Tag Archives: CISA

Government Accountability, Privacy, Technology

Apple’s Tim Cook Opposes More Federal Access To Customer Data

Leave a comment

WASHINGTON – Opposition to back door access to encrypted information by intelligence agencies was defended by Apple CEO Tim Cook.

In an interview for “60 Minutes” broadcast, Cook said “There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys.”

A renewed push by politicians and law enforcement has come in the wake of the November 13 terrorist attacks on Paris, when attackers were said to have used encrypted devices to coordinate and execute attacks outside the purview of government surveillance.

While the interview with Cook had been filmed prior to the Paris attack, the CEO has since emphasized his support for protecting encryption, saying the choice between privacy and national security was a false one.

“I don’t believe the tradeoff here is privacy versus national security,” he said, adding that’s an “overly simplistic view…We’re America. We should have both.”

The Cybersecurity Information Sharing Act of 2015 (CISA) has been a contentious issue in the tech community over the past year. The measure allows for direct sharing of consumer data and information with the surveillance community. Many provisions in previous versions of the bill which called for anonymity of that data were stripped out of the version of the bill which passed as a part of the omnibus budget.

“Organizations can now directly share raw data with several agencies with no protection or anonymity,” said engineer Joseph Pizzo with Norse Security. “There may have been a small cost associated with anonymizing the data, but now that this requirement has been removed and organizations may feel that they’re helping, I don’t foresee any work moving forward to protect consumer data.”

Candidates including Donald Trump and Sen. Marco Rubio (R-Fla.) have advocated for the ability for intelligence agencies to circumvent encryption during the 2016 presidential campaign.

FOLLOW MICHAEL LOTFI ON Facebook, Twitter & LinkedIn.

Activism, Featured, Privacy, Technology

Surveillance Bill Masked as ‘Cybersecurity’ Close to Completion

Leave a comment

The Cybersecurity Information Sharing Act (CISA) was officially approved by the Senate back in October. Since that time, the bill has languished in committee as lawmakers sought to align the Senate bill with the versions passed by the House of Representatives in April.

CISA is designed to allow private companies to easily share threat intelligence with government agencies. Sharing of intelligence is supposed to be voluntary. Critics of the bill say the provisions will only increase the indiscriminate monitoring of legal activity by giving companies immunity from lawsuits for sharing information with the government.

Before the Senate vote, Sen. Rand Paul (R-Ky.) introduced an amendment which would require companies to adhere to their own terms of service with customers. However, this amendment failed after only receiving 32 votes. Senator Paul’s presidential campaign website says that the bill “would transform websites into government spies.”

The bill may face a final vote in the House and the Senate as soon as next week. However, there are reports that the cybersecurity bill could be added as a provision to the budget bill which is supposed to keep the federal government running through 2016.

“It’s either this scenario or we wait until early 2016, and chamber members definitely prefer seeing passage sooner rather than later,” said Matthew Eggers, senior director of the National Security and Emergency Preparedness Department at the U.S. Chamber of Commerce, told USA Today.

Reuters reports that a vote on the budget will happen on Friday before the midnight deadline for funding the federal government. According to Reuters, “lawmakers have been unable to reach agreement on a number of policy ‘riders’ some lawmakers would like to add to the bill.” These “riders” include the CISA provision.

On Wednesday, a coalition of 19 civil liberties groups sent a letter to President Obama and congressional leaders calling for stricter privacy protections and warning that such protections are being “stripped” from the House Homeland Security Committee version of the bill.

Let me be clear that we do not support any of the three bills and believe that cybersecurity legislation could actually make us more vulnerable to cyber attacks by housing more personal information with government agencies that aren’t good at protecting it,” said Evan Greer, campaign director of Fight for the Future, organizer of the letter. “But, of the three bills, the House Homeland Security Committee’s bill had the strongest privacy protections and was sort of the least terrible.”

Fight for the Future was joined by the American Library Association, Demand Progress, and Free Press Education Fund to FreedomWorks, Campaign for Liberty, and R-Street.

The organizations say that CISA would “reduce privacy protections for Americans’ personal information” and “overexpand the term ‘cyber threat’ to facilitate the prosecution of crimes unrelated to cybersecurity.”

The letter comes one day after The Hill reported on additional changes to the bill. According to the Hill, “it now appears the final language is unlikely to include notable privacy provisions that digital rights and civil liberties groups insist are necessary to reduce the odds the bill enables greater government surveillance.”

The Hill also confirmed that “lawmakers are aiming to vote on the final cyber bill as part of an omnibus budget deal that is expected before the end of the year.”

USA Today reported that House Homeland Security Chairman Michael McCaul “said he would prefer to wait and have a formal conference committee made up of House members and senators negotiate a final bill rather than relying on staff talks to try to speed legislation through Congress in the next few days.”

McCaul told USA Today he warned Republican House leaders that they could lose votes on the 2016 government budget if they attempt to add on CISA without strong privacy protections.

As Truth In Media recently reported, the supposedly “voluntary” aspects of the bill are not voluntary at all and amount to surveillance of private customer information.

“Number one, it’s not voluntary for their customers, millions and millions of customers,” Senator Ron Wyden, a long-time opponent of CISA told the Daily Dot. “And number two, to get the liability protection, the companies have got to say that they didn’t find anything personal and unrelated in a knowing fashion. And that’s going to be a pretty easy bar because they don’t have to do much to look!” 

Featured, Politics, Privacy, Technology

Senate Approves CISA Surveillance Bill Masked as ‘Cyber-Security’

Leave a comment

UPDATE: The U.S. Senate has officially approved the Cybersecurity Information Sharing Act (CISA) with a vote of 74 to 21. The Senate voted against four amendments aimed at adding consumer protections, including amendments from Sen. Dean Heller, Sen. Ron Wyden, Sen. Pat Leahy, and Sen. Al Franken.

CISA now heads to a conference committee to align the Senate bill with the House of Representatives version. If approved by the committee the bill would go to President Obama to be signed into law.

Last Thursday, with a vote of 83 to 14, the U.S. Senate approved a set of amendments related to CISA which is designed to allow private companies to easily share threat intelligence with government agencies. Critics of the bill say the provisions will only increase the indiscriminate monitoring of legal activity.

Before the vote, Senator Rand Paul introduced an amendment which would require companies to adhere to their own terms of service with customers. However, this amendment failed after only receiving 32 votes. Senator Paul’s presidential campaign website says that the bill “would transform websites into government spies.”

[RELATED: Activists To Bombard Congress With Faxes To Fight Cybersecurity Bill]

Following the vote, Senator Ron Wyden, a long-time opponent of CISA, told the Daily Dot, “We think that information sharing can be useful. But … information sharing without robust privacy protections—millions of Americans are going to say that’s a surveillance bill.”

As Truth In Media recently reported, the supposedly “voluntary” aspects of the bill are not voluntary at all and amount to surveillance of private customer information.

“Number one, it’s not voluntary for their customers, millions and millions of customers,” Wyden explained. “And number two, to get the liability protection, the companies have got to say that they didn’t find anything personal and unrelated in a knowing fashion. And that’s going to be a pretty easy bar because they don’t have to do much to look!”

[RELATED: BROZE: Privacy Advocates Prepare For Battle Over Cybersecurity Bill]

Attempting to pass surveillance measures veiled as “cybersecurity” bills is nothing new. In fact, CISA is seen as the “cousin” of another controversial cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA), which was defeated by mass opposition in 2012.

Privacy advocates and digital rights groups have been equally vocal in their opposition to CISA. Just days before the vote the Washington Post reported Apple and Dropbox said they did not support the bill. The two companies join Yelp, Reddit, Twitter and the Wikimedia Foundation in their fight against the surveillance bill.

Senator Wyden says the opposition from tech companies has the sponsors of the bill concerned. “I don’t know how many times they kept coming back to the fact that the technology companies really weren’t acting in the interests of the country,” Wyden said. “You saw some of their comments—’There’s no reason for them to be opposed.’ [That] was because they know that these companies are experts in both cyber and privacy. They’re ones that are really knowledgeable about it, and they were opposed to the bill.”

While the bill still has several hurdles to pass before it could become law, privacy advocates and lovers of liberty should keep an eye on the measure as it progresses. It’s time for the free people of the United States, and the world at large, to decide whether or not privacy means anything in 2015.

Politics, Technology

BROZE: Privacy Advocates Prepare For Battle Over Cybersecurity Bill

Leave a comment

The Cybersecurity Information Sharing Act (CISA), which is designed to allow private companies to easily share threat intelligence with government agencies, is facing resistance from privacy advocates who fear that the provisions will only increase the indiscriminate monitoring of legal activity.

CISA is seen as the “cousin” of another controversial cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA), which was defeated by mass opposition in 2012.

In early August the White House gave the CISA a boost through an official endorsement. The Hill reported:
“Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it,” said White House spokesman Eric Schultz in a statement.
“The endorsement will increase pressure on Senate leaders to reach an agreement to limit floor debate and come to a final vote on the bill — which would increase the data shared on hackers between companies and the government — before the month-long break”.

The National Journal also released new information related to CISA. On August 26, the Journal reported on 22 proposed amendments to CISA. When the bill is eventually debated the Senators will have to work their way through each amendment.

According to the Journal, the amendments deal with liability protections, more narrow definitions of cyber threats, qualifications for removing personal identity information, cyber crime penalties, and the voluntary nature of information sharing.

It is exactly this alleged “voluntary” information sharing that has come under fire. Recently Wired reported on the possibility that the programs are not exactly as voluntary as supporters of CISA would have you believe.

Wired mentions a previous “information sharing” program for defense contractors which was falsely advertised as “voluntary”. Wired wrote:

“However, key parts of documents obtained and released to the Electronic Privacy Information Center pursuant to the Freedom of Information Act reveal a different story.

In order to receive information as part of the program, entities were required to sign contracts as program ‘participants.’ This would not have been so bad, except that a precondition for being a participant was the requirement that the entity file reports with the government on a regular basis. In fact, the Defense Industrial Base Pilot Cybersecurity Plan definitively showed that participants were required to agree to transfer information about their private network traffic to the government.”

Although at least one of the amendments to be debated deals with establishing narrower definitions of terms like “voluntary”, at this point there is nothing in the bill which would prevent Department of Homeland Security from taking a similar route while calling the program a voluntary interaction.

The DHS also has its own issues with CISA. In late July, the agency sent a letter to Sen. Al Franken, the ranking member of the Senate Subcommittee on Privacy, Technology, and Law, discussing a number of problems with the bill.

The DHS said that if the bill does not mandate the removal of personal information the agency will be forced to “contribute to the compromise of personally identifiable information by spreading it further.” The letter also stated that the bills vague language and broad definitions could lead to “receiv[ing] large amounts of information with dubious value.”

The bill has also been opposed by a number of leading security experts, and privacy organizations such as the Electronic Frontier Foundation. The EFF opposes CISA in its current form because it does not require companies to remove unrelated personal information prior to sharing it with the government.

For Americans who value privacy and liberty, CISA is a looming threat. As is the case with most legislation passed under the guise of protecting the people, it will, in fact, only further erode the peoples freedom and empower the State. We should also take a moment to recognize that this growing Surveillance State could not happen without a compliant partner, the corporations that provide our personal data to the government.

Keep an eye on the CISA saga throughout the coming months. An endorsement from the White House is a sure sign that President Obama wants the “cybersecurity” measure to be a part of his legacy before he leaves office.

What are your thoughts on CISA? Is it necessary to protect your data from hackers? Or is this another government ploy to spy on your activity?

Activism, Privacy, Technology

Activists To Bombard Congress With Faxes To Fight Cybersecurity Bill

6 Comments

“CISPA is back,” warns the website of Fight For The Future, an advocacy group that has challenged controversial bills like CISPA, SOPA, and PIPA in the past. Senate Bill 754, known as CISA, is one of the latest cybersecurity bills and is reportedly headed to the Senate floor as early as next month.

Fight for the Future and other privacy advocates, frustrated with bills such as CISPA and CISA continuing to appear in legislation despite widespread public opposition and numerous deferments, are implementing a mostly obsolete method of data transmission to send a clear message to Congress.

Groups including Fight For The Future and Access have teamed up to initiate a large-scale campaign to send thousands of faxes to every member of the U.S. Senate. Eight phone lines have been programmed to convert emails and tweets with the hashtag FaxBigBrother into separate faxes to be sent to Congress.

“Groups like Fight for the Future have sent [Congress] millions of emails, and they still don’t seem to get it,” Fight for the Future’s Evan Greer told The Guardian.

[quote_center]“Maybe they don’t get it because they’re stuck in 1984, and we figured we’d use some 80’s technology to try to get our point across.”[/quote_center]

Senator Dianne Feinstein (D-Calif.), a co-author of CISA and vice chairman of the Senate Intelligence Committee, has called this bill “a critical step to confront one of the most dire national and economic threats we face: cyber attacks.” Feinstein claimed that CISA would protect against cyberattacks using “purely voluntary information sharing” between the private sector and the government regarding cybersecurity threats.

Senators Ron Wyden (D-Or.) and Mark Udall (D-Co.) have voiced their opposition to CISA, pointing out that in the past “the federal government has exploited loopholes to collect Americans’ private information in the name of security.” Wyden and Udall worried that CISA “lacks adequate protections for the privacy rights of law-abiding Americans, and that it will not materially improve cybersecurity.”

According to Fight For The Future, CISA is a “dirty deal between government and corporate giants.” The website FaxBigBrother describes CISA as “a massive bribe” from the federal government: “They will give corporations immunity for breaking virtually any law if they do so while providing the NSA, DHS, DEA, and local police surveillance access to everyone’s data in exchange for getting away with crimes, like fraud, money laundering, or illegal wiretapping.”

 

Politics, Technology, US

The New CISPA: Cybersecurity bill passes through Senate Committee

15 Comments

The Cyber Information Security Act (CISA) has passed through the Senate Select Committee on Tuesday by a vote of 12-3, pushing the bill one step further to reaching the Senate floor.

CISA is the latest reincarnation of internet-security based bills to be voted on by the government.  Last year, a similar bill called the Cyber Information Sharing and Protection Act (CISPA) passed the House, but was met with controversy over what opponents of the bill called a lack of privacy protections.

“The Cybersecurity Information Sharing Act (CISA),” reports Julian Hattem from the Hill, “makes it possible for companies and government agencies to share information about possible hackers and security weaknesses with each other, which advocates say is critical to make sure that blind spots aren’t left untended for long.”

Senate Intelligence Chairwoman Dianne Feinstein (D-CA), one of the people responsible for the creation of CISA, argues the bill would allow businesses and government agencies to more easily exchange information with regards to cyber-attacks.

Feinstein said, according to VPN Creative, “Every week, we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks…this bill is an important step toward curbing these dangerous cyberattacks.”

Opponents to this bill and similar bills have used the Edward Snowden leaks as evidence of the government and NSA abusing cybersecurity flaws in the name of national security.

Senators Ron Wyden (D-OR) and Mark Udall (D-CO) both voted against the bill, saying in a joint-statement, they agree cyber-attacks are a serious threat to American infrastructure, but they have also seen “how the federal government has exploited loopholes to collect Americans’ private information in the name of security.”

The Center for Democracy and Technology also found faults with the bill, saying on the groups website, the bill fails to recognize and address “recently-disclosed cybersecurity-related conduct of the National Security Agency (NSA), some of which undermines cybersecurity.”  The CDF also says the bill would allow law enforcement agencies to wiretap individuals in the name of cybersecurity.

The bill will be heard next by the whole Senate and will be voted on in the coming months.