World War 3.0 SOPA & Much More

[Count Bobulescu]

Sponsors: Civil-Liberties Concerns Over Cybersecurity Bill Unfounded

Leaders of the House Intelligence Committee moved on Tuesday to head off civil-liberties concerns over proposed cybersecurity legislation, reports National Journal's Josh Smith.


A cybersecurity bill faces a tough climb. "After last year’s intense debate of an anti-piracy bill, any legislation dealing with Internet security faces an uphill climb. That point was made clear today by House Intelligence Chairman Mike Rogers, who was careful to point out differences between his bipartisan cybersecurity legislation and last year’s failed online piracy bill that was crushed after an all-out lobbying campaign from Internet companies and users...Sources say that Democrats on the House Homeland Security Committee are largely opposed. Ranking member Bennie Thompson (D-Miss.) said in a statement that 'while promoting information sharing on cyber threats is urgently needed, I am concerned about the approach taken in the Rogers bill, as approved by the Intelligence Committee, and its potential implications on Americans’ privacy and civil liberties.' Civil liberty groups, including the American Civil Liberties Union, are preparing their own counteroffensive next week after Members return from the two-week recess." Jessica Brady in Roll Call.

[Count Bobulescu]

Activists are targeting a cybersecurity bill. "Cyber activists are looking to write a sequel to their takedown of SOPA with a 'week of action' aimed at killing the new Cyber Intelligence Sharing and Protection Act. But the sequel's seldom as good as the original. And supporters say CISPA ain't SOPA. SOPA, backed by the movie and music industries, would have cracked down on online piracy, making it harder for users to get cheap entertainment online. CISPA is aimed at combatting cyberattacks by encouraging private companies to share information about cyberthreats with the government. More important, the tech companies that battled against SOPA and helped foster protests through their social media platforms aren’t up in arms about CISPA...Advocacy groups will be rolling out the 'Stop Cyberspying Week' campaign next Monday. Their target is the bill sponsored by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.) that is expected to go to the House floor in two weeks." Jennifer Martinez in Politico.

[fluffybiscuits]

http://articles.latimes.com/2012/apr...pa-20-20120409

There really is a fear that this could be used to clamp down on internet piracy. The bill includes ammendments to let them come after people whom damage or infringe on intellectual property but the whole aim of the bill its claimed is to target the intelligence that may pose a threat to security. This appears to be very disingenious if you ask me, why target piracy or intellectual property if its aim is to target intelligence services? This doesnt make a whole lot of sense. Fingers crossed the tech giants derail this movement and Anonymous contributes again to stop such idiotic legislation from passing....

[Count Bobulescu]

US may try to silence MegaUpload’s lawyers.


http://news.cnet.com/8301-1023_3-574...user-data/?par

ALEXANDRIA, Va.--The struggle for control of MegaUpload's servers begins in earnest later today.
The courtroom of U.S. District Judge Liam O'Grady is expected to be packed with lawyers representing the many parties with some kind of stake in what happens to the billions of files stored on MegaUpload's 1,100 servers. Expected to appear are attorneys representing consumers, MegaUpload, the six major Hollywood studios, the U.S. government and MegaUpload's hosting service.
Hanging in the balance of today's hearing are digital files belonging to as many as 60 million people across the globe.

Their files could be in jeopardy if O'Grady decides to allow Carpathia Hosting, the company that has housed the servers at its own expense since the service was taken down, to delete the information on them or possibly sell off the servers. Carpathia says the cost of caring for the data is too financially burdensome to shoulder alone and it has asked the court for relief.

Some commentary.

http://news.cnet.com/8301-1023_3-574...20&tag=nl.e703

Meet CISPA.
You may not have heard of it yet because it's been flying under the radar. It's a lot like PIPA, which was a lot SOPA (I'm sure you heard of those). Actually, some people are calling it "worse than SOPA," and it's sponsored by a congressman who thinks the death penalty should be considered for Bradley Manning, the soldier accused of leaking military information to Wikileaks.
Be worried: they think we stopped paying attention after SOPA -- so they made this.

CISPA, the Cyber Intelligence Sharing and Protection Act (PDF) (aka H.R. 3523), is up for a vote in two weeks. Unlike its failed cousins, it has the support of companies such as AT&T, Facebook, IBM, Intel, Microsoft, Oracle, Symantec, Verizon, and many more. A full list of all 28 corporate supporters is here.
The bill's sponsor, Rep. Mike Rogers (R-MI), is also trying to get tech press to tell you to think that his bill CISPA is "nothing like SOPA."

Don't believe it.

CISPA's primary function is to remove legal barriers that might keep Internet companies from giving all your communication and information to the government. It allows "cyber entities" (such as Internet service providers, social networks like Facebook and cell phone companies like AT&T) to circumvent Internet privacy laws when they're pressured by Homeland Security to hand over or shut down -- well, almost anything of yours online that the government wants, no warrant needed.

[Count Bobulescu]

Google’s Brin takes a stand on Open Access and opposes Facebook & Gummint.

http://www.wired.com/epicenter/2012/...b-google-brin/

Google’s search engine was created when most of the web’s information was open and available to anyone willing to capture it. In today’s more restrictive environment, Sergey Brin and Google CEO Larry Page may not have even tried.

“The kind of environment that we developed Google in, the reason that we were able to develop a search engine, is the web was so open,” Brin told The Guardian. “Once you get too many rules, that will stifle innovation.”

In an interview published Sunday, Google’s co-founder cited a wide range of attacks on “the open internet,” including government censorship and interception of data, overzealous attempts to protect intellecutal property, and new communication portals that use web technologies and the internet, but under restrictive corporate control.

There are “very powerful forces that have lined up against the open internet on all sides and around the world,” says Brin. “I thought there was no way to put the genie back in the bottle, but now it seems in certain areas the genie has been put back in the bottle.

”

[Count Bobulescu]

http://thehill.com/blogs/hillicon-va...rsecurity-bill

In a blog post Friday, Facebook defended its support for a controversial cybersecurity bill that has raised the ire of Internet activists.

Joel Kaplan, Facebook's vice president of U.S. public policy, wrote that the Cyber Intelligence Sharing and Protection Act (CISPA) "would make it easier for Facebook and other companies to receive critical threat data from the U.S. government."

CISPA, which is authored by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), would tear down legal barriers that discourage companies from sharing information about cyberattacks.

But activists fear it would undermine the privacy of Internet users. They argue the broad language of the bill could lead companies to hand over information unrelated to cyberattacks, including users' names, addresses and Internet activity.

They are also concerned because the bill would give military spy agencies, such as the National Security Agency, access to the information the companies share with the government.

Critics, including the Center for Democracy and Technology, the Electronic Frontier Foundation and the American Civil Liberties Union, are planning a week of protests against the bill.

Facebook partnered with many of the same Internet activists to defeat anti-piracy legislation earlier this year, and has drawn criticism for its support of CISPA

[Count Bobulescu]

The Obama admin comes out in favor of the Senate companion bill to CISPA. I don’t know what the key differences are.

http://www.washingtonpost.com/opinio...y.html?hpid=z5

A decade ago, the Sept. 11 attacks exploited vulnerabilities that had been left unaddressed for too long. Today, we know what our cybervulnerabilities are and what threats we face. The only question is whether we’re going to address them in time.

That’s why, as President Obama said in his State of the Union address, we need Congress to swiftly pass legislation to address this threat. Building on the administration’s proposal from last year, the bipartisan Cybersecurity Act of 2012 would give the federal government new authority to share information about cyberthreats with businesses and, if asked, offer these companies assistance in preventing intrusions and attacks.

The Cybersecurity Act of 2012, proposed by Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine), Jay Rockefeller (D-W.Va.) and Dianne Feinstein (D-Calif.), is measured, reasonable and essential to our nation’s security and future prosperity. It also safeguards the personal information and privacy rights of U.S. citizens. It is premised on close coordination and consultation between government and industry, and it allows for flexible solutions to mitigate risk. Many companies and sectors of our critical infrastructure that are already defending their networks with strong cybersecurity measures will not be required to do anything more. Others who are currently falling short, however, will be directed to tighten up their cybersecurity practices. Exactly how they would do so — for example, behind a firewall or a stand-alone network — would be up to the company.

[Count Bobulescu]

Cybersecurity legislation no longer looks like a sure thing. "A growing backlash from online activists has posed a threat to bipartisan House cybersecurity legislation that lawmakers thought was a slam dunk only a month ago...The 19-page bill, the Cyber Intelligence Sharing and Protection Act (CISPA), is sponsored by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.), the panel’s ranking member. It passed out of the Intelligence Committee in December by a vote of 17 to 1. GOP leaders plan to pass the legislation through the House the week of April 23, which they have dubbed 'Cybersecurity Week.' It would allow the government to share classified intelligence with private companies to give them the information they need to protect themselves from cyber-attacks. Proponents say major U.S. companies lose valuable secrets to competitors in Russia and China through these attacks. But critics say he bill as drafted is over-broad." Alexander Bolton in The Hill.

MEGAUPLOAD DATA: COURT TAKEAWAYS & WHAT HAPPENS NOW? A federal judge Friday balked at deciding the fate of millions of Megaupload users' files stored on more than 1,000 servers. Instead, U.S. District Court Judge Liam O'Grady ordered lawyers for DOJ, Megaupload, MPAA, EFF and Carpathia Hosting to take the next two weeks to come up with a compromise - or he'll decide the fate of the Mega data. (Friday's court coverage, for Pros, ICYMI: http://politico.pro/IpkhVl; http://politico.pro/HWwhiC).

--'MEET AND CONFER': A magistrate will oversee the talks in what one lawyer described to MT as the largest e-discovery litigation ever. There is no set number of actual negotiating sessions, but the groups will start scheduling teleconferences or in-person meetings pronto. The parties could also ask for an extension - and given the complexity of the situation, that's quite possible, lawyers say.

--O'GRADY WEIGHS IN: For his part, O'Grady steered clear of giving court spectators any sign of how he might rule on the case if needed. But he did drop this nugget: "I frankly don't know if we'll even have a trial in this matter," he said, apparently casting doubt on whether DOJ will be able to successfully extradite Megaupload executives.

[Count Bobulescu]

Update.

THE LEDE: Responding to criticism from privacy advocates, the House Intelligence Committee announced changes to the Cyber Intelligence Sharing and Protection Act (CISPA) on Monday.

CISPA would tear down legal barriers that discourage companies from sharing information about cyberattacks, but privacy groups warn the legislation could lead companies to hand over personal user information to spy agencies.
The American Civil Liberties Union (ACLU), the Center for Democracy and Technology, the Electronic Frontier Foundation and other groups are leading a week of protests against the legislation.

Rep. Dutch Ruppersberger (D-Md.), the committee's ranking member, said in a statement the changes "show a good faith effort to continue to work with interested parties to improve the bill."

Commitee Chairman Mike Rogers (R-Mich.) said the lawmakers "appreciate all the constructive feedback and input we have received."
The new draft of the bill uses a different definition for a "cyber threat" that leaves out any reference to intellectual property infringement. Critics had warned that the bill's definition was so broad that it could include people illegally downloading music and movies.
The new provision defines a cyber-threat as an effort to "gain unauthorized access to a system or network."

But Michele Richardson, legislative counsel for the ACLU, said the new language is still too vague.
"It could probably be interpreted broadly enough to include [intellectual property] anyway," she said.
But a House Republican aide called Richardson's interpretation a "misreading" of the bill and said the provision is meant to protect companies from hackers trying to steal business secrets.

The new draft would also require that the Homeland Security Department have access to all information shared with the government. Privacy advocates prefer that a domestic agency like Homeland Security play a central role in the information-sharing process instead of a spy agency like the National Security Agency.

Richardson said the change does little to address privacy advocates concerns about NSA and other military agencies accessing users' private data.
The new draft would give people and companies the right to sue the government if it mishandles the information. The Republican aide said the new provision "gives the privacy protections very strong teeth."

Cybersecurity will get a lot of attention on Capitol Hill in the coming weeks, with several competing bills up for consideration. The most stringent proposal mandates minimum cybersecurity standards and requires companies to notify the government when their networks have been breached. White House counterterrorism adviser John Brennan says it is essential that the federal government take steps to better prepare the country for devastating cyber attacks.

http://www.npr.org/2012/04/16/150745...-for-attention
TOM GJELTEN, BYLINE: It's only been recently that the notion of an attack on U.S. computer networks even registered as a security threat, but there's now a big concern that an enemy could use cyber weapons to take down a power grid, a water treatment facility or a pipeline - in other words, the nation's critical infrastructure. The ability to defend against such an attack is improving. What's needed now are new laws and policies to support the nation's cyber defenses. On that, nearly everyone agrees.
But should private firms like power companies be required to protect their computer systems? That's the question. The White House says, yes. John Brennan is the president's counterterrorism and homeland security advisor.

JOHN BRENNAN: We believe, particularly in the area of critical infrastructure, that the companies that are responsible for that critical infrastructure need to meet certain standards of cybersecurity protection. This is where the debate is centered right now.

-- The Guardian, "U.S. and China engage in cyber war games," by Nick Hopkins: "State department and Pentagon officials, along with their Chinese counterparts, were involved in two war games last year that were designed to help prevent a sudden military escalation between the sides if either felt they were being targeted. Another session is planned for May." http://bit.ly/IFRIWT

[fluffybiscuits]

Well at least they are looking at the rewording of the bill. Unauthorized access to a system here is a crime under Irish law but the law doesnt adequately over it (http://www.tjmcintyre.com/2009/07/ei...-in-irish.html). There is two distinct issues here . The first is the illegal access to a network by someone with the intention of causing harm and the sharing of information with agencies . Could a stipulation not be put in as to what information is allowed to be shared?

[Count Bobulescu]

Pirate Bay and co, watch out!

http://news.cnet.com/8301-1023_3-574...-20&tag=nl.e70

The European Court of Justice laid down a law interpretation today that could have a profound impact on the prosecution of alleged pirates in Sweden.
The ECJ said today (translate) that Sweden's law does not provide any barriers for Internet Service Providers (ISPs) to hand over the data of alleged pirates when rightsholders, trying to prosecute those folks, request it. The move could pave the way for Sweden's highest court to force ISPs to hand over user data upon request whenever a person is suspected of pirating music, movies, e-books, or any other form of entertainmen

[Count Bobulescu]

Internet freedom group condemns cyberattacks: The Center for Democracy and Technology (CDT) on Thursday condemned recent cyberattacks aimed at supporters of a House cybersecurity bill.
In recent weeks, the hacker-activist group Anonymous has crashed websites of groups including TechAmerica and USTelecom over their support of the Cyber Intelligence Sharing and Protection Act (CISPA).
CDT is lobbying against the bill over concerns that it would undermine online privacy, but CDT President Leslie Harris called the attacks "unethical and counterproductive" in a blog post.
"It shows fundamental disrespect for both the democratic process and the privacy and speech rights of Internet users," she said. "It also provides additional ammunition for those who say radical and sweeping cybersecurity measures that violate privacy are warranted."


Jon Stewart ridicules FCC's fine of Google: Comedian Jon Stewart mocked the FCC's fine of Google on Wednesday night's episode of The Daily Show.
The FCC fined Google $25,000 for failing to cooperate with its investigation of the company's collection of personal data from unprotected Wi-Fi networks.
“The fine is less than you would get for a particularly flashy NFL touchdown dance,” Stewart said.
He also threw a few jabs at other technology companies.
"Google, I am shocked. You stole people's personal information without their permission — that is Facebook's job," he joked.

[Count Bobulescu]

CISPA update

THE LEAD: Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) said Tuesday they will offer several amendments to the Cyber Intelligence Sharing and Protection Act (CISPA) to address the concerns of privacy groups.
The goal of CISPA is to help companies beef up their defenses against hackers who steal business secrets, rob customers' financial information and wreak havoc on computer systems. The bill would tear down legal barriers that discourage companies from sharing information about cyber threats.
But civil-liberties groups warned the measure would encourage companies to hand over private information to government spy agencies.

One amendment would tighten limitations on how the government can use the information it collects. The government would only be able to use the information to protect against a cyberattack, investigate cyber crime, protect national security, protect against theft or bodily harm or to protect minors from child pornography.

The changes would also narrow the definition of "cyber threat information" and would bar the federal government from retaining or using information beyond the explicit purposes of the bill. Another amendment would restrict the scope of the liability protections for companies that turn over data to the government.
The changes address many of the core concerns of privacy groups, but notably would not prevent spy agencies, such as the National Security Agency (NSA) or the CIA, from accessing the information. The privacy groups argue that a domestic agency, such as the Homeland Security Department, would be a more appropriate body to handle the personal information.

The Center for Democracy and Technology applauded the changes but said it still has concerns.

[fluffybiscuits]

CISPA update

Well this is a start isnt it? The previous definition was so broad that it could be interpreted in a number of ways and used to abuse powers given to any federal agency. The fact that it now narrows the definition means that there will be an alleviation of fears...

[Count Bobulescu]

CISPA update.


http://news.cnet.com/8301-31921_3-57...q/?tag=nl.e703

It took a debate that stretched to nearly seven hours, and votes on over a dozen amendments, but the U.S. House of Representatives finally approved the Cyber Intelligence Sharing and Protection Act on April 26.

Passions flared on both sides before the final vote on CISPA, which cleared the House by a comfortable margin of 248 to 168.

CISPA would "waive every single privacy law ever enacted in the name of cybersecurity," Rep. Jared Polis, a Colorado Democrat and onetime Web entrepreneur, said during the debate. "Allowing the military and NSA to spy on Americans on American soil goes against every principle this country was founded on."
Rep. Mike Rogers (R-Mich.), the chairman of the House Intelligence Committee and author of CISPA, responded by telling his colleagues to ignore "all the things they're saying about the bill that are not true." He pleaded: "Stand for America! Support this bill!"

While CISPA initially wasn't an especially partisan bill -- it cleared the House Intelligence Committee by a vote of 17 to 1 last December -- it gradually moved in that direction. The final tally was 206 Republicans voting for it, and 28 opposed. Of the Democrats, 42 voted for CISPA and 140 were opposed. House Minority Leader Nancy Pelosi said afterward on Twitter that CISPA "didn't strike the right balance" and Republicans "didn't allow amendments to strengthen privacy protections."

The ACLU, on the other hand, told CNET that the amendments -- even if they had been allowed -- would not have been effective. "They just put the veneer of privacy protections on the bill, and will garner more support for the bill even without making substantial changes," said Michelle Richardson, legislative counsel for the ACLU.

Keep reading for some more details from CNET's FAQ about what you need to know about CISPA.

CISPA Who’s for it, agin it and why. Plus how it could affect the public. Right now CISPA only affects Americans, but come the December conference in Dubai, if passed it will likely be offered by the US as a blueprint for other countries, and in the wheelinNdealin……….who knows.


http://www.washingtonpost.com/busine...T_story_1.html

Privacy advocates: The Center for Democracy and Technology, which withdrew its support for the bill Wednesday, said it was “disappointed that CISPA passed the House in such flawed form and under such a flawed process.” While the group was pleased with some of the amendments, which tried to narrow the scope and language of the bill, the group is concerned that CISPA allows information to move “from the private sector directly to the NSA.” They also said that the bill inappropriately allows for data to be applied to national security issues other than cybersecurity.