Could the Cyber Intelligence Sharing and Protection Act unintentionally create a safe haven for corporate hacking?

Amidst all the clamour over what CIPSA means for civil liberties, with its emphasis on allowing tech companies and the government to more easily share information about Web users, there are cries of hypocrisy about those who'd be exempted from the potential new law.

Mark Jaycox of the Electronic Frontier Foundation, which opposes CIPSA, says language in the bill gives exempted companies too much leeway in deciding who can be labeled a cybersecurity threat and pursued with the new powers that would be granted by the legislation. Although an amendment added to the bill would limit companies' information gathering to their own networks, other parts of the bill would allow "wide ranging acts" to combat any potential cybersecurity threats.

Continue Reading...

As CNET reported Wednesday, "Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws." The Justice Department has been granting immunity to service providers through special "2511" letters that absolve carriers in the event that the surveillance is found to run afoul of federal law. As such, the DoJ is secretly enabling AT&T and others to evade wiretapping laws so that the government can conduct surveillance on parts of their networks.

Continue Reading...

As noted here Tuesday, a huge amount of special interest funding ($84 million, to be precise) may have helped more than double the number of Democrat representatives willing to vote for CISPA from 42 to 92. However, the bill -- which would allow the private sector to acquire and search sensitive data relating to U.S. citizens -- is going nowhere particularly fast in the Senate. As the AP reported:

Continue Reading...

And there's more. As TechDirt highlighted Monday, a huge amount of special interest funding ($84 million, to be precise) may have helped over double the number of Democrat representatives willing to vote for CISPA this time round, having rejected this bill's first iteration last year. Via TechDirt:

Continue Reading...

Continue Reading...

CISPA is designed to create a structure in which private companies can seamlessly share information about their users with the government in cases involving threats to "cybersecurity." The House of Representatives passed the bill on Thursday, but the Obama administration has threatened to veto it in its current form.

Continue Reading...

The bill passed by a vote of 288-127, with 92 Democrats backing it. The legislation will now head to the Senate, where it's prospects for success are a bit murkier - a previous version of the legislation passed the House but died in the Senate last year. Obama has already threatened to veto it if it reaches his desk.

From CNET:

Continue Reading...

The House vote, 288-127, puts the spotlight on the Senate, which hasn't taken up the issue and is consumed with other high-profile issues such as gun control and immigration. The lack of enthusiasm in the Senate and objections by the White House mean that the legislation is in limbo despite an aggressive push by lobbyists representing nearly every corner of industry.

The Cyber Intelligence Sharing and Protection Act, or CISPA, is widely backed by industry groups that say businesses are struggling to defend themselves against aggressive and sophisticated attacks from hackers in China, Russia and Eastern Europe.

Hackers haven't been able to deliver crippling blows to the U.S. economy or infrastructure, but they have been able to wreak havoc on some key commercial systems. Most recently several news outlets including the New York Times acknowledged that their systems had been penetrated, while banks are said to be quietly fighting daily intrusions. North Korea was recently held responsible for a cyberattack that shut down tens of thousands of computers and servers at South Korean broadcasters and banks.

Continue Reading...

CISPA is designed to make it easier for private companies to share information about "cybersecurity" issues -- hacker attacks, Chinese sabotage, etc. --  with government agencies. Under CISPA companies such as Facebook or Microsoft could freely hand over personal information -- emails, texts, news feed postings -- without having to worry about potential negative consequences, including litigation from outraged users. Naturally, CISPA enjoys wide support from by the tech lobby; IBM sent more than 200 executives to Washington this week to push for its passage. The bill also enjoys bipartisan backing. The House of Representatives is set to vote on the bill either Wednesday or Thursday.

Continue Reading...

The Hill reported that a number of amendments supported by the bill's sponsors were approved during markup, including a change that would require the government to remove personal information from "cyber threat" data they receive from private companies; and another change that would allow the government to use data from private companies for broad "national security purposes." The final text of the bill heading to the House floor has not been made public. Meanwhile the White House has yet to respond to a "We the People" petition against CISPA, which has garnered over 100,000 online signatures (the number required to demand a response from the administration.) The EFF and the ACLU are, as noted here, working in conjunction to rally further opposition to the bill.

Continue Reading...

Representatives from the two groups took to Reddit Monday to answer questions about CISPA and their campaign to stop the bill's progression into law. EFF's Mark Jaycox explained the current state of CISPA bill H.R. 624:

CISPA is currently at the "markup" stage. This means that the bill has been introduced and will be discussed by the full committee at a meeting. The committee will vote on amendments, edit (ie, "markup") the bill, and vote on a final version of the bill. Once the final version is voted "out of committee," it will be ready for a full floor vote where the entire House can vote on it.

Continue Reading...

Continue Reading...

While the White House has urged Congress to pass a cybersecurity bill, CISPA would give businesses and the federal government legal protection to share data on cyberthreats with each other and has garnered criticism for being overly broad and failing to protect user privacy. HuffPo's Gerry Smith reported on the online actions taken up by thousands of sites this week to fight the bill:

Continue Reading...

No statements have been issued as of yet about the failed #OpSOTU, but a number of comments on Twitter asked whether Anons who would have otherwise contributed to the operation were distracted watching live footage of ex-LAPD cop Christopher Dorner's last stand in Big Bear while the president delivered his address.

Anonymous had vowed to block the webcast in protest of Obama's signing of the NDAA, his drone program, the proliferation of government warrantless wiretapping, the treatment of Bradley Manning and the introduction of cyber-security legislation in the House, which the hacker collective said would turn "private companies into government informants."

Continue Reading...

What exactly Anonymous has in store for this evening is not detailed in the communiqué, nor is it clear whether hackers could indeed disrupt the feeds screening President Obama's speech online. However, the communiqué took the opportunity to decry the president for some of the worst civil liberties and privacy abuses perpetuated by his administration and to renew the hackers' tribute to the late Aaron Swartz.

The message reads:

Continue Reading...

House Intelligence Committee Chairman Mike Rogers, R-Mich., and ranking member Rep. Dutch Ruppersberger, D-Md., will reintroduce the legislation, which passed the House last year but faced serious opposition over privacy concerns. The co-sponsors had planned to amend the bill to address concerns, but according to reports, it's the same old CISPA. Via the ACLU:

Continue Reading...