House Passes Controversial Cybersecurity Measure CISPA

[Synthaholic]

House Passes Controversial Cybersecurity Measure CISPA

The House on Thursday approved cybersecurity legislation that privacy groups have decried as a threat to civil liberties.

The Cyber Intelligence Sharing and Protection Act, or CISPA, sponsored by Reps. Mike Rogers (R-Michigan) and Dutch Ruppersberger (D-Maryland), passed on a vote of 248 to 168.

Its goal is a more secure internet, but privacy groups fear the measure breaches Americans’ privacy along the way. The White House had weighed in on Wednesday, threatening a veto unless there were significant changes to increase consumer privacy. The bill was amended to provide more privacy protections, but it was not immediately clear whether the Senate or the White House would give the amended bill its blessing.

The measure, which some are calling the Son of SOPA, allows internet service providers to share information with the government, including the Department of Homeland Security and the National Security Agency, about cybersecurity threats it detects on the internet. An ISP is not required to shield any personally identifying data of its customers when it believes it has detected threats, which include attack signatures, malicious code, phishing sites or botnets. In short, the measure seeks to undo privacy laws that generally forbid ISPs from disclosing customer communications with anybody else unless with a court order.

The bill immunizes ISPs from privacy lawsuits for voluntarily disclosing customer information thought to be a security threat. Internet companies are also granted anti-trust protection to immunize them against allegations of colluding on cybersecurity issues. The measure is not solely limited to cybersecurity, and includes the catchall phrase “national security” as a valid reason for turning over the data.

CISPA also allows ISPs to bypass privacy laws and share data with fellow ISPs in a bid to promptly extinguish a cyberattack.

Moments before the vote was taken during a daylong hearing, Rogers urged his colleagues to “stand up for America. Support this bill.” He said those who were opposing the measure — groups that include the American Civil Liberties Union and the Electronic Frontier Foundation — were practicing “obfuscation.”

The bill’s supporters include Microsoft, Facebook, AT&T, Verizon, Oracle and many others.

 

[Synthaholic]

I'm surprised that there isn't a thread on this already.

They are chipping away at our civil liberties. I know that Liberal groups are fighting this.

Why aren't conservatives?

 

[Quantum Windbag]

I don't fight stupid stuff the government does here, I fight it where it makes a difference. I use this place to mock the government, and all the idiots who support it.

 

[Katzndogz]

This involves something we have never had to deal with before. Both Iran and China have major cyber crime installations capable of interfering with each and every computer in the country.

The kind of criminal activity is not something we have seen before, experienced before and has been historically impossible. Technically these major cyber installations can take away your civil liberties, privacy and your finances at whim. What it comes down to is whether you trust the Chinese and Iranians to respect your civil liberties more than you trust the US government to respect your civil liberties.

 

[Quantum Windbag]

This involves something we have never had to deal with before. Both Iran and China have major cyber crime installations capable of interfering with each and every computer in the country.

The kind of criminal activity is not something we have seen before, experienced before and has been historically impossible. Technically these major cyber installations can take away your civil liberties, privacy and your finances at whim. What it comes down to is whether you trust the Chinese and Iranians to respect your civil liberties more than you trust the US government to respect your civil liberties.

Ohhh, we are scared, so we have to let the government do whatever it wants in order to not be scared, but we are always scared, even when the government does everything.

 

[waltky]

Granny says dey better not be hackin' into her webcam when she takin' a shower...

Web sites fall victim to cyberspies
Thu, May 17, 2012 - ’DRIVE-BY ATTACKS’: Visitors to legitimate Web sites of human rights organizations or government agencies might find that they have been targeted by malware

Internet security researchers warned on Tuesday that foreign policy and human rights Web sites are being booby-trapped by hackers in what appears to be cyberespionage. As of Monday Web sites for Amnesty International Hong Kong, the Cambodian Ministry of Foreign Affairs and the US Center for Defense Information (CDI) remained rigged to slip “hostile” code onto visitors’ computers, according to the Shadowserver Foundation, which is devoted to tracking and reporting Internet threats. “These attackers are not spreading malware through strategically compromised Web sites to make friends,” Shadowserver researchers Steven Adair and Ned Moran warned in a blog post. “They are aiming to expand their access and steal data.”

Data typically sought included messages, intellectual property, research, and business intelligence such as contracts and negotiations, according to security specialists. “The CDI Web site is currently serving up a malicious Flash exploit that ties back to attackers known to engage in cyberespionage,” the researchers said. “This threat group appears to be interested in targets with a tie to foreign policy and defense activities.” In recent weeks, Shadowserver has seen an array of “strategic Web compromises” taking advantage of flaws in Oracle Java and Adobe Flash programs. The tactic is referred to as a “drive-by” attack by computer security specialists because people’s computers are secretly infected simply by visiting a reputable Web site unaware that it has been booby-trapped by hackers.

A Web site for the International Institute of Counter-Terrorism at the Interdisciplinary Center in Herzliya, Israel, was listed among those compromised by hackers. Shadowserver said that it began looking into the hacks after researchers at Websense reported last week that the main page of Amnesty International United Kingdom had been rigged with drive-by malware. There are indications that a Web site for the American Research Center in Egypt was briefly compromised last week in a manner similar to the CDI page hack, according to Shadowserver.

Earlier this month the Center for European Policy Studies Web site at ceps.eu was similarly compromised, according to the volunteer-based Internet security group. Shadowserver referred to the hacks as “advance persistent threats,” a term used in the industry to refer to cyberespionage by groups such as governments. “Many of these attackers are quite skilled at moving laterally within an organization and will take advantage of any entry point they have into a network,” the researchers said. “Cyberespionage attacks are not a fabricated issue and are not going away any time soon.”

Web sites fall victim to cyberspies - Taipei Times

 

[waltky]

Granny gonna throw a towel over her webcam when she inna bathtub...

Mueller: ‘Substantial’ Risk of Cyber Attack in Next 10 Years
May 17, 2012 – FBI Director Robert Mueller told a Senate committee on Wednesday that there is a “substantial” risk that the nation will face a cyber attack in the next decade.

Sen. Lindsey Graham (R-S.C.) asked Mueller if he had all the resources necessary to defend the nation against a cyber attack “within reason.” “We need additional resources. We’re reprioritizing. We’re reorganizing …” Mueller testified before the Senate Judiciary Committee. “What’s the risk to the nation of a cyber attack in the next decade?” Graham asked. To which Mueller replied: “Substantial."

Mueller said the nation’s cybersecurity faces “increasingly complex threats.” “Nation-state actors, sophisticated organized crime groups, and hackers for hire are stealing intelligence and national security data, as well as trade secrets and valuable research from America’s companies, universities, and government agencies. These cyber threats are also a risk for our nation’s critical infrastructure,” he added.

Graham asked Mueller to list the needs of his agency to address the cybersecurity threat so that Graham could “spread them” to his colleagues. “Have done it, will do it,” Mueller replied.

Gordon Snow, assistant director of the FBI’s cyber division, testified before the Senate Judiciary Committee’s Subcommittee on Crime and Terrorism on April 12, 2012, that “the threat has reached the point that given enough time, motivation, and funding, a determined adversary will likely be able to penetrate any system that is accessible directly from the Internet.” “It is difficult to state with confidence that our critical infrastructure—the backbone of our country’s economic prosperity, national security, and public health—will remain unscathed and always be available when needed.

MORE

 

[waltky]

Major ongoing cyber-espionage effort against the US...

US is target of massive cyberespionage: report
Tue, Feb 12, 2013 - The US intelligence community has concluded that the US is the target of a massive cyberespionage campaign that is threatening its competitiveness, the Washington Post reported late on Sunday.

Citing unnamed officials, the newspaper said the conclusion is contained in the National Intelligence Estimate (NIE), a classified report that represents the consensus view of the US intelligence community. The report identifies China as the country most aggressively seeking to penetrate the computer systems of US businesses and institutions to gain access to data that could be used for economic gain, the paper said.

The document, according to the Post, identifies energy, finance, information technology, aerospace and automotive companies as the most frequent targets of cyberattacks. Outside experts have estimated the damage to the US economy in the tens of billions of dollars, the paper said. The NIE names three other countries — Russia, Israel and France — as having engaged in mining for economic intelligence, but makes clear that cyberespionage by those countries pales in comparison with China’s effort, the paper notes.

The administration of US President Barack Obama is trying to counter the electronic theft of trade secrets by lodging formal protests, expelling diplomatic personnel, imposing travel and visa restrictions, and complaining to the WTO, the Post said. The US Department of Justice set up a program in the past year to train 100 prosecutors to bring cases related to cyberintrusions sponsored by foreign governments, the newspaper said. The Post said much of China’s cyberespionage is thought to be directed at commercial targets linked to military technology.

US is target of massive cyberespionage: report - Taipei Times

 

[TruthSeeker56]

The problem with these types of "national security" umbrella laws is WHO determines what is a national security concern?

Facebook? Verizon? AT&T? Microsoft?

The thought of some $10.00 an hour flunky internet "monitor" deciding if I am a "threat" to national security is both ludicrous and a complete infringement of many basic rights that are guaranteed by our Constitution.

Big Brother putting us under a microscope even MORE, is not acceptable.

 

[Truthmatters]

yeah doesnt sound real good for civil liberties

 

[waltky]

$3.6 million to be donated to cybersecurity initiative by major tech firms...

Tech Companies Fund Cybersecurity Initiative
April 24, 2014 ~ Several of the world's biggest technology companies are donating millions of dollars to fund security improvements in open source programs like OpenSSL, after the software's "Heartbleed" glitch sent the computer industry into a panic.

The non-profit Linux Foundation announced the plan on Thursday. The technology group funding the improvements include Amazon, Cisco Systems, Facebook, Google, IBM, and seven other companies. The companies in this Core Infrastructure Initiative group each will donate $300,000 to the venture.

An employee in the city hall in Munich is watching the webpage of the Linux operating system in Munich, southern Germany

The Heartbleed bug is in a vulnerable version OpenSSL that potentially exposes millions of passwords, credit card numbers and other sensitive bits of information to theft. It was discovered earlier this month.

Days after its discovery, the director of Homeland Security's National Cybersecurity and Communications Integration Center, Larry Zelvin, said there was not any reported attacks from the bug. But he said it is still possible that malicious actors could exploit unpatched systems.

Tech Companies Fund Cybersecurity Initiative

 

[whitehall]

It should be noted that the bill was sponsored by a republican and a democrat and apparently had bi-partisan support. The problem is that we have about a dozen competing "intelligence" agencies and a gigantic Homeland Security bureau which has become nothing but a political tool covering up wrong-doing by other government agencies. The government hires drones that collect a paycheck and aren't smart enough to defend the Country against "cyber attacks". I don't have a solution except that new laws just pile up more bureaucracy.

 

[Ceminus]

Honestly the bigger problem with these kind of laws is who is being represented? Us, the computer companies, the Government, or some other private interest? When you look to the media you have to be careful that the news comes from what 6 news organizations now who are controlled by more private interest, so when they say we need a new law like this, is it protecting us or someone else's interest. I honestly think this is one more for controlling the general public under the umbrella of oh look people crawling through the web are going to get ya!! Watch out!!! In this case probably our own government....

 

[LoneLaugher]

I don't fight stupid stuff the government does here, I fight it where it makes a difference. I use this place to mock the government, and all the idiots who support it.

Restated.

Er....I haven't been paying attention to that issue at all. Seeing that the GOP led house passed it, I'm sure it ain't all that bad. So....I have decided that I will not voice my opinion about it here.....like I do just about every-fucking-thing. I will "fight" this where it matters!

Yeah! That's it! Yeah!

 

[regent]

I thought the House only voted on repealing Obamacare? Is the House now branching out into other areas?

 

[editec]

Privacy does NOT exist in the digital world.

I do not care what the laws say, I know damned well that privacy is impossible in this venue.