General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsCybersecurity Bill Could 'Sweep Away' Internet Users' Privacy, Homeland Security Warns
If Homeland Security thinks this is bad, it is REALLY bad
http://readersupportednews.org/news-section2/318-66/31649-cybersecurity-bill-could-sweep-away-internet-users-privacy-homeland-security-warns
The latest in a series of failed attempts to reform cybersecurity, the Cybersecurity Information Sharing Act (Cisa) grants broad latitude to tech companies, data brokers and anyone with a web-based data collection to mine user information and then share it with appropriate Federal entities, which themselves then have permission to share it throughout the government.
Minnesota senator Al Franken queried the DHS in July; deputy secretary of the department Alejandro Mayorkas responded today that some provisions of the bill could sweep away important privacy protections and that the proposed legislation raises privacy and civil liberties concerns.
Much of the attention on Cisa has been directed at companies such as Google, Facebook and Comcast, which have large hoards of internet user behavior. But arguably more important are data brokers. Among the groups lobbying for the passage of Cisa are Experian, which tracks consumer trends using information from loyalty cards and other sources and licenses the information to help target advertising; Oracle, whose Data Cloud product works similarly; and Hitrust, which aggregates healthcare information.
The paragraph generating the most concern can be found in section 4 of the bill: [a] private entity may, for cybersecurity purposes, monitor A) the information systems of such a private entity; B) the information systems of another entity, upon written consent of such other entity [
] and D) information that is stored on, processed by, or transiting the information systems monitored by the private entity under this paragraph.
Debate on the bill could start on Wednesday with a vote on Thursday.
msongs
(67,433 posts)Scuba
(53,475 posts)Betty Karlson
(7,231 posts)This is unadulterated fascism, where big corporations and government get the means to target critical individuals.
seveneyes
(4,631 posts)And rest assured that you have nothing to hide.
Javaman
(62,532 posts)starroute
(12,977 posts)If you remember CISPA, the information-sharing bill that fell under the weight of its privacy failings last Congress and even drew a veto threat from President Obama, the problems with CISA might sound a little too familiar. This bill is arguably much worse than CISPA and, despite its name, shouldn't be seen as anything other than a surveillance bill think Patriot Act 2.0.
The bill could also pose a particular threat to whistleblowers who already face, perhaps, the most hostile environment in U.S. history because it fails to limit what the government can do with the vast amount of data to be shared with it under this proposal. CISA would allow the government to use private information, obtained from companies on a voluntary basis (and so without a warrant) in criminal proceedings including going after leakers under the Espionage Act.
http://www.wired.com/2015/03/cisa-security-bill-gets-f-security-spying/
The central concern of that letter was how the same data sharing meant to bolster cybersecurity for companies and the government opens massive surveillance loopholes. The bill, as worded, lets a private company share with the Department of Homeland Security any information construed as a cybersecurity threat notwithstanding any other provision of law. That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence.
In a statement posted to his website yesterday, Senator Burr wrote that Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes. But in fact, the bills data sharing isnt limited to cybersecurity threat indicatorswarnings of incoming hacker attacks, which is the central data CISA is meant to disseminate among companies and three-letter agencies. OTIs Greene says it also gives companies a mandate to share with the government any data related to imminent terrorist attacks, weapons of mass destruction, or even other information related to violent crimes like robbery and carjacking. The latest update to the bill tacks on yet another kind of information, anything related to impending serious economic harm. All of those vague terms, Greene argues, widen the pipe of data that companies can send the government, expanding CISA into a surveillance system for the intelligence community and domestic law enforcement. . . .
For those who value security over privacy, CISAs surveillance compromises might seem acceptable. But questions persist about whether CISA would even do much to improve security. Robert Graham, a security researcher and an early inventor of intrusion prevention systems, says CISA will lead to sharing of more false positives than real threat information. Skilled hackers, he says, know how to evade intrusion prevention systems, intrusion detection systems, firewalls, and antivirus software. Meanwhile, most data alerts from systems shared under CISA will be false alarms.
starroute
(12,977 posts)Is this some kind of corporate protection act? Between "serious economic harm" and "trade secrets," it sounds as though it would allow warrantless sharing of information that could be used to prosecute any social movement that threatened corporate profits.
So don't even think about boycotting Monsanto or revealing what's in that cocktail of fracking fluids. CISA will have your ass if you do.
https://www.congress.gov/bill/114th-congress/senate-bill/754/summary/00
Permits state, tribal, or local agencies to use shared indicators (with the consent of the entity sharing the indicators) to prevent, investigate, or prosecute offenses relating to: (1) an imminent threat of death, serious bodily harm, or serious economic harm, including a terrorist act or a use of a weapon of mass destruction; or (2) crimes involving serious violent felonies, fraud and identity theft, espionage and censorship, or trade secrets.
North Carolina is officially open for fracking, after lifting a ban on the practiceand enacting criminal penalties for spilling trade secrets associated with it. With passage of the Energy Modernization Act, North Carolina joins the growing ranks of states that have legislated to protect confidential fracking information. . . .
North Carolinas new law, enacted June 4, is notable for criminalizing the wrongful disclosure of such information, making it one of the nations more aggressive fracking laws. Under the Act, disclosure can result in a misdemeanor charge when confidential information is revealed knowingly and willfully. The law does not further define that phrase. Such conduct can be punished with a maximum penalty of 45 days community service. (The initial draft of the bill proposed by the state senate would have treated unlawful disclosure of confidential fracking information as a Class I felony.) Violators may also face civil penalties.