US Indymedia Global Indymedia Publish About us
Printed from Boston IMC : http://boston.indymedia.org/
Boston.Indymedia
IVAW Winter Soldier

Winter Soldier
Testimonies
Brad Presente

Other Local News

Spare Change News
Open Media Boston
Somerville Voices
Cradle of Liberty
The Sword and Shield

Local Radio Shows

WMBR 88.1 FM
What's Left
WEDS at 8:00 pm
Local Edition
FRI (alt) at 5:30 pm

WMFO 91.5 FM
Socialist Alternative
SUN 11:00 am

WZBC 90.3 FM
Sounds of Dissent
SAT at 11:00 am
Truth and Justice Radio
SUN at 6:00 am

Create account Log in
Comment on this article | View comments | Email this article | Printer-friendly version
News :: Globalization
Aaron Swartz Can’t Fight the New Cybersecurity Bill, So We Must Do It
13 Jul 2014
computer.jpg
In late 2011 and early 2012, activists, progressive politicians and Internet companies led in part by Internet freedom advocate Aaron Swartz came together to defeat the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). Advertised as measures against copyright infringement, the bills would have opened any website that contained copyrighted material it was not authorized to publish on any of its pages to a forced shutdown. A site that unknowingly held a copyrighted image in a comment section, for instance, would have been eligible as a violator. Virtually everyone was susceptible to closure.

The Cyber Intelligence Sharing and Protection Act (CISPA) followed SOPA and PIPA in April 2012. CISPA was worse than its predecessors, proposing that private companies be allowed to share user information, a provision that would have violated many privacy protections of the Internet. Recognizing this, Swartz fought again. “It sort of lets the government run roughshod over privacy protections and share personal data about you,” he said of the bill at the time. Again, he prevailed.

Now, a year and a half after Swartz killed himself, there is the Cybersecurity Information Sharing Act. CISA is a lot like CISPA, but could end up being even worse. Privacy and civil rights groups including the ACLU and the Electronic Frontier Foundation are standing up to fight it. In an article about the bill, the ACLU’s Sandra Fulton wrote: CISA “poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws.” The bill has been approved by the Senate Select Committee on Intelligence and will move to the Senate soon.

Gabe Rottman, a legislative counsel and policy adviser for the ACLU, spoke with Truthdig about CISA. He said the legislation resembles not only CISPA, but the proposed Cybersecurity Act of 2012, which according to him would have been a better bill for protecting privacy and preventing government overreach. “It represented a compromise between the privacy community, industry and the folks pushing cybersecurity on the Hill,” he said of the 2012 legislation. That bill did not pass. CISA borrows some of its elements and removes its privacy and civil rights protections.

“It would allow the use of information that is shared with the government for cybersecurity purposes to be used in the prevention and investigation of crime under the Espionage Act, which includes national security leaks and whistle-blowers,” Rottman added. He said CISA would allow government intelligence agencies not only to retrieve metadata from communication companies on a “voluntary” basis, but also to collect content from emails, texts or other written communications without a warrant. Once the information is in the possession of the Department of Homeland Security, the measure would allow it to be shared with other government entities such as the NSA and the military and possibly even local police forces.

“It could quite literally become an investigative tool,” Rottman said. CISA could enable the government to approach a communications company and find bundles of communications from a number of suspects anytime a new whistle-blower is suspected. It has a provision that is meant to protect people. Personal information is supposed to be removed if it isn’t related to a cybersecurity threat, but it’s unclear how much information would actually be scrubbed.

A further problem with CISA is that it removes protections under Freedom of Information Act and state laws that would allow people to inquire whether their communications have been collected. Rottman said that “the chance you’ll find out that your information has been shared is lessened because of the FOIA exception, and there is an incentive for oversharing, and the information automatically gets shared with the rest of the government.” Furthermore, the bill protects companies that share information from being scrutinized for having done so.

Additionally, CISA doesn’t affect just whistle-blowers and those people who could be considered serious threats to intelligence agencies. It applies to anyone the government could deem a cybersecurity threat as well. This qualification for suspicion is very broad.

In the case against Swartz over his massive, unauthorized downloading of commercial academic journals from MIT, the courts used the Computer Fraud and Abuse Act of 1984 to prosecute him, alleging that downloading the journals was a violation of the network’s terms of service. Under the CFAA, violating the terms of service for any website or Internet tool is considered a criminal offense. For instance, lying about one’s age when registering with a website or accidentally breaking a rule listed in user contracts with Facebook or an email platform could make one a culprit. Under CISA, such harmless violations would make user communications legally vulnerable to government access.

Privacy and civil rights groups also contend CISA does not contain any provisions to protect Net neutrality. Where the Cybersecurity Act of 2012 maintained that terms like “cybersecurity threat” could not be used to inflict damage on open Internet rules, CISA contains no such language.

The ACLU, Electronic Frontier Foundation and many organizations believe CISA would be a boon to the NSA and other intelligence agencies, as well as a serious threat to privacy and protection from warrantless investigation. The Fourth Amendment is meant to protect Americans from such monitoring, but CISA could erase that civil right. Swartz led the fight against the death of our privacy, an open Internet and protection from persecution online. In his absence, others are stepping up to the plate. People continue to be outraged over the revelations made by NSA whistle-blower Edward Snowden, but the government continues to pump steroids into the spy agency’s far-reaching arms.

Thor Benson is a traveling writer who currently lives in Los Angeles. He has written for Slate, Vice, Fast Company and many others. Follow him at @thor_benson.

“The Internet’s Own Boy” is a new documentary about Aaron Swartz’s fight to protect the Internet and his own legal troubles from fighting for open access to academic journals.


http://www.truthdig.com/report/item/aaron_swartz_cant_fight_the_new_cybe

This work is in the public domain
Add a quick comment
Title
Your name Your email

Comment

Text Format
Anti-spam Enter the following number into the box:
To add more detailed comments, or to upload files, see the full comment form.

Comments

Ellsberg Billboards Urge Whistleblowing in DC: ‘Tell the Truth with Documents’
14 Jul 2014
Click on image for a larger version

ellsberg-sign.jpg
In an unprecedented push for whistleblowing in the nation’s capital, the new organization ExposeFacts announced today that 13 billboards have gone up near Capitol Hill, the Justice Department, the White House, the Government Accountability Office, the Defense Intelligence Agency, the State Department, a popular bookstore at Dupont Circle and other prominent locations.

The six-foot billboards display a message from Pentagon Papers whistleblower Daniel Ellsberg: “Don’t do what I did. Don’t wait until a new war has started, don’t wait until thousands more have died, before you tell the truth with documents that reveal lies or crimes or internal projections of costs and dangers. You might save a war’s worth of lives.”

Ellsberg is a member of the advisory board of ExposeFacts, which is encouraging whistleblowers to “disclose information that citizens need to make truly informed decisions in a democracy.” He joined with NSA, State Department, EPA and Justice Department whistleblowers to help launch the new organization, which is part of the nonprofit Institute for Public Accuracy.

ExposeFacts “aims to shed light on concealed activities that are relevant to human rights, corporate malfeasance, the environment, civil liberties and war,” the group says. The ExposeFacts.org site features the whistleblower submission system known as “SecureDrop,” provided by the Freedom of the Press Foundation.

http://antiwar.com/blog/2014/07/09/ellsberg-billboards-urge-whistleblowi/
Cybersecurity Bill
15 Jul 2014
Click on image for a larger version

CR072k14-Privacy_01_Intro.jpg
Cybersecurity bill will expand surveillance powers of US military and intelligence agencies - 15 July 2014

The Senate Intelligence Committee voted 12-3 last week in favor of the Cybersecurity Information Sharing Act (CISA) of 2014, new legislation that massively expands the data-gathering powers of the US security, intelligence and military bureaucracies, by allowing “voluntary” information sharing between private companies and the government.

The Intelligence Committee “marked up” the bill in two secret sessions closed to the public. The bill, which was drafted by Senators Saxby Chambliss (Republican, Georgia) and Dianne Feinstein (Democrat, California), is now set to go before the chamber as a whole.

CISA clears the way for virtually unrestrained information sharing between the US government and corporations. Under the bill, large quantities of data can be transferred from companies to the Department of Homeland Security (DHS) without any form of legal review, so long as the data is considered “cybersecurity information.”

Once acquired from the telecommunications corporations, DHS will then automatically share the data in real time with the US National Security Agency (NSA), Cyber Command (USCYBERCOM), and other sections of the Defense Department (DoD) bureaucracy. The government agencies are authorized to retain data shared in this way indefinitely.

These legislative changes amount to a far-reaching extension of the powers of the military apparatus to intervene in civilian electronic systems. As the New America Foundation (NAF) wrote in its report, “Analysis of the Cybersecurity Information Sharing Act of 2014: A Major Step Back on Privacy, DHS would serve merely as a portal for DOD entities to receive cyber threat indicators, and there would be no functional distinction between sharing with a civilian agency and sharing directly with the NSA.” The broad language of CISA, New America wrote, “may be interpreted to authorize the government to gain direct access to a company’s information systems to receive cyber threat indicators.”

Broad language in CISA leaves the door open for companies to engage in “hack-back” activities, such as deploying malware and spyware on the machines of customers, according to the NAF report. Individuals who are harmed by CISA-based activities have no avenue to address their grievances, since the bill contains strong protections for companies from any liabilities associated with information sharing, protecting them against lawsuits by users whose privacy and democratic rights are violated by such operations.

Exemptions from the Freedom of Information Act (FOIA) and other “sunshine laws” are built into the legislation, shielding the information sharing programs from public scrutiny.

At the same time, the bill hands the US government another powerful weapon for its war against “insider threats” (government terminology for leakers and whistleblowers), allowing for data collected through the mass information sharing to be used for prosecutions launched under the Espionage Act.

The CISA legislation effectively transfers new surveillance powers to domestic police agencies. State and local law enforcement are empowered by CISA to “use, retain, and further share” data obtained through the information sharing program to launch or aid investigations completely unrelated to cybersecurity.

Numerous civil rights and watchdog organizations have announced opposition to the CISA bill. The Center for Democracy in Technology (CDT) described CISA as a “backdoor wiretap,” writing that CISA “addresses none of the Snowden revelations about the NSA” and would “funnel more private communications and communications information to the NSA.”

Writing for the American Civil Liberties Union (ACLU), Sandra Fulton argued that the CISA bill “poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws.”

As noted by Fulton, “the definition they are using for the so-called ‘cybersecurity information’ is so broad it could sweep up huge amounts of innocent Americans’ personal data … CISA would circumvent the warrant requirement [established in the Fourth Amendment] by allowing the government to approach companies directly to collect personal information, including telephonic or Internet communications, based on the new broadly drawn definition of ‘cybersecurity information.’”

CIPSAisBack.org, a web site dedicated to monitoring US cybersecurity legislation, wrote that the bill “would allow for and encourage sweeping data mining taps on Internet users for the undefined purpose of domestic ‘cybersecurity.’”

CISA may also bolster US government efforts to “stockpile vulnerabilities,” a practice whereby weaknesses discovered in existing computer networks are not disclosed to the network operators, but instead are recorded for possible future exploitation by teams of government hackers. As revealed by Edward Snowden last summer, Washington has already ordered the hacking of hundreds of civilian targets in China.

Under the auspices of “cybersecurity,” the US government is building powerful new components of the national security state, empowered to carry out new forms of surveillance and data acquisition as well as cyber-attacks against computer systems deemed threatening by the government. These powers can be used to shut down web sites, networks, and entire sections of the Internet.

While the Constitution prohibits military and espionage operations inside the US, intelligence officials have openly expressed ambitions to overcome these restrictions.

As a senior intelligence agent told the New York Times in 2009 in the lead-up to the launch of the Pentagon’s Cyber Command (CYBERCOM), “These attacks start in other countries, but they know no borders. So how do you fight them if you can’t act both inside and outside the United States?”

CYBERCOM went operational in May of 2010, under the command of General Keith Alexander. Alexander told the Brookings Institute in 2010 that while CYBERCOMMAND currently plays no role in the nation’s civilian networks, in exceptional circumstances an executive order could be issued allowing the DoD-based agency to assume control over civilian information systems.

http://www.wsws.org/en/articles/2014/07/15/cybe-j15.html