They say the first step is admitting you have a problem. But sometimes that's the easy part.

When it comes to cybersecurity, it seems everyone in Washington admits we have a problem. It's in the solutions phase where things really start to fall apart for policymakers.

Instead of focusing on ways to make our data (and the devices we store it on) more secure, Washington keeps offering up "cybersecurity" proposals that would poke huge holes in privacy protections and potentially funnel tons of personal information to the government, including the NSA and the military.

Thursday, the Senate Intelligence Committee met behind closed doors to mark up the Cybersecurity Information Sharing Act of 2015. They voted 14–1 to advance the bill, with Senator Wyden offering the lone no vote.

Unfortunately, by all accounts, CISA is one of those privacy-shredding bills in cybersecurity clothing.

If you remember CISPA, the information-sharing bill that fell under the weight of its privacy failings last Congress and even drew a veto threat from President Obama, the problems with CISA might sound a little too familiar. This bill is arguably much worse than CISPA and, despite its name, shouldn't be seen as anything other than a surveillance bill – think Patriot Act 2.0.

The bill could also pose a particular threat to whistleblowers – who already face, perhaps, the most hostile environment in U.S. history – because it fails to limit what the government can do with the vast amount of data to be shared with it under this proposal. CISA would allow the government to use private information, obtained from companies on a voluntary basis (and so without a warrant) in criminal proceedings – including going after leakers under the Espionage Act.

If you are wondering how giving companies a free pass to share our personal information with the government will make our data more secure, you aren't alone. We've already written about why real cybersecurity doesn't need to sacrifice our privacy.

....

https://www.aclu.org/blog/national-security-technology-and-liberty/cisa-isnt-about-cybersecurity-its-about-surveillance

I wish we could get passed the point of sharing information about how criminal the criminals are. Not directed at you Suzanimal.

We know the fuckers are dirty, what are we going to do about it?

I wish we could get passed the point of sharing information about how criminal the criminals are. Not directed at you Suzanimal.

We know the fuckers are dirty, what are we going to do about it?

The million dollar question.

http://www.backwoodshome.com/blogs/ClaireWolfe/2015/10/22/i-try-to-avoid-thinking-about-proposed-legislation/


The gloriously bipartisan Cybersecurity Information Sharing Act of 2015, sponsored by freedom-loving Republican Richard Burr (NC) and — guess who? — our old friend Dianne Feinstein (D-Control Freak) would “allow” tech companies to “voluntarily” share information about their customers with the federal “security” apparatus “so it can be analyzed for signs of lawbreaking – be it computer related or not.”

Companies that “volunteer” would be given legal immunity against angry customers. But as the linked article in The Register points out, legal action by betrayed customers would be unlikely because the information sharing would be secret and not even subject to Freedom of Information Act requests.


Feinstein said organizations won’t be forced to reveal citizens’ private lives to Uncle Sam: it won’t be mandatory for businesses to hand over people’s private records, she claimed.

“If you don’t like the bill, you don’t have to do it,” Feinstein said.

Oh good. That must mean us little folks get to opt out, right? Right?

Feinstein continues:


“So it’s hard for me to understand why we have companies like Apple and Google and Microsoft and others saying they can’t support the bill at this time. You have no reason, because you don’t have to do anything, but there are companies by the hundreds if not thousands that want to participate in this.”

Please name those eager thousands, Ms Feinstein. So we can publicize their good citizenship!

And those companies that don’t “volunteer”? Ms Feinstein’s collaborator Burr has words for them:


… Burr said on the floor that he couldn’t understand the opposition to CISA. Businesses against the new law will put their users at risk, he said, because by not sharing people’s personal information, they will not be given intelligence and heads up on attacks from the Feds.

“When the companies who are against this get hacked, they are going to be begging to cooperate with the federal government,” he opined.

So … “volunteer” and the fedgov will help protect your company (while screwing your users). Fail to “volunteer” and you won’t be warned of known security threats to your operation (thus screwing your users). And we’ll soon have you on your knees, begging.

And no, it’s not too much of a leap to assume that if you fail to “volunteer” to rat on your customers the fedgov’s “security” agencies themselves will become that threat to your company’s security.

—–

This creepy mess, with all its Randian-Orwellian justifications, is expected to come up for a Senate vote soon. Yes, Mr. Burr, Ms. Feinstein. You just go ahead and hammer that new nail in the coffin of U.S. tech industries. Farewell to their hopes of operating overseas, especially in Europe. Farewell to their brightest U.S. customers.

It’s hard to believe that even these petty tyrants and the secretive unintelligent agencies that have no doubt put them up to this can be so obsessed with omnivorous information gathering that they’ve blinded themselves to the ruination they’d be wreaking...

But of course.


Rand's amendment had bipartisan support from Al Franken, Patrick Leahy, Ron Wyden, and Bernie Sanders and others. Tea Partiers like Mike Lee and Ted Cruz supported it as well. This is Bernie Sanders first vote for an Rand Paul amendment/bill if I am not mistaken.

The full CISA-bill will be voted on later. Even the Department of Homeland Security (DHS) came out in agreement with Rand & co that this "cybersecurity"-bill could sweep away “important privacy protections”...

----
from the Hill:
Senate shoots down Paul's contested cyber amendment

read more:
http://thehill.com/policy/cybersecurity/257743-senate-shoots-down-pauls-controversial-cyber-amendment (http://thehill.com/policy/cybersecurity/257743-senate-shoots-down-pauls-controversial-cyber-amendment)

What privacy do we still have left anyway?

Privacy? Don't you mean piracy?
I'm so confused. Everyone knows there is no constitutional right to privacy! They told me so in high school!
/s

https://www.aclu.org/blog/national-security-technology-and-liberty/cisa-isnt-about-cybersecurity-its-about-surveillance

Yep, indeed it is.


But the patriotic sheeple is narcotized.

The Wolf Is Guarding the Hen House: The Government’s War on Cyberterrorism (https://www.lewrockwell.com/2015/03/john-w-whitehead/the-lizard-is-guarding-the-chicken-eggs/)

By John W. Whitehead

The Rutherford Institute

March 20, 2015


A good case in point is the Cybersecurity Information Sharing Act (CISA), formerly known as CISPA (Cyber Intelligence Sharing and Protection Act). Sold to the public as necessary for protecting us against cyber attacks or internet threats such as hacking, this Orwellian exercise in tyranny-masquerading-as-security actually makes it easier for the government to spy on Americans, while officially turning Big Business into a government snitch.

Be warned: this cybersecurity bill is little more than a wolf in sheep’s clothing or, as longtime critic Senator Ron Wyden labeled it, “a surveillance bill by another name.”


.

Imagine my shock.

"Facebook in particular is the most appalling spying machine that has ever been invented."
--Julian Assange (https://www.rt.com/news/wikileaks-revelations-assange-interview/)

658398460954214400

Oh yea we shall trust the wolf when in sheep's clothing: https://www.rt.com/news/snowden-nsa-interview-surveillance-831/

Also worrisome is that one of the most popular hashing algorithms "SHA" was created by the NSA.

http://www.zerohedge.com/news/2015-10-27/facebook-caught-secretly-lobbying-privacy-destroying-cyber-security-bill


There’s a privacy destroying bill moving through Congress called the Cybersecurity Information Sharing Act, or CISA, and it’s imperative that the American public stop it in its tracks. Here are a few bullet points on the bill from Fight for the Future:


All privacy policies effectively null and void. Companies can share any private user data with the government, without a warrant, as long as the government says it is being used for a “cybersecurity” purpose.
In exchange, companies are given blanket immunity from civil and criminal laws, like fraud, money laundering, or illegal wiretapping (if a violation was committed or exposed in the process of sharing data).
Data is shared with a wide array of government agencies, from the FBI and NSA, to the IRS and local law enforcement. Many of these agencies have been breached within the last year and have outdated security systems, opening up the doors to even more cyber attacks.
Companies that play along can get otherwise classified intelligence data from the government, including private information about their competitors.



While the Constitution protects Americans from the federal government, private companies don’t care about your 4th Amendment rights, particularly if you waive them in a “terms of service” agreement. CISA would essentially allow the U.S. government to violate the U.S. Constitution by coercing companies to provide them with data on American citizens it would not otherwise be allowed to collect on its own.

Naturally, Washington D.C. is salivating over the prospect of such a bill.
[...]
Of course, it’s the people who know absolutely nothing about technology, but who are experts in the art of abusing government power and accepting bribes, who are most in favor of CISA.

Meanwhile, many large tech companies have publicly come out against the bill.


In recent weeks, a number of prominent tech companies, such as Apple, reddit, Twitter, Yelp and Wikimedia have all come out against the bill. The Computer & Communications Industry Association (CCIA), an influential trade group representing Facebook, also expressed concerns about CISA.

But look which one is missing from the list. The company with the most extensive database of all, and one with a history of egregious privacy abuses: Facebook.

Fight for the Future notes:


Mark Zuckerberg once called Facebook users “dumb f*cks” for trusting him with their data. Now he’s trying to take advantage of us. If CISA passes, all your photos, posts, relationships, and likes will have a path to government databases.

https://reason.com/blog/2015/10/27/sxsw-cancels-gamergate-panels-for-and-ag


Edward Snowden denounced CISA in a Reddit thread.


As somebody who has actually worked for the NSA tracking Chinese cyber activity, I can say from personal experience that Drew is absolutely right.

CISA isn't a cybersecurity bill. It's not going to stop any attacks. It's not going to make us any safer. It's a surveillance bill. What it allows is for the companies you interact with every day -- visibly, like Facebook, or invisibly, like AT&T -- to indiscriminately share private records about your interactions and activities with the government.

In theory, this is supposed to allow the government to sort through what is in effect the entire private network space of civil society within the United States for "indicators of compromise," or, more simply, red flags that indicate a hack has happened. The problem is that the NSA, FBI, and other organizations already do this on a higher level of the network under other authorities, such as Section 702 of the FISA Amendments Act. They don't like that, though, because it means there are still parts of the internet and types of records that they aren't (legally) allowed to add to the dragnet.

CISA changes that. CISA allows private companies to immediately share a perfect record of your private activities the instant you click a link, log in, make a purchase, and so on -- and the government with reward for doing it by granting them a special form of legal immunity for their cooperation.

This is a bill that will radically reshape the relationship between users and companies, because it undermines the core foundation of trust on the internet: that companies work for users rather than governments.

At the end of the day, this is an up/down vote on the future of the internet. Call your senator and make sure they're speaking for you, rather than against you.


The Terrible, Privacy-Violating CISA Bill Seems Destined for Passage
All your data belongs to the government.
https://reason.com/blog/2015/10/27/the-terrible-privacy-violating-cisa-bill


Let's tell private businesses in America that they should share consumer data with the federal government to help stop vague cyberthreats, and in exchange immunize them from liability for any possible violations of users' privacy. What could possibly go wrong?

Looks like we are close to finding out. The Cybersecurity Information Sharing Act (CISA) passed the Senate today by a vote of 74 to 21. A different version passed the House earlier in the year, so they're going to have to conference to hammer out differences. [...]

Attempts to add amendments to narrow the bill's focus all failed. Oh, and there's more. The Sunlight Foundation (a group devoted to government transparency) notes that CISA creates a new exemption from the Freedom of Information Act (FOIA) for the cybersecurity information sharing. They warn:


That means if they overstep and share the wrong information — as this bill seems to intend — the public won't know, and even if it did, it would have no legal recourse. Meanwhile, the minimal oversight mechanisms within the bill only require reports to be submitted to Congress — not to the public. In other words, CISA guarantees the public will have no ability to see what information is going from companies to the government.

Actual tech experts (as in, not elected political figures or government employees thirsty for data) also don't believe this sharing will actually do much to help stop cyberthreats. And given exactly what happened with the hacking of federal employee data from the Office of Personnel Management, what happens to us if all that collected data gets stolen after it's in government hands?

http://wendymcelroy.com/news.php?extend.6784


From TechDirt: Senate Passes CISA (https://www.techdirt.com/articles/20151027/15214132653/senate-passes-cisa-surveillance-bill-masquerading-as-cybersecurity-bill-heres-who-sold-out-your-privacy.shtml), The Surveillance Bill Masquerading As A Cybersecurity Bill; Here's Who Sold Out Your Privacy


After rejecting all the good privacy amendments to CISA, the Senate has now officially passed the legislation by a 74 to 21 vote. About the only "good" news is that the vote is lower than the 83 Senators who voted for cloture on it last week. Either way, the Senate basically just passed a bill that will almost certainly be used mainly for warrantless domestic surveillance, rather than any actual cybersecurity concern.
[...]
If you're wondering what happens now: the Senate version and the House version are different, so the differences need to be resolved in conference. There's a chance that could lead to the bill being made better, but it's more likely that the bill will actually be made worse. And then, of course, assuming no substantial changes, it would go to the President's desk for signature. So the bill is pretty far along, but it can still be stopped. Senator Ron Wyden, who has led the fight against it says he's not giving up yet.

http://wendymcelroy.com/news.php?extend.6784

Where does she find all this stuff?

https://www.washingtonpost.com/news/the-switch/wp/2015/10/27/senate-passes-controversial-cybersecurity-information-sharing-legislation/



The Senate on Tuesday passed a cybersecurity bill that would give companies legal immunity for sharing data with the federal government, over the protests of some lawmakers and consumer advocates who say that the legislation does not adequately protect Americans’ privacy.

The Cybersecurity Information Sharing Act, or CISA, must now be reconciled with legislation passed earlier this year by the House.

The Obama administration and lawmakers in both parties have been seeking for years to enact information-sharing legislation, and it now seems likely to become law.

The 74-to-21 vote comes as digital attacks against private industry and the government alike put pressure on lawmakers to address information security.

"For me this has been a six year effort … and it hasn't been easy because what we tried to do was strike a balance and make the bill understandable so that there would be a cooperative effort to share between companies and with the government," Sen. Dianne Feinstein (D-Calif.), vice-chairman of the Intelligence Committee and a co-author of the bill, said on the Senate floor.

But privacy activists argue that the bill lacks robust privacy protections. They expressed concerns with provisions that allow the Department of Homeland Security to share information gathered in the program with other government agencies, such as the FBI or the National Security Agency. Critics say that effectively turns the legislation into a backdoor surveillance bill that benefits the intelligence community.

“We are encouraged that the Senate has passed key portions of the legislative proposal that the president sent to Congress in January,” said Lisa Monaco, assistant to Obama for homeland security and counterterrorism. She added, "We are hopeful that the Senate and House can work together expeditiously to send cybersecurity legislation to the president’s desk."

The White House expressed qualified support for the legislation in a statement last week, indicating that it would work to make improvements to the bill in the reconciliation process with the House legislation.

Supporters of the legislation argue that the government could better help private companies secure their systems if it has more information about the threats they face. But companies have been reluctant to do so out of fears of running afoul of privacy regulations, proponents say.

"It clears away the uncertainty and concerns that keep companies from sharing this information," Feinstein said.

CISA would set up a hub for voluntary information that would be managed by DHS: When a company discovers suspicious activity on its systems, it would give information about the attack to the government, which would warn other companies.

In theory, the information shared would be limited to “threat indicators” — data such as technical information about the type of malware used or the ways that attackers covered their tracks while sneaking through systems.

But the bill also would give participating companies liability protections that could prevent customers from suing them for sharing private data, even in ways that violate a company’s own privacy policy, privacy advocates said.

The Senate rejected amendments from Sens. Ron Wyden (D-Ore.) and Dean Heller (R-Nev.) that would require more stringent reviews by companies to remove personal information before sharing data with the government, as well as other amendments aimed at removing restrictions on Freedom of Information Requests over data shared under the program and and tightening the definition of "threat indicators." It also rejected an amendment that would have extended liability protections to companies that shared cyber threat information with the FBI and the Secret Service.

The Senate did pass a manager's amendment package from Feinstein and Sen. Richard Burr (R-N.C.) that made some changes to appease privacy advocates.

But critics have warned that the bill, combined with surveillance programs revealed by former National Security Agency contractor Edward Snowden, could give intelligence agencies more leeway to collect "upstream data" from the Internet backbone.

Many civil liberties groups campaigned aggressively against the legislation, with one campaign sending a massive number of faxes opposing the bill to congressional offices and pressuring tech companies to take a public stand against CISA.

Some tech giants came out against the bill, including Apple, which has aggressively positioned itself on privacy issues. "We don't support the current CISA proposal," the company said in a statement last week. "The trust of our customers means everything to us and we don't believe security should come at the expense of their privacy."

Major tech trade groups, including the Computer & Communications Industry Association, have also come out against the legislation.

But other tech companies have endorsed CISA, including IBM. "Sharing technical details on the latest digital threats is critical to strengthening America’s cyberdefenses. Online criminals actively share information to penetrate networks, steal vital economic and national security data, and compromise the personal information of millions of Americans," Timothy J. Sheehy, vice president for technology policy at IBM's government and regulatory affairs office, said in a statement after the Senate vote.

In the final days before the vote, digital activists at Fight for the Future accused Facebook of quietly lobbying for the bill. A Facebook spokesperson denied the claim, saying that the company does not have a position on CISA.

Facebook, itself, runs a private system for sharing cyber threat indicators known as Threat Exchange, which some 130 companies currently use. Other industries, including the financial sector, run similar organizations among themselves -- and the government already has some mechanisms set up to help share cyberthreat intelligence, although not at the scale envisioned by CISA.

Earlier this week, a group of academics and security experts expressed concern over the bill, saying it would "do little, if anything, to address the very real problem of flawed cybersecurity while creating conditions ripe for abuse."

But advocates of the bill heralded its Senate passage as a step forward for cybersecurity.

"This landmark bill finally better secures Americans private information from foreign hackers,” said Burr in a statement after the bill's passage. “American businesses and government agencies face cyber-attacks on a daily basis. We cannot sit idle while foreign agents and criminal gangs continue to steal Americans’ personal information as we saw in the Office of Personnel Management, Target, and Sony hacks."

Government only ever just wants to help you. Unless you've got something to hide?