Bipartisan complicity's
involved in hyping cyber threats. At issue is promoting draconian cybersecurity
legislation.
Obama supports congressional effects. Internet freedom's at stake. So
are other civil liberties.
On March 8, the Department of Homeland Security (DHS) conducted a mock
New York cyber attack. At issue was gaining support for pending Senate
legislation.
White House spokesperson Caitlin Hayden called the stunt a way to give
"senators....an appreciation for new legislative authorities that would
help the U.S. government prevent and more quickly respond to cyber attacks."
DHS Secretary Janet Napolitano said:
"The fact that we could be subject to a catastrophic attack under the
right circumstances and we now know some of the things that would help
us to protect against such an attack, that’s why it’s important now
for the Congress to take this up."
Destroying a free and open Internet and other civil liberties is no
way to do it. Power grab politics are in play. Major media scoundrels
are silent.
The past decade witnessed a systematic war on freedom. It last vestiges
are being attacked. Unless stopped, tyranny will gain full control.
It practically has it now.
Bipartisan complicity's on board to seize it. So is Obama. Bad as things
are now, the worst is yet to come.
In recent years, various cybersecurity bills were introduced. Recent
House and Senate versions are the latest threat.
On November 30, 2011, HR 3523: Cyber Intelligence Sharing and Protection
Act of 2011 was introduced. It's pending for further consideration.
On February 14, a companion Senate version was offered - S. 2105: Cybersecurity
Act of 2012. It also awaits further consideration.
The Electronic Frontier Foundation (EFF) said the House version gives
"companies or the government free rein to bypass existing laws in order
to monitor communications, filter content, or potentially even shut
down access to online services for 'cybersecurity purposes.' "
Companies are urged to share information with each other and Washington.
At issue is allegedly foiling potential cyber attacks. In fact, the
bill attacks vital freedoms.
Claiming a possible cyber threat, the bill lets government and business
bypass existing laws. They include prohibiting telecommunication companies
from monitoring routine communications. The bill permit it as long as
done in "good faith."
Likely abuse is obvious. For example, bill language says "cyber threat
intelligence" and "cybersecurity purpose" mean "theft or misappropriation
of private or government information, intellectual property, or personally
identifiable information."
EFF calls it "a little piece of SOPA wrapped up in a bill that’s supposedly
designed to facilitate detection of and defense against cybersecurity
threats. The language is so vague that an ISP could use it to monitor
communications of subscribers for potential infringement of intellectual
property."
As a result, ISPs could block or prevent access to accounts accused
of infringing, whether or not true. At risk are those providing vital
suppressed information everyone has a right to know.
Already severely weakened, First Amendment freedoms could erode further
or entirely disappear. Anything business or government finds offensive
could be blocked from the public domain. Online information as we now
know it could vanish.
Freedoms we take for granted are on the chopping block to eliminate.
Passage of current House and Senate bills will be a giant step toward
doing it. They provide powerful new repressive tools. Any site or blog
could be called a "cyber threat."
Congress wants legislation passed this year. So does Obama. HR 3523
is one of the worst. The Senate version is almost as bad. Vague language
is their common denominator.
For example, the Senate bill states:
"(C)ybersecurity threat” means any action that may result in unauthorized
access to, exfiltration of, manipulation of, or impairment to the integrity,
confidentiality, or availability of an information system or information
that is stored on, processed by, or transiting an information system."
A "cybersecurity threat indicator" is defined in hugely disjunctive
vague scenarios. They include, for example, "a method of defeating a
technical (or operational) control." Merely using "a proxy or anonymization
service" to access sites could be called a "cybersecurity threat indicator."
So could using cryptography to protect personal communications or be
able to access systems securely. Nearly anything could be misinterpreted
as a threat.
Government and business could monitor online traffic and communications
without Wiretap Act or other legal restrictions.
"Effectively, the broad definitions of threats could immunize a whole
host of monitoring activities by a huge swath of different government
and non-government actors."
In addition, S. 2105 and a newer March 1 S. 2151: SECURE IT bills let
"private entities" operate "countermeasures." Vague language means those
allowed are open to interpretation. Abuses are certain.
Acting with "defensive intent" can also be abused. As always, the devil's
in the details and potential latitude within them. Most worrisome is
government and business in bed against personal freedoms for greater
control.
ISPs could block all traffic on certain ports or filter out what they
don't want the public to know. Cryptographic protocols could also be
crippled. The best defense is a strong offense, no matter how destructive
to personal freedoms.
EFF calls potential abuses worrisome. It's not known what countermeasures
would be used. Senate and House bills give no guidance. Government and
business will decide on their own privately. Transparency won't exist.
Safeguarding civil liberties requires laws with "utmost specificity."
Concrete, not vague, language is essential. Online freedom depends on
it. Cybersecurity should protect everyone equally, not government and
business alone.
A Final Comment
EFF raised four unanswered questions in both Senate bills and the House
one:
(1) Who'll be in charge of cybersecurity?
HR 3523 has the military/intelligence community running it. Still another
House bill (HR 3674 introduced last December) puts DHS in charge.
EFF calls civilian control essential. Without it, openness, transparency,
and accountability would be entirely destroyed. It may be either way,
depending on enacted language and how it's interpreted.
(2) What constitutes a cybersecurity threat?
House and Senate bills lack clear definitions. Potential harm is obvious.
People adopting privacy and security measures EFF recommends, potentially
could be treated like criminals.
"(L)legitimate security research would be targeted and security researchers
could find themselves under perpetual scrutiny as potential "cybercriminals.'
"
(3) What does "information sharing" mean?
House and Senate bills mandate it in some form. They also let government
and business collude. Information sharing's urged, including private
emails, web searches, GPS data, social networking, and other personal
data.
Moreover, claiming cybersecurity threats immunizes abusers from civil
or criminal liability. Information sharing, in fact, is a euphemism
for surveillance and other countermeasures like filtering content, blocking
access to web sites, or shutting them down.
(4) Will an eventual cybersecurity law enhance or harm security?
Benefits are possible if everyone's protected equally with no personal
freedoms infringed. Proposed House and Senate bills erode or entirely
destroy them.
Measures improving online security are laudable. Major operating systems
are vulnerable, as are various types of commercial software. Nothing
is fail-safe, but better encryption, more secure protocols, and better
authentication methods could improve things.
House and Senate bills fall short. "Instead of creating incentives for
better defensive Internet security, the proposed bills take an offensive
posture: more monitoring, more surveillance, and more disclosure of
your private information."
Instead of improving online safety, user privacy and security more than
ever will be comprised en route to destroying them altogether and a
free and open Internet along with it. The stakes are that great.
Stephen Lendman lives in Chicago and can be reached at lendmanstephen@sbcglobal.net.
Also visit his blog site at sjlendman.blogspot.com and listen to cutting-edge
discussions with distinguished guests on the Progressive Radio News
Hour on the Progressive Radio Network Thursdays at 10AM US Central time
and Saturdays and Sundays at noon. All programs are archived for easy
listening.
http://www.progressiveradionetwork.com/the-progressive-news-hour/
|