Tag Archives: cyber

Politics, Technology

BROZE: Privacy Advocates Prepare For Battle Over Cybersecurity Bill

Leave a comment

The Cybersecurity Information Sharing Act (CISA), which is designed to allow private companies to easily share threat intelligence with government agencies, is facing resistance from privacy advocates who fear that the provisions will only increase the indiscriminate monitoring of legal activity.

CISA is seen as the “cousin” of another controversial cybersecurity bill, the Cyber Intelligence Sharing and Protection Act (CISPA), which was defeated by mass opposition in 2012.

In early August the White House gave the CISA a boost through an official endorsement. The Hill reported:
“Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it,” said White House spokesman Eric Schultz in a statement.
“The endorsement will increase pressure on Senate leaders to reach an agreement to limit floor debate and come to a final vote on the bill — which would increase the data shared on hackers between companies and the government — before the month-long break”.

The National Journal also released new information related to CISA. On August 26, the Journal reported on 22 proposed amendments to CISA. When the bill is eventually debated the Senators will have to work their way through each amendment.

According to the Journal, the amendments deal with liability protections, more narrow definitions of cyber threats, qualifications for removing personal identity information, cyber crime penalties, and the voluntary nature of information sharing.

It is exactly this alleged “voluntary” information sharing that has come under fire. Recently Wired reported on the possibility that the programs are not exactly as voluntary as supporters of CISA would have you believe.

Wired mentions a previous “information sharing” program for defense contractors which was falsely advertised as “voluntary”. Wired wrote:

“However, key parts of documents obtained and released to the Electronic Privacy Information Center pursuant to the Freedom of Information Act reveal a different story.

In order to receive information as part of the program, entities were required to sign contracts as program ‘participants.’ This would not have been so bad, except that a precondition for being a participant was the requirement that the entity file reports with the government on a regular basis. In fact, the Defense Industrial Base Pilot Cybersecurity Plan definitively showed that participants were required to agree to transfer information about their private network traffic to the government.”

Although at least one of the amendments to be debated deals with establishing narrower definitions of terms like “voluntary”, at this point there is nothing in the bill which would prevent Department of Homeland Security from taking a similar route while calling the program a voluntary interaction.

The DHS also has its own issues with CISA. In late July, the agency sent a letter to Sen. Al Franken, the ranking member of the Senate Subcommittee on Privacy, Technology, and Law, discussing a number of problems with the bill.

The DHS said that if the bill does not mandate the removal of personal information the agency will be forced to “contribute to the compromise of personally identifiable information by spreading it further.” The letter also stated that the bills vague language and broad definitions could lead to “receiv[ing] large amounts of information with dubious value.”

The bill has also been opposed by a number of leading security experts, and privacy organizations such as the Electronic Frontier Foundation. The EFF opposes CISA in its current form because it does not require companies to remove unrelated personal information prior to sharing it with the government.

For Americans who value privacy and liberty, CISA is a looming threat. As is the case with most legislation passed under the guise of protecting the people, it will, in fact, only further erode the peoples freedom and empower the State. We should also take a moment to recognize that this growing Surveillance State could not happen without a compliant partner, the corporations that provide our personal data to the government.

Keep an eye on the CISA saga throughout the coming months. An endorsement from the White House is a sure sign that President Obama wants the “cybersecurity” measure to be a part of his legacy before he leaves office.

What are your thoughts on CISA? Is it necessary to protect your data from hackers? Or is this another government ploy to spy on your activity?

Featured, Technology, US

President Obama signs cyber-security executive order

45 Comments

While visiting Stanford University on Friday, President Obama announced he was signing an executive order meant to encourage the sharing of information, regarding cyberthreats, between private sector companies and the government.

The order was signed at the first summit on Cybersecurity and Consumer Protection, which focused on consumer protection and private-public partnerships against cyberthreats.

While at the summit, the president likened the internet to the “Wild West,” and said the public are looking to the government for protection against cyber attacks. President Obama also called these cyber attacks one of the greatest threats to national security, safety, and economic issues.

“Everybody is online, and everybody is vulnerable,” said President Obama, according to NBC News. “The business leaders here want their privacy and their children protected, just like the consumer and privacy advocates here want America to keep leading the world in technology and be safe from attacks.”

However, groups in Silicon Valley are not jumping on board with the president’s push for new digital securities.

Ben Desjardins, the director of security solutions with the cyber-security firm Radware, said, “The new proposals face significant headwinds, both legislatively from Congress and cooperatively from heavyweights in the tech sector.”  Desjardins also said many companies in Silicon Valley already feel “burned” by the government after the companies learned of the various government surveillance programs through the Snowden leaks.

Scott Algeier, the executive director of the nonprofit organization Information Sharing and Analysis Center, also said this new executive order sounds like a federal takeover of information sharing among people and companies in the private-sector.

The White House has said the executive order is only a framework, and with it the White House aims to allow private companies access to otherwise classified cyber-threat information and ensure information sharing is strongly secure, all while protecting the civil liberties of citizens.

The text of the executive order can be found here for more details.

International, Technology, US

Obama says Sony made a ‘mistake’ after canceling film release

4 Comments

President Obama, in his final press release for 2014, has said the cancellation of the film “The Interview” by Sony Pictures was a “mistake,” and the company should have talked to him before moving forward with their plans.

The president said he was sympathetic towards Sony, and all the employees who were threatened after the recent cyber attacks against the company, and understands their desire for safety.  However, he then went on to say, according to ABC News, “I think they made a mistake,” with concern to the companies decision to cancel the release of the comedy movie.

Afterwards, the president stated, according to RT, “I wish they would’ve spoken with me first. I would have told them: do not get into a pattern in which you’re intimidated by these kinds of criminal attacks.

The Sony hacks and cancellation of the film though, were also said to be an example of how the U.S. needs to pass a cybersecurity bill by Congress.

“In this interconnected digital world, there are going to be opportunities for hackers to engage in cyber-assaults both in the private sector and in the public sector… We need more rules about how the internet should operate,” the president said according to Boing Boing.

Representative Mike Rogers (R-Michigan) and Sen. Dianne Feinstein (D-California) echoed the president’s for more regulation over the internet.

“This is only the latest example of the need for serious legislation to improve the sharing of information between the private sector and the government to help companies strengthen cybersecurity,” said Sen. Feinstein.  “We must pass an information sharing bill as quickly as possible next .”