad legal immunity for sharing information with the government. As a result, CISPA makes it more likely that companies will surveil their own users and then disclose that information.  The sly wording dodges the key issue: that CISPA encourages companies to conduct surveillance on their networks and hand “cyber threat information” to the government. In short, the bill encourages a de facto private spying regime, with the same end result.

Supporters of CISPA say, “The government can’t read your private email”

Reps. Rogers and Ruppersberger are adamant CISPA doesn’t grant the government access to read private emails. The claim was recently repeated by James Lewis, a fellow at the Center for Strategic and International Studies. But the broad definitions do allow for personal information to be gathered by companies and then sent to the government without any mandatory minimization of personal information. And under the vague definitions an aggressive company could claim that private messages are related to the threat, obtain them, and share then with the government.  If Reps. Rogers and Ruppersberger did want content of emails disclosed under CISPA, it would be easy enough to exclude them explicitly.

Supporters say, “CISPA follows advice from privacy and civil liberty advocates”

In his introduction of the bill, Rep. Rogers assured the audience that he has listened to the privacy and civil liberties community.

This year’s CISPA does contain some language added after privacy and civil liberties advocates complained in 2012.  But those changes didn’t address some big issues that were raised last year, and this year’s privacy and civil liberties complaints about CISPA remain unaddressed.

Let’s Stop CISPA

Reps. Rogers and Ruppersberger are on a strong publicity offensive to make sure the bill passes. The American public deserves full explanations and clear meanings about what CISPA can do and the extent to which it can do it. The public doesn’t need carefully worded messaging materials that obfuscate and mislead a discussion on CISPA. The issues at stake—like the broad legal immunity and new spying powers that allow for companies to collect private, and sensitive, user information—are too serious.

To stop this type of misinformation—and to stop CISPA—we urge you to tell your members of Congress to stand up for privacy.

April 9, 2013 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , , , , | Comments Off on Supporters Say All The Wrong Things to Try and Pass CISPA

Under CISPA, Who Can Get Your Data?

By Rainey Reitman | EFF | March 20, 2013

Under CISPA, companies can collect your information in order to “protect the rights and property” of the company, and then share that information with third parties, including the government, so long as it is for “cybersecurity purposes.” Companies aren’t required to strip out personally identifiable information from the data they give to the government, and the government can then use the information for purposes wholly unrelated to cybersecurity – such as “national security,” a term the bill leaves undefined.

One question we sometimes get is: Under CISPA, which government agencies can receive this data? For example, could the FBI, NSA, or Immigration and Customs Enforcement receive data if CISPA were to pass?

The answer is yes. Any government agency could receive data from companies if this were to pass, meaning identifiable data could be flowing to the Bureau of Alcohol, Tobacco, Firearms and Explosives, the National Security Agency, or even the Food and Drug Administration.

Below is a list of agencies that could get your data under CISPA (Thanks, Wikipedia!). Note that this is just agencies we’ve identified; it’s possible there are even more we haven’t listed here.

Find this offensive and deeply concerning? Email Congress today to oppose CISPA.

Under CISPA, which government agencies can get your data?

Executive Office of the President

Agencies within the Executive Office of the President:

Council of Economic Advisers
Council on Environmental Quality
Domestic Policy Council
National Economic Council
National Security Council
Office of Administration
Office of Faith-Based and Neighborhood Partnerships
Office of Management and Budget
Office of National AIDS Policy
Office of National Drug Control Policy
Office of Intergovernmental Affairs and Public Engagement
Office of Science and Technology Policy
Office of the President
Office of the First Lady
Office of the First Children
Office of the Vice President
Office of the Second Lady
Office of the Second Children
President’s Economic Recovery Advisory Board
President’s Intelligence Oversight Board
President’s Intelligence Advisory Board
United States Trade Representative
White House Office
White House Military Office

United States Department of Agriculture

Agencies within the Department of Agriculture:

Agricultural Marketing Service
Agricultural Research Service
Animal and Plant Health Inspection Service
Center for Nutrition Policy and Promotion
Economic Research Service
Farm Service Agency
Commodity Credit Corporation
Food and Nutrition Service
Food Safety and Inspection Service
Foreign Agricultural Service
Forest Service
Grain Inspection, Packers and Stockyards Administration
Marketing and Regulatory Programs
National Agricultural Statistics Service
National Institute of Food and Agriculture
4-H
Natural Resources Conservation Service
Risk Management Agency
Federal Crop Insurance Corporation
Rural Business and Cooperative Programs
Office of Rural Development
Research, Education and Economics
Rural Housing Service
Rural Utilities Service

United States Department of Commerce

Agencies within the Department of Commerce:

Census Bureau
Bureau of Economic Analysis
Bureau of Industry and Security
Economic Development Administration
Economics and Statistics Administration
Export Enforcement
Import Administration
International Trade Administration
Office of Travel and Tourism Industries
Invest in America
Manufacturing and Services
Marine and Aviation Operations
Market Access and Compliance
Minority Business Development Agency
National Oceanic and Atmospheric Administration
NOAA Commissioned Corps
National Environmental Satellite, Data, and Information Service
National Marine Fisheries Service
National Oceanic Service
National Weather Service
National Telecommunications and Information Administration
Patent and Trademark Office
National Institute of Standards and Technology
National Technical Information Service
Trade Promotion and the U.S. And Foreign Commercial Service

United States Department of Defense

Agencies within the Department of Defense:

Department of the Army
United States Army
Army Intelligence and Security Command
Army Corps of Engineers
Department of the Navy
United States Navy
Office of Naval Intelligence
U.S. Naval Academy
Marine Corps
Marine Corps Intelligence Activity
Department of the Air Force
United States Air Force
Civil Air Patrol
Air Force Intelligence, Surveillance and Reconnaissance Agency
Joint Chiefs of Staff
J-2 Intelligence
National Guard Bureau
Natural Disaster and Disaster Help Program
J-2 Intelligence Directorate
Air National Guard
Army National Guard
America Citizen Militia
America Citizen Militia Intelligence
Defense Advanced Research Projects Agency
Defense Commissary Agency
Defense Contract Audit Agency
Defense Contract Management Agency
Defense Finance and Accounting Service
Defense Information Systems Agency
Defense Intelligence Agency
Defense Logistics Agency
Defense Security Cooperation Agency
Defense Security Service
Defense Technical Information Center
Defense Threat Reduction Agency
Missile Defense Agency
National Security Agency
Central Security Service
National Reconnaissance Office
National Geospatial-Intelligence Agency
Naval Criminal Investigative Service
Pentagon Force Protection Agency
United States Pentagon Police
American Forces Information Service
Defense Prisoner of War/Missing Personnel Office
Department of Defense Education Activity
Department of Defense Dependents Schools
Defense Human Resources Activity
Office of Economic Adjustment
TRICARE Management Activity
Washington Headquarters Services
West Point Military Academy

United States Department of Education

Agencies within the Department of Education:

Federal Student Aid
Institute of Education Sciences
National Center for Education Statistics
National Center for Education Evaluation and Regional Assistance
Education Resources Information Center
National Center for Education Research
National Center for Special Education Research
National Assessment Governing Board
National Assessment of Educational Progress
Office for Civil Rights
Office of Elementary and Secondary Education
Office of Safe and Healthy Students
Office of Postsecondary Education
Office of Special Education and Rehabilitative Services
National Institute on Disability and Rehabilitation Research
Office of Special Education Programs
Rehabilitation Services Administration
Special institutions
American Printing House for the Blind
National Technical Institute for the Deaf
Gallaudet University
Office of Vocational and Adult Education

United States Department of Energy

List of agencies within the Department of Energy:

Energy Information Administration
Federal Energy Regulatory Commission
National Laboratories & Technology Centers
University Corporation for Atmospheric Research
National Nuclear Security Administration
Power Marketing Administrations:
Bonneville Power Administration
Southeastern Power Administration
Southwestern Power Administration
Western Area Power Administration

United States Department of Health and Human Services

Agencies within the Department of Health and Human Services:

Administration on Aging
Administration for Children and Families
Administration for Children, Youth and Families
Agency for Healthcare Research and Quality
Centers for Disease Control and Prevention
National Institute for Occupational Safety and Health
Epidemic Intelligence Service
National Center for Health Statistics
Centers for Medicare and Medicaid Services
Food and Drug Administration
Reagan-Udall Foundation
Health Resources and Services Administration
Patient Affordable Healthcare Care Act Program {to be implemented fully in 2014}
Independent Payment Advisory Board
Indian Health Service
National Institutes of Health
National Health Intelligence Service
Public Health Service
Federal Occupational Health
Office of the Surgeon General
United States Public Health Service Commissioned Corps
Substance Abuse and Mental Health Services Administration

United States Department of Homeland Security

Agencies

Federal Emergency Management Agency
FEMA Corps
U.S. Fire Administration
National Flood Insurance Program
Federal Law Enforcement Training Center
Transportation Security Administration
United States Citizenship and Immigration Services
United States Coast Guard (Transfers to Department of Defense during declared war or national emergency)
Coast Guard Intelligence
National Ice Center
United States Ice Patrol
United States Customs and Border Protection
Office of Air and Marine
Office of Border Patrol
U.S. Border Patrol
Border Patrol Intelligence
Office of Field Operations
United States Immigration and Customs Enforcement
United States Secret Service
Secret Service Intelligence Service

Offices

Domestic Nuclear Detection Office
Office of Health Affairs
Office of Component Services
Office of International Affairs and Global Health Security
Office of Medical Readiness
Office of Weapons of Mass Destruction and Biodefense
Office of Intelligence and Analysis
Office of Operations Coordination
Office of Policy
Homeland Security Advisory Council
Office of International Affairs
Office of Immigration Statistics
Office of Policy Development
Office for State and Local Law Enforcement
Office of Strategic Plans
Private Sector Office

Management

Directorate for Management

National Protection and Programs

National Protection and Programs Directorate
Federal Protective Service
Office of Cybersecurity and Communications
National Communications System
National Cyber Security Division
United States Computer Emergency Readiness Team
Office of Emergency Communications
Office of Infrastructure Protection
Office of Risk Management and Analysis
United States Visitor and Immigrant Status Indicator Technology (US-VISIT)

Science and Technology

Science and Technology Directorate
Environmental Measurements Laboratory

Portfolios

Innovation/Homeland Security Advanced Research Projects Agency
Office of Research
Office of National Laboratories
Office of University Programs
Program Executive Office, Counter Improvised Explosive Device
Office of Transition
Commercialization Office
Long Range Broad Agency Announcement Office
Product Transition Office
Safety Act Office
Technology Transfer Office

Divisions

Border and Maritime Security Division
Chemical and Biological Division
Command, Control and Interoperability Division
Explosives Division
Human Factors Division
Infrastructure/Geophysical Division

Offices and Institutes

Business Operations Division
Executive Secretariat Office
Human Capital Office
Key Security Office
Office of the Chief Administrative Officer
Office of the Chief Information Officer
Planning and Management
Corporate Communications Division
Interagency and First Responders Programs Division
International Cooperative Programs Office
Operations Analysis Division
Homeland Security Studies and Analysis Institute
Homeland Security Systems Engineering and Development Institute
Strategy, Policy and Budget Division
Special Programs Division
Test & Evaluation and Standards Division

United States Department of Housing and Urban Development

Agencies

Federal Housing Administration
Federal Housing Finance Agency

Offices

Center for Faith-Based and Neighborhood Partnerships (HUD)
Departmental Enforcement Center
Office of Community Planning and Development
Office of Congressional and Intergovernmental Relations
Office of Equal Employment Opportunity
Office of Fair Housing and Equal Opportunity
Office of Field Policy and Management
Office of the General Counsel
Office of Healthy Homes and Lead Hazard Control
Office of Hearings and Appeals
Office of Labor Relations
Office of Policy Development and Research
Office of Public Affairs
Office of Public and Indian Housing
Office of Small and Disadvantaged Business Utilization
Office of Sustainable Housing and Communities

Corporation

Government National Mortgage Association (Ginnie Mae)

United States Department of the Interior

Agencies:

Bureau of Indian Affairs
Bureau of Land Management
Bureau of Reclamation
Fish and Wildlife Service
Bureau of Ocean Energy Management (formerly Minerals Management Service)
Bureau of Safety and Environmental Enforcement (formerly Minerals Management Service)
National Park Service
Office of Insular Affairs
Office of Surface Mining
National Mine Map Repository
United States Geological Survey

United States Department of Justice

Agencies:

Antitrust Division
Asset Forfeiture Program
Bureau of Alcohol, Tobacco, Firearms and Explosives
Civil Division
Civil Rights Division
Community Oriented Policing Services
Community Relations Service
Criminal Division
Diversion Control Program
Drug Enforcement Administration
Environment and Natural Resources Division
Executive Office for Immigration Review
Executive Office for Organized Crime Drug Enforcement Task Forces
Executive Office for United States Attorneys
Executive Office for United States Trustees
Federal Bureau of Investigation
Federal Bureau of Prisons
UNICOR
Foreign Claims Settlement Commission
INTERPOL – United States National Central Bureau
Justice Management Division
National Crime Information Center
National Drug Intelligence Center
National Institute of Corrections
National Security Division
Office of the Associate Attorney General
Office of the Attorney General
Office of Attorney Recruitment and Management
Office of the Chief Information Officer
Office of the Deputy Attorney General
Office of Dispute Resolution
Office of the Federal Detention Trustee
Office of Information Policy
Office of Intergovernmental and Public Liaison
Office of Intelligence and Analysis
Office of Justice Programs
Bureau of Justice Assistance
Bureau of Justice Statistics
Community Capacity Development Office
National Criminal Justice Reference Service
National Institute of Justice
Office of Juvenile Justice and Delinquency Prevention
Office for Victims of Crime
Office of Legal Counsel
Office of Legal Policy
Office of Legislative Affairs
Office of the Pardon Attorney
Office of Privacy and Civil Liberties
Office of Professional Responsibility
Office of Public Affairs
Office of Sex Offender Sentencing, Monitoring, Apprehending, Registering and Tracking
Office of the Solicitor General
Office of Special Counsel
Office of Tribal Justice
Office on Violence Against Women
Professional Responsibility Advisory Office
Tax Division
United States Attorneys
United States Marshals
United States Parole Commission
United States Trustee Program

United States Department of Labor

Agencies and Bureaus

Bureau of International Labor Affairs
Bureau of Labor Statistics
Center for Faith-Based and Neighborhood Partnerships (DOL)
Employee Benefits Security Administration
Employment and Training Administration
Job Corps
Mine Safety and Health Administration
Occupational Safety and Health Administration
Pension Benefit Guaranty Corporation
Veterans’ Employment and Training Service
Wage and Hour Division
Women’s Bureau

Boards

Administrative Review Board
Benefits Review Board
Employees’ Compensation Appeals Board

Offices

Office of Administrative Law Judges
Office of the Assistant Secretary for Administration and Management
Office of the Assistant Secretary for Policy
Office of the Chief Financial Officer
Office of the Chief Information Officer
Office of Congressional and Intergovernmental Affairs
Office of Disability Employment Policy
Office of Federal Contract Compliance Programs
Office of Labor-Management Standards
Office of the Solicitor
Office of Worker’s Compensation Program
Ombudsman for the Energy Employees Occupational Illness Compensation Program

United States Department of State

Agencies and Bureaus

National Council for the Traditional Arts

Reporting to the Secretary

Bureau of Intelligence and Research
Bureau of Legislative Affairs
Office of the Legal Adviser

Reporting to the Deputy Secretary for Management and Resources

Executive Secretariat
Office of the Chief of Protocol
Office for Civil Rights
Office of the Coordinator for Counterterrorism
Office of the United States Global AIDS Coordinator
Office of Global Criminal Justice
Policy Planning Staff

Reporting to the Under Secretary for Arms Control and International Security

Bureau of International Security and Nonproliferation
Bureau of Political-Military Affairs
Bureau of Arms Control, Verification and Compliance

Reporting to the Under Secretary for Democracy and Global Affairs

Bureau of Democracy, Human Rights, and Labor
Bureau of Oceans and International Environmental and Scientific Affairs
Bureau of Population, Refugees, and Migration
Office to Monitor and Combat Trafficking in Persons

Reporting to the Under Secretary for Economic, Energy and Agricultural Affairs

Bureau of Economic, Energy and Business Affairs

Reporting to the Under Secretary for Management

Bureau of Administration
Bureau of Consular Affairs
Office of Overseas Citizens Services
Bureau of Diplomatic Security (DS)
Diplomatic Security Service (DSS)
Office of Foreign Missions (OFM)
Overseas Security Advisory Council (OSAC)
Bureau of Human Resources
Family Liaison Office
Bureau of Information Resource Management
Bureau of Overseas Buildings Operations
Bureau of Resource Management
Foreign Service Institute
Office of Management Policy, Rightsizing and Innovation

Reporting to the Under Secretary for Political Affairs

Bureau of African Affairs
Bureau of East Asian and Pacific Affairs
Bureau of European and Eurasian Affairs
Bureau for International Narcotics and Law Enforcement Affairs
Bureau of International Organization Affairs
Bureau of Near Eastern Affairs
Bureau of South and Central Asian Affairs
Bureau of Western Hemisphere Affairs

Reporting to the Under Secretary for Public Diplomacy and Public Affairs

Bureau of Educational and Cultural Affairs
Bureau of International Information Programs
Bureau of Public Affairs
Office of the Historian
Office of Policy, Planning and Resources for Public Diplomacy and Public Affairs

Permanent Diplomatic Missions

United States Mission to the African Union
United States Mission to ASEAN
United States mission to the Arab League
United States mission to the Council of Europe (and to all other European Agencies)
United States Mission to International Organizations in Vienna
United States Mission to the European Union
United States Mission to the International Civil Aviation Organization
United States Mission to the North Atlantic Treaty Organization
United States Mission to the Organisation for Economic Co-operation and Development
United States Mission to the Organization of American States
United States Mission to the Organization for Security and Cooperation in Europe
United States Mission to the United Nations
United States Mission to the UN Agencies in Rome
United States Mission to the United Nations Office and Other International Organizations in Geneva
United States Observer Mission to the United Nations Educational, Scientific, and Cultural Organization
United States Permanent Mission to the United Nations Environment Program and the United Nations Human Settlements Programme

United States Department of Transportation

Agencies

Bureau of Transportation Statistics
Federal Aviation Administration
Air Traffic Organization
Federal Highway Administration
Federal Motor Carrier Safety Administration
Federal Railroad Administration
Federal Transit Administration
Maritime Administration
National Highway Traffic Safety Administration
Office of Intelligence, Security and Emergency Response
Pipeline and Hazardous Materials Safety Administration
Research and Innovative Technology Administration
Saint Lawrence Seaway Development Corporation
Surface Transportation Board

United States Department of the Treasury

Agencies and Bureaus

Alcohol and Tobacco Tax and Trade Bureau
Bureau of Engraving and Printing
Bureau of the Public Debt
Community Development Financial Institutions Fund
Federal Consulting Group
Financial Crimes Enforcement Network
Financial Management Service
Internal Revenue Service
Office of the Comptroller of the Currency
Office of Thrift Supervision
Office of Financial Stability
United States Mint

Offices

Office of Domestic Finance
Office of Economic Policy
Office of International Affairs
Office of Tax Policy
Office of Terrorism and Financial Intelligence
Treasurer of the United States

United States Department of Veterans Affairs

Agencies

National Cemetery Administration
Veterans Benefits Administration
Veterans Health Administration

Independent Agencies and Government Corporations

Administrative Conference of the United States
Advisory Council on Historic Preservation
African Development Foundation
Amtrak (National Railroad Passenger Corporation)
Armed Forces Retirement Home
Central Intelligence Agency
Commission on Civil Rights
Commodity Futures Trading Commission
Consumer Product Safety Commission
Corporation for National and Community Service
Corporation for Public Broadcasting
Court Services and Offender Supervision Agency
Defense Nuclear Facilities Safety Board
Election Assistance Commission
Environmental Protection Agency
Equal Employment Opportunity Commission
Export-Import Bank of the United States
Farm Credit Administration
Federal Communications Commission
Federal Deposit Insurance Corporation
Federal Election Commission
Federal Housing Finance Board
Federal Labor Relations Authority
Federal Maritime Commission
Federal Mediation and Conciliation Service
Federal Mine Safety and Health Review Commission
Federal Reserve System
United States Consumer Financial Protection Bureau
Federal Retirement Thrift Investment Board
Federal Trade Commission
General Services Administration
Helen Keller National Center
Institute of Museum and Library Services
Inter-American Foundation
International Broadcasting Bureau
Merit Systems Protection Board
Military Postal Service Agency
National Aeronautics and Space Administration
National Archives and Records Administration
Office of the Federal Register
National Capital Planning Commission
National Constitution Center
National Council on Disability
National Credit Union Administration
Central Liquidity Facility
National Endowment for the Arts
National Endowment for the Humanities
National Labor Relations Board
National Mediation Board
National Science Foundation
United States Antarctic Program
National Transportation Safety Board
Nuclear Regulatory Commission
Office of the Federal Coordinator, Alaska Natural Gas Transportation Projects
Occupational Safety and Health Review Commission
Office of Compliance
Office of Government Ethics
Office of Personnel Management
Federal Executive Institute
Combined Federal Campaign
Office of Special Counsel
Office of the National Counterintelligence Executive
Office of the Director of National Intelligence
Intelligence Advanced Research Projects Activity
Overseas Private Investment Corporation
Panama Canal Commission
Peace Corps
Postal Regulatory Commission
Railroad Retirement Board
Securities and Exchange Commission
Securities Investor Protection Corporation
Selective Service System
Small Business Administration
Social Security Administration
Tennessee Valley Authority
U.S. Trade and Development Agency
United States Agency for International Development
United States International Trade Commission
United States Postal Service

Inspectors General

Cyber Security Legislation

March 21, 2013 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , | Comments Off on Under CISPA, Who Can Get Your Data?

CISPA passes House in unexpected last-minute vote

RT | 27 April, 2012

The House of Representatives has approved Cyber Intelligence Sharing and Protection Act with a vote count of 248-168. The bill is now headed for the Senate. President Barack Obama will be able to sign or cancel it pending Senate approval.

Initially slated to vote on the bill Friday, the House of Representatives decided to pass Cyber Intelligence Sharing and Protection Act (CISPA) Thursday after approving a number of amendments.

Apart from cyber and national security purposes, the bill would now allow the government to use private information obtained through CISPA for the investigation and prosecution of “cybersecurity crime,” protection of individuals and the protection of children. The new clauses define “cybersecurity crime” as any crime involving network disruption or hacking.

“Basically this means CISPA can no longer be called a cyber security bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a ‘cybersecurity crime.’ Basically it says the Fourth Amendment does not apply online, at all,” Techdirt’s Leigh Beadon said.

Declan McCullagh, correspondent from CNET News, says CISPA will cause more trouble than is immediately apparent.

“The most controversial section of CISPA is the language – that notwithstanding any other portion the of law, companies can share what they want as long as it’s for what they call a ‘cyber security purpose,'” he told RT.

CISPA was introduced in the House last November.  Critics chided the bill, saying its broad wording could allow the government to spy on individual Internet users and block websites that publish vaguely defined ‘sensitive’ data.

“[CISPA] doesn’t really have any protections against cyber threats, all it does is make people share their information. But that’s not going to solve the problem. What’s going to solve the problem is actual security measures, protecting the service in the first place, not spying on people after the fact,” Internet activist Aaron Swartz told RT.

The White House issued a statement Wednesday saying President Barack Obama would be advised to veto the bill if he receives it. The Obama administration denounces the proposed law for potentially giving the government cyber-sleuthing powers that would allow both federal authorities and private businesses to sneak into inboxes and online activities in the name of combating Internet terrorism tactics.

Earlier, the House of Representatives and Senate also considered adopting the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA). These bills sought to entitle the US government to curb access to “rogue websites” that illegally hosted intellectual property. The bills could effectively force search engines to remove these websites from search results, an action many private companies considered intrusive.

PIPA and SOPA were opposed by many Internet giants including Google, Mozilla, Facebook, Yahoo!, Wikipedia and Reddit. Google organized a petition against the legislation, while Wikipedia held a 24-hour blackout to protest the bill in January. As a result, SOPA was recalled while PIPA was postponed indefinitely.

However, CISPA was actually backed by Facebook, despite its opposition to SOPA and PIPA. In a blog post on April 13, Joel Kaplan, Vice President of US Public Policy at Facebook, argued that if enacted into law, the bill would “give companies like ours the tools we need to protect our systems and the security of our users’ information, while also providing those users confidence that adequate privacy safeguards are in place.”

A number of big companies, including AT&T, Microsoft, Boeing, Verizon and Oracle have also supported CISPA.

The CISPA battleground in numbers

April 27, 2012 Posted by | Civil Liberties, Corruption, Full Spectrum Dominance | , , , , , , | Comments Off on CISPA passes House in unexpected last-minute vote

Proposed Amendments to #CISPA Don’t Protect Privacy

By Michelle Richardson | ACLU | April 19, 2012

Yesterday, the House Intelligence Committee released proposed changes to the Cyber Intelligence Sharing and Protection Act of 2011, also known as CISPA that, according to its sponsors, represent “huge progress” towards addressing the privacy and internet freedom community’s concerns.

But, many privacy advocates, including the ACLU, and groups including the Center for Democracy and Technology, Free Press, the Electronic Frontier Foundation and the Constitution Project still maintain their opposition. The changes are so underwhelming that even the Obama administration issued a statement yesterday that their privacy concerns persist.

Here are some of the main problems with CISPA:

1. CISPA still allows companies to share lots of sensitive and private information about our internet use with the government. The proposal amended the definition of what could be shared by taking out its explicit reference to stealing “intellectual property.” But it still allows the sharing of Internet use records or the content of emails for “cybersecurity purposes” and unlike proposals drafted by Sens. Joe Lieberman and Dianne Feinstein or the Obama administration, CISPA does not require companies to even make an effort to remove information that could be tied to a specific individual.

2. CISPA still lets military agencies such as the National Security Agency directly collect the Internet records of American citizens who use the public, domestic, civilian Internet. The proposed changes state that the Department of Homeland Security should be cc’d when companies share our private details with the military and others, but this is no substitute for ensuring that a civilian agency is put in charge of collecting Americans’ information.

3. CISPA still lets the government use the private information it collects about us for any purpose it deems fit outside of regulation. For four months, the draft bill has remained the same: the government can use information collected under this broad new program for “any lawful purpose” so long as a “significant purpose” of its use is a cybersecurity or national security one. But as former federal and FISA court judge James Robertson said at a congressional briefing this week, this “significant purpose” limitation is meaningless. The Patriot Act inserted this language into our foreign intelligence surveillance laws, and since then, in Judge Robertson’s words, they’ve had a “hole you could drive a truck through.”

Hard to see the progress here.

CISPA is still expected to hit the House floor for “Cybersecurity Week” next week. You can find out more about the bills in this memo, and more importantly, help us spread the word on Twitter and write to your Member of Congress today. Let Congress know that in spite of the minor changes floated by the House Intelligence Committee, you still oppose CISPA.

April 20, 2012 Posted by | Civil Liberties, Deception, Full Spectrum Dominance | , , , | 1 Comment

The Disturbing Privacy Dangers in CISPA

By Trevor Timm | EFF | April 15, 2012

This week, EFF – along with a host of other civil liberties groups – are protesting the dangerous new cybersecurity bill known as CISPA that will be voted on in the House on April 23. Here is everything you need to know about the bill and why we are protesting:

What is “CISPA”?

CISPA stands for The Cyber Intelligence Sharing and Protection Act, a cybersecurity bill written by Rep. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) (H.R. 3523). The bill purports to allow companies and the federal government to share information to prevent or defend from cyberattacks. However, the bill expressly authorizes monitoring of our private communications, and is written so broadly that it allows companies to hand over large swaths of personal information to the government with no judicial oversight—effectively creating a “cybersecurity” loophole in all existing privacy laws.  Because the bill is so hotly debated now, unofficial proposed amendments are also being circulated [link] and the actual bill language is in flux.

Under CISPA, can a private company read my emails?

Yes.  Under CISPA, any company can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company. This phrase is being interpreted to mean monitoring your communications—including the contents of email or private messages on Facebook.

Right now, well-established laws, like the Wiretap Act and the Electronic Communications Privacy Act, prevent companies from routinely monitoring your private communications.  Communications service providers may only engage in reasonable monitoring that balances the providers’ needs to protect their rights and property with their subscribers’ right to privacy in their communications.  And these laws expressly allow lawsuits against companies that go too far.  CISPA destroys these protections by declaring that any provision in CISPA is effective “notwithstanding any other law” and by creating a broad immunity for companies against both civil and criminal liability.  This means companies can bypass all existing laws, as long as they claim a vague “cybersecurity” purpose.

What would allow a company to read my emails?

CISPA has such an expansive definition of “cybersecurity threat information” that many ordinary activities could qualify. CISPA is not specific, but similar definitions in two Senate bills provide clues as to what these activities could be. Basic privacy practices that EFF recommends—like using an anonymizing service like Tor or even encrypting your emails—could be considered an indicator of a “threat” under the Senate bills. As we have stated previously, the bills’ definitions “implicate far more than what security experts would reasonably consider to be cybersecurity threat indicators—things like port scans, DDoS traffic, and the like.”

A more detailed explanation about what could constitute a “cybersecurity purpose” or “cyber security threat indicator” in the various cybersecurity bills can be read here.

Under CISPA, can a company hand my communications over to the government without a warrant?

Yes. After collecting your communications, companies can then voluntarily hand them over to the government with no warrant or judicial oversight whatsoever as long is the communications have what the companies interpret to be “cyber threat information” in them. Once the government has your communications, they can read them too.

Under CISPA, what can I do if a company improperly hands over private information to the government?

Almost nothing. CISPA would affirmatively prevent users from suing a company if they hand over their private information to the government in virtually all cases. A broad immunity provision in the proposed amendments gives companies complete protection from user lawsuits unless information was given to the government:

(I) intentionally to achieve a wrongful purpose;
(II) knowingly without legal or factual justification; and
(III) in disregard of a known or obvious risk that is so great as to make it highly probably that the harm of the act or omission will outweigh the benefit.

As Techdirt concluded, “no matter how you slice it, this is an insanely onerous definition of willful misconduct that makes it essentially impossible to ever sue a company for wrongly sharing data under CISPA.” This proposed immunity provision is actually worse than the prior version of the bill, under which companies could be sued if they acted in “bad faith.”

What government agencies can look at my private information?

Under CISPA, companies are directed to hand “cyber threat information” to the Department of Homeland Security (DHS). Once it’s in DHS’s hands, the bill says that DHS can then hand the information to other intelligence agencies, including the National Security Agency, at its discretion.

Can the government use my private information for other purposes besides “cybersecurity” once they have it?

Yes. When the bill was originally drafted, information could be used for all other law enforcement purposes besides “regulatory purposes.” A new amendment narrows this slightly. Now—even though the information was passed along to the government for only cybersecurity purposes—the government can use your personal information for either cybersecurity or national security investigations. And as long as it can be used for one of those purposes, it can be used for any other purpose as well.

Can the government use my private information to go after alleged copyright infringers and whistleblower websites?

Up until last Friday the answer was yes, and now it’s changed to maybe. In response to the overwhelming protest from the Internet community that this bill would become a backdoor for SOPA 2, the bill authors have proposed an amendment that rids the bill of any reference to “intellectual property.”

The bill previously defined “cyber threat intelligence” and “cybersecurity purpose” to include “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.” Now the text reads:

(B) efforts to gain unauthorized access to a system or network, including efforts to gain such unauthorized access to steal or misappropriate private or government information

But it is important to remember that this proposed amendment is just that: proposed. The House has not voted it into the bill yet, so they still must follow through and remove it completely.

A more detailed explanation of how this provision could be used for copyright enforcement and censoring whistleblower sites like WikiLeaks can be read here.

What can I do to stop the government from misusing my private information?

CISPA does allow users to sue the government if they intentionally or willfully use their information for purposes other than what is described above.  But any such lawsuit will be difficult to bring.  For instance, the statute of limitations for such a lawsuit is two years from the date of the actual violation.  It’s not at all clear how an individual would know of such misuse if it were kept inside the government.

Moreover, suing the government where classified information or the “state secrets privilege” is involved is difficult, expensive, and time consuming. EFF has been involved for years in a lawsuit over Fourth Amendment and statutory violations stemming from the warrantless wiretapping program run by the NSA—a likely recipient of “cyber threat information.” Despite six years of litigation, the government continues to maintain that the “state secrets” privilege prevents the lawsuit from being heard.

Given that DHS is notorious for classifying everything—even including their budget and number of employees—they may attempt to prevent users from finding out exactly how this information was ever used. And if the information is in the hands of the NSA and they claim “national security,” then it would get even harder.

In addition, while CISPA does mandate an Inspector General should issue a report to Congress over the government’s use of this information, its recommendations or remedies do not have to be followed.

Why are Facebook and other companies supporting this legislation?

Facebook and other companies have endorsed this legislation because they want to be able to receive information about network security threats from the government. This is a fine goal, but unfortunately CISPA would do far more than that—it would eviscerate existing privacy laws by allowing companies to voluntarily share users’ private information with the government.

Facebook released a statement Friday saying that they are concerned about users’ privacy rights and that the provision allowing them to hand user information to the government “is unrelated to the things we liked about HR 3523 in the first place.” As we explained in our analysis of Facebook’s response: the “stated goal of Facebook—namely, for companies to receive data about cybersecurity threats from the government—does not necessitate any of the CISPA provisions that allow companies to routinely monitor private communications and share personal user data gleaned from those communications with the government.” Read more about why Facebook should withdraw support from CISPA until privacy safeguards are in place here.

What can I do to stop this bill?

It’s vital that concerned Internet users tell Congress to stop this bill. Use EFF’s action center to send an email to your Congress member urging them to oppose this bill.

April 16, 2012 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , , , | 4 Comments