Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged DHS-Spying

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

A Zombie Bill Comes Back to Life: A Look at The Senate's Cybersecurity Information Shar... - 0 views

www.eff.org/...y-information-sharing-act-2014

surveillance state NSA legislation Cybersecurity Bill Feinstein

shared by Paul Merrell on 12 Jul 14 - No Cached
  • The Senate Intelligence Committee recently introduced the Cybersecurity Information Sharing Act of 2014. It’s the fourth time in four years that Congress has tried to pass "cybersecurity" legislation. Unfortunately, the newest Senate bill is one of the worst yet. Cybersecurity bills aim to facilitate information sharing between companies and the government, but they always seem to come with broad immunity clauses for companies, vague definitions, and aggressive spying powers. Given such calculated violence to users' privacy rights, it’s no surprise that these bills fail every year. What is a surprise is that the bills keep coming back from the dead. Last year, President Obama signed Executive Order 13636 (EO 13636) directing the Department of Homeland Security (DHS) to expand current information sharing programs that are far more privacy protective than anything seen in recent cybersecurity bills. Despite this, members of Congress like Rep. Mike Rogers and Senator Dianne Feinstein keep on introducing bills that would destroy these privacy protections and grant new spying powers to companies.
  • Aside from its redundancy, the Senate's bill grants two new authorities to companies. First, the bill authorizes companies to launch countermeasures for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system. Combined, the two definitions could be read by companies to permit attacks on machines that unwittingly contribute to network congestion. The countermeasures clause will increasingly militarize the Internet—a prospect that may appeal to some "active defense" (aka offensive) cybersecurity companies, but does not favor the everyday user. Second, the bill adds a new authority for companies to monitor information systems to protect an entity's rights or property. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called “cyber threat indicators,” freely with government agencies like the NSA.
  • Such sharing will occur because under this bill, DHS would no longer be the lead agency making decisions about the cybersecurity information received, retained, or shared to companies or within the government. Its new role in the bill mandates DHS send information to agencies like the NSA—"in real-time and simultaneous[ly]." DHS is even barred from "delay[ing]" or "interfer[ing]" with the information, which ensures that DHS's current privacy protections won’t be applied to the information. The provision is ripe for improper and over-expansive information sharing. This leads to a question: What stops your sensitive personal information from being shared by companies to the government? Almost nothing. Companies must only remove personally identifiable information if the information is known to be US person information and not directly related to the threat. Such a willful blindness approach is inappropriate. Further, the bill does not even impose this weak minimization requirement on information shared by, and within, the government (including federal, state, local, and tribal governments) thereby allowing the government to share information containing personally identifiable information. The bill should require deletion of all information not directly related to a threat.
  • ...2 more annotations...
  • Once the information is sent to a government agency, it can use the information for reasons other than for cybersecurity purposes. One clause even allows the information to be used to prosecute violations of the Espionage Act—a World War I era law that was meant to prosecute spies but has been used in recent years primarily to go after journalists’ sources. The provisions grant the government far too much leeway in how to use the information for non-cybersecurity purposes. The public won’t even know what information is being collected, shared, or used because the bill will exempt all of it from disclosure under the Freedom of Information Act.
  • The bill also retains near-blanket immunity for companies to monitor information systems, to share information, and to use countermeasures. The high bar immunizes an incredible amount of activity, including negligent damage to property and may deprive private entities of legal recourse if a computer security contractor is at fault for destruction of property. Existing private rights of action for violations of the Wiretap Act, Stored Communications Act, and the Computer Fraud and Abuse Act would be precluded or at least sharply restricted by the clause. It remains to be seen why such immunity is needed when just a few months ago, the FTC and DOJ noted they would not prosecute companies for sharing such information. It's also unclear because we continue to see companies freely share information among each other and with the government both publicly via published reports and privately.
Paul Merrell

Public Citizen Press Room - 0 views

www.citizen.org/...pressroomredirect.cfm

surveillance state NSA DHS censorship NSA-blowback

shared by Paul Merrell on 31 Oct 13 - No Cached
  • Public Citizen Defends Merchant From Unconstitutional Interference by NSA, Department of Homeland Security In Lawsuit Filed Against Agencies, Public Citizen Argues That Attempts to Stop Production of Parody Merchandise Are Inconsistent With First Amendment BALTIMORE, Md. – A Minnesota activist who uses images and names of government agencies on satirical merchandise is entitled to do so under the First Amendment, Public Citizen argued in a lawsuit filed today against the National Security Agency (NSA) and the Department of Homeland Security (DHS) on behalf of the merchant. The suit, filed in the U.S. District Court for the District of Maryland, targets cease-and-desist letters sent to the merchant’s producer by the NSA and DHS. On his website LibertyManiacs.com, Sauk Rapids, Minn., resident Dan McCall sells T-shirts, hats, bumper stickers and other items with his designs, printed by Zazzle.com – for example, a mug with the NSA seal above the words “Spying On You Since 1952” and a parodied NSA seal that says “Peeping While You’re Sleeping” above the words “The NSA: The only part of government that actually listens.”
  • On March 15, 2011, Zazzle received a warning letter from the NSA, and on Aug 11, 2011, it received one from DHS. The NSA said that Zazzle, by selling the merchandise, was in violation of a provision of the National Security Agency Act of 1959 that prohibits the “use [of] the words ‘National Security Agency,’ the initials, ‘NSA,’ the seal of the National Security Agency, or any colorable imitation of such words … in connection with any merchandise, impersonation, solicitation, or commercial activity in a manner reasonably calculated to convey the impression that such use is approved, endorsed, or authorized by the National Security Agency” without the permission of the NSA. DHS said that Zazzle, by selling McCall’s DHS parody items, was in violation of a law making it a crime to “mutilate or alter the seal of any department or agency of the United States,” among other provisions. In the lawsuit filed in defense of McCall, Public Citizen points out that the graphics did not create any likelihood of confusion about source or sponsorship, and no reasonable person would believe that the agencies themselves produced merchandise with those messages. The complaint also asserts that the First Amendment protects McCall and Zazzle’s right to use the seals to accurately identify the agencies he is criticizing. “The agencies’ attempts to forbid McCall from displaying and selling his merchandise are inconsistent with the First Amendment,” said Paul Alan Levy, the Public Citizen attorney handling the case. “It’s bad enough that these agencies have us under constant surveillance; forbidding citizens from criticizing them is beyond the pale.”
  • Public Citizen is asking the court to declare that several provisions of the National Security Agency Act cannot be enforced to forbid McCall from displaying his merchandise, and that two other laws are unconstitutionally overbroad because they violate the First Amendment by saying no one can “mutilate or alter the seal of any department or agency of the United States.” McCall is now selling his merchandise at CafePress.com. See the full complaint for declaratory relief here.
Paul Merrell

Israel Won't Stop Spying on the U.S. - 0 views

www.newsweek.com/ael-wont-stop-spying-us-249757

war & peace espionage Israel visa-waiver

shared by Paul Merrell on 07 May 14 - No Cached
  • Whatever happened to honor among thieves? When the National Security Agency was caught eavesdropping on German Chancellor Angela Merkel’s cell phone, it was considered a rude way to treat a friend. Now U.S. intelligence officials are saying—albeit very quietly, behind closed doors on Capitol Hill—that our Israeli “friends” have gone too far with their spying operations here. According to classified briefings on legislation that would lower visa restrictions on Israeli citizens, Jerusalem’s efforts to steal U.S. secrets under the cover of trade missions and joint defense technology contracts have “crossed red lines.”  Israel’s espionage activities in America are unrivaled and unseemly, counterspies have told members of the House Judiciary and Foreign Affairs committees, going far beyond activities by other close allies, such as Germany, France, the U.K. and Japan. A congressional staffer familiar with a briefing last January called the testimony “very sobering…alarming…even terrifying.” Another staffer called it “damaging.”  The Jewish state’s primary target: America’s industrial and technical secrets. 
  • “No other country close to the United States continues to cross the line on espionage like the Israelis do,” said a former congressional staffer who attended another classified briefing in late 2013, one of several in recent months given by officials from the Department of Homeland Security (DHS), the State Department, the FBI and the National Counterintelligence Directorate. 
  • “I don’t think anyone was surprised by these revelations,” the former aide said. “But when you step back and hear…that there are no other countries taking advantage of our security relationship the way the Israelis are for espionage purposes, it is quite shocking. I mean, it shouldn’t be lost on anyone that after all the hand-wringing over [Jonathan] Pollard, it’s still going on.” Israel and pro-Israel groups in America have long lobbied U.S. administrations to free Pollard, a former U.S. naval intelligence analyst serving a life sentence since 1987 for stealing tens of thousands of secrets for Israel. (U.S. counterintelligence officials suspect that Israel traded some of the Cold War-era information to Moscow in exchange for the emigration of Russian Jews.) After denying for over a decade that Pollard was its paid agent, Israel apologized and promised not to spy on U.S. soil again. Since then, more Israeli spies have been arrested and convicted by U.S. courts. 
  • ...4 more annotations...
  • I.C. Smith, a former top FBI counterintelligence specialist during the Pollard affair, tells Newsweek, “In the early 1980s, dealing with the Israelis was, for those assigned that area, extremely frustrating. The Israelis were supremely confident that they had the clout, especially on the Hill, to basically get [away] with just about anything. This was the time of the Criteria Country List—later changed to the National Security Threat List—and I found it incredible that Taiwan and Vietnam, for instance, were on [it], when neither country had conducted activities that remotely approached the Pollard case, and neither had a history of, or a comparable capability to conduct, such activities.” While all this was going on, Israel was lobbying hard to be put on the short list of countries (38 today) whose citizens don’t need visas to visit here.  Until recently, the major sticking point was the Jewish state’s discriminatory and sometimes harsh treatment of Arab-Americans and U.S. Palestinians seeking to enter Israel. It has also failed to meet other requirements for the program, such as promptly and regularly reporting lost and stolen passports, officials say—a problem all the more pressing since Iranians were found to have boarded the missing Malaysia Airlines flight with stolen passports. 
  • “But this is the first time congressional aides have indicated that intelligence and national security concerns also are considerations in weighing Israel’s admission into the visa waiver program,” Jonathan Broder, the foreign and defense editor for CQ Roll Call, a Capitol Hill news site, wrote last month. He quoted a senior House aide as saying, “The U.S. intelligence community is concerned that adding Israel to the visa waiver program would make it easier for Israeli spies to enter the country.” The Israelis “thought they could just snap their fingers” and get friends in Congress to legislate visa changes, a Hill aide said, instead of going through the required hoops with DHS.
  • Congressional aides snorted at the announcement. “The Israelis haven’t done s**t to get themselves into the visa waiver program,” the former congressional aide said, echoing the views of two other House staffers working on the issue. “I mean, if the Israelis got themselves into this visa waiver program and if we were able to address this [intelligence community] concern—great, they’re a close ally, there are strong economic and cultural links between the two countries, it would be wonderful if more Israelis could come over here without visas. I’m sure it would spur investment and tourist dollars in our economy and so on and so forth. But what I find really funny is they haven’t done s**t to get into the program. They think that their friends in Congress can get them in, and that’s not the case. Congress can lower one or two of the barriers, but they can’t just legislate the Israelis in.” The path to visa waivers runs through DHS and can take years to navigate.
  • Israel is not even close to meeting those standards, a congressional aide said. “You’ve got to have machine-readable passports in place—the e-passports with a data chip in them. The Israelis have only just started to issue them to diplomats and senior officials and so forth, and that probably won’t be rolled out to the rest of their population for another 10 years.” But U.S. counterspies will get the final word. And since Israel is as likely to stop spying here as it is to give up matzo for Passover, the visa barriers are likely to stay up. As Paul Pillar, the CIA’s former national intelligence officer for the Near East and South Asia, told Newsweek, old habits are hard to break: Zionists were dispatching spies to America before there even was an Israel, to gather money and materials for the cause and later the fledgling state. Key components for Israel’s nuclear bombs were clandestinely obtained here. “They’ve found creative and inventive ways,” Pillar said, to get what they want. “If we give them free rein to send people over here, how are we going to stop that?” the former congressional aide asked. “They’re incredibly aggressive. They’re aggressive in all aspects of their relationship with the United States. Why would their intelligence relationship with us be any different?”
Gary Edwards

» EXCLUSIVE: Snowden Level Documents Reveal Stealth DHS Spy Grid Alex Jones' ... - 0 views

www.infowars.com/ts-reveal-stealth-dhs-spy-grid

NSA-Patriot-Act-NDAA Edward-Snowden DHS-Spying

shared by Gary Edwards on 12 Nov 13 - No Cached
  • “The NMS also collects information about every Wi‐Fi client accessing the network, including its MAC address, IP address, signal intensity, data rate and traffic status,” the document reads. “Additional NMS features include a fault management system for issuing alarms and logging events according to a set of customizable filtering rules, along with centralized and version‐controlled remote updating of the Aruba Mesh Operating System software.”
  • Gary Edwards on 12 Nov 13
     
    It just keeps getting better ............... excerpt: "The wireless mesh network, which allows for private communication between wireless devices including cell phones and laptops, was built by California-based Aruba Networks, a major provider of next-generation mobile network access solutions. Labeled by their intersection location such as "1st&University" and "2nd& Seneca," the multiple network devices are easily detected in Seattle's downtown area through a simple Wi-Fi enabled device, leading many residents to wonder if they are being detected in return. "How accurately can it geo-locate and track the movements of your phone, laptop, or any other wireless device by its MAC address? Can the network send that information to a database, allowing the SPD to reconstruct who was where at any given time, on any given day, without a warrant? Can the network see you now?" asked Seattle newspaper The Stranger. According to reports from Kiro 7 News, the mesh network devices can capture a mobile user's IP address, mobile device type, apps used, current location and even historical location down to the last 1,000 places visited. So far Seattle police have been tight-lipped about the network's roll-out, even denying that the system is operational. Several groups including the ACLU have submitted requests to learn the programs intended use, but days have turned to months as the mesh network continues its advancement. According to The Stranger's investigation, Seattle Police detective Monty Moss claims the department has no plans to use the mesh network for surveillance… unless given approval by city council. Despite a recently passed ordinance requiring all potential surveillance equipment to be given city council approval and public review within 30 days of its implementation, the network has remained shrouded in secrecy. Unknown to the public until now, information regarding the system has been hiding in plain view since last February at minimum. Diagr
Paul Merrell

Feds operated yet another secret metadata database until 2013 | Ars Technica - 0 views

arstechnica.com/...t-metadata-database-until-2013

surveillance state DEA phone-metadata litigation

shared by Paul Merrell on 18 Jan 15 - No Cached
  • In a new court filing, the Department of Justice revealed that it kept a secret database of telephone metadata—with one party in the United States and another abroad—that ended in 2013. The three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use "administrative subpoenas" to obtain business records and other "tangible things." The affidavit does not specify which countries records were included, but specifically does mention Iran. This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013.
  • The criminal case involves an Iranian-American man named Shantia Hassanshahi, who is accused of violating the American trade embargo against Iran. His lawyer, Mir Saied Kashani, told Ars that the government has clearly abused its authority. "They’ve converted this from a war on drugs to a war on privacy," he said. "[Hassanshahi] is not accused of any drug crime but they used this drug enforcement information to gather information against him, that's contrary to the law, and we will revisit that. We will bring motions in the court and we will appeal if necessary." Neither the DEA nor the Department of Justice immediately responded to Ars' query as to whether this program is continuing under a different authority.
  • The story begins in 2011, when a Department of Homeland Security (DHS) agent received a tip about someone who might be in violation of American sanctions against Iran. The source provided an e-mail from an Iranian businessman, Manoucher Sheiki, who was involved in acquiring power grid equipment. A second Homeland Security agent, Joshua Akronowitz, wrote in a 2013 affidavit that he searched Sheiki’s Iranian phone number in this database, but declined to explain exactly what kind of database it was. Akronowitz found that the Iranian number came up exactly one time in the database, and was linked to an 818 number, based in Los Angeles County. That number turned out to be the Google Voice number of Hassanshahi. DHS then subpoenaed Google, and got Hassanshahi’s call log and later, metadata on his Gmail account. By early 2012, the agency found out that he was set to return to Los Angeles from Iran. At LAX Airport, customs agents seized his phone, laptop, thumb drives, camcorder, and SIM cards and sent them to Homeland Security. Last year, Kashani, Hassanshahi’s lawyer, argued that this evidence should be suppressed on account that it was the "fruit of the poisonous tree"—obtained via illicit means. In support of his arguments, Kashani cited an important ongoing NSA-related lawsuit, Klayman v. Obama, which remains the only instance where a judge has order the NSA metadata program to be shut down—that order was stayed pending an appeal. (Earlier this month, Ars explored Klayman and other pending notable surveillance cases.)
  • ...3 more annotations...
  • In a December 2014 opinion in the Hassanshahi case, US District Judge Rudolph Contreras allowed the evidence, but also required that the government provide a "declaration summarizing the contours of the law enforcement database used by Homeland Security Investigations to discover Hassanshahi’s phone number, including any limitations on how and when the database may be used." To comply with the judge’s order, Robert Patterson, the assistant special agent in charge of the DEA, wrote in the Thursday filing: As noted, this database was a federal law enforcement database. It could be used to query a telephone number where federal law enforcement officials had a reasonable articulable suspicion that the telephone number at issue was related to an ongoing federal criminal investigation. The Iranian number was determined to meet this standard based on specific information indicating that the Iranian number was being used for the purpose of importing technological goods to Iran in violation of United States law. Previously, the government had not revealed exactly how it began its investigation of Hassanshahi, and only referred cryptically to "[DHS]-accessible law enforcement databases," in Akronowitz’ 2013 and  2014 affidavits.
  • Similarly, other privacy-minded legal experts questioned the government’s tactics in this new revelation. "We just don’t know about the scope of these things, and that’s what’s disturbing," Andrew Crocker, a legal fellow at the Electronic Frontier Foundation, told Ars. His colleague, Hanni Fakhoury, an EFF attorney who used to be a federal public defender, added that he was "not surprised." "Bulk surveillance technologies and the dangerous legal theories that are used to support them trickle down, and here's a prime example of that," he wrote by e-mail. "The DEA's mandate is of course important but not at the level of national security where as you know there are serious legal questions about the propriety of this collection of phone metadata. And if the DEA has a program like this, it wouldn't surprise me if other agencies do too for other sorts of records the government has claimed it can collect with a subpoena (like bank records)."
  • Patrick Toomey, an attorney with the American Civil Liberties Union, chimed in to say that this indeed was a clear example of government overreach. "This disclosure underscores how the government has expanded its use of bulk collection far beyond the NSA and the national-security context, to rely on mass surveillance in ordinary criminal investigations," he said by e-mail. "It’s now clear that multiple government agencies have tracked the calls that Americans make to their parents and relatives, friends, and business associates overseas, all without any suspicion of wrongdoing," Toomey continued. "The DEA program shows yet again how strained and untenable legal theories have been used to secretly justify the surveillance of millions of innocent Americans using laws that were never written for that purpose."
  • Paul Merrell on 18 Jan 15
     
    The authorizing statute clearly limits the scope of the administrative subpoena authority to drug related criminal investigations. "In any investigation relating to his functions under this subchapter with respect to controlled substances, listed chemicals, tableting machines, or encapsulating machines, the Attorney General may subpena witnesses, compel the attendance and testimony of witnesses, and require the production of any records (including books, papers, documents, and other tangible things which constitute or contain evidence) which the Attorney General finds relevant or material to the investigation."
Paul Merrell

2014 Press Release - NSA Announces New Civil Liberties and Privacy Officer" - 0 views

www.nsa.gov/...iberties_privacy_officer.shtml

surveillance state NSA Civil-Liberties-&-Privacy-Officer Rebecca-Richards

shared by Paul Merrell on 06 Apr 14 - No Cached
  • GEN Keith Alexander - Commander, U.S. Cyber Command/Director, NSA/Chief, CSS - announced today that well-known privacy expert Rebecca Richards will serve as the National Security Agency's new Civil Liberties and Privacy Officer. She most recently worked as the Senior Director for Privacy Compliance at the Department of Homeland Security.
  • Selected to lead the new NSA Civil Liberties and Privacy Office at the agency's Fort Meade headquarters, Ms. Richards' primary job will be to provide expert advice to the Director and oversight of NSA's civil liberties and privacy related activities. She will also develop measures to further strengthen NSA's privacy protections.
  • Paul Merrell on 06 Apr 14
     
    Softball Interview here. . I wasn't really expecting Obama to reach out to the ACLU and EFF for a good civil liberties lawyer recommendation, but this appointment is lame, the former Director of Privacy for Dept. of Homeland Security, those wonderful folk who keep the homeland safe from terra-ists. The airport gropers, secret no-fly listers, and masters of border protection, where all Constitutional privacy rights do not apply, per the Supreme Court., the coordinators of our glorious "fusion centers," the provisioners of funding for armored cars and surveillance equipment for local police, etc. A sample from her interview linked above that I transcribed (omitting all the umhs and ahs): "When you think about NSA, privacy there for them was privacy of its employees, about contractors, about the average person walking down the street - it was not as concentrated on, this is the big collection that we're getting through these means, and so what this job does is that it brings it up under direct reports to the director of NSA and it is just as a focal point, to bring all of those and -- I walked in the building and people were already asking questions so ..." Heaven help us; has this lassie's brain yet matured to the point of completing her first sentence? This is the lady who is going to keep Admiral Rogers on the straight and narrow path of respecting our civil liberties? I suspect not.  I may return to this inarticulate and non-assertive young lady in later posts. Let it suffice for now to observe that the Dept. of Homeland Security, whose raison d'etre is a virtually non-existent terrorist threat manufactured by the politics of fear, has not exactly been a champion of the People's civil liberties. Moreover, I've had recent occasion to dig rather deeply into exactly what it is that Privacy Officers do and don't do. Telling heads of agencies that they cannot lawfully do what they want to do is no
Paul Merrell

CISPA is back! - 0 views

www.faxbigbrother.com

surveillance state legislation CISA digital-privacy

shared by Paul Merrell on 28 Jul 15 - No Cached
  • OPERATION: Fax Big Brother Congress is rushing toward a vote on CISA, the worst spying bill yet. CISA would grant sweeping legal immunity to giant companies like Facebook and Google, allowing them to do almost anything they want with your data. In exchange, they'll share even more of your personal information with the government, all in the name of "cybersecurity." CISA won't stop hackers — Congress is stuck in 1984 and doesn't understand modern technology. So this week we're sending them thousands of faxes — technology that is hopefully old enough for them to understand. Stop CISA. Send a fax now!
  • (Any tweet w/ #faxbigbrother will get faxed too!) Your email is only shown in your fax to Congress. We won't add you to any mailing lists.
  • CISA: the dirty deal between government and corporate giants. It's the dirty deal that lets much of government from the NSA to local police get your private data from your favorite websites and lets them use it without due process. The government is proposing a massive bribe—they will give corporations immunity for breaking virtually any law if they do so while providing the NSA, DHS, DEA, and local police surveillance access to everyone's data in exchange for getting away with crimes, like fraud, money laundering, or illegal wiretapping. Specifically it incentivizes companies to automatically and simultaneously transfer your data to the DHS, NSA, FBI, and local police with all of your personally-indentifying information by giving companies legal immunity (notwithstanding any law), and on top of that, you can't use the Freedom of Information Act to find out what has been shared.
  • ...1 more annotation...
  • The NSA and members of Congress want to pass a "cybersecurity" bill so badly, they’re using the recent hack of the Office of Personnel Management as justification for bringing CISA back up and rushing it through. In reality, the OPM hack just shows that the government has not been a good steward of sensitive data and they need to institute real security measures to fix their problems. The truth is that CISA could not have prevented the OPM hack, and no Senator could explain how it could have. Congress and the NSA are using irrational hysteria to turn the Internet into a place where the government has overly broad, unchecked powers. Why Faxes? Since 2012, online and civil liberties groups and 30,000+ sites have driven more than 2.6 million emails and hundreds of thousands of calls, tweets and more to Congress opposing overly broad cybersecurity legislation. Congress has tried to pass CISA in one form or another 4 times, and they were beat back every time by people like you. It's clear Congress is completely out of touch with modern technology, so this week, as Congress rushes toward a vote on CISA, we are going to send them thousands of faxes, a technology from the 1980s that is hopefully antiquated enough for them to understand. Sending a fax is super easy — you can use this page to send a fax. Any tweet with the hashtag #faxbigbrother will get turned into a fax to Congress too, so what are you waiting for? Click here to send a fax now!
Paul Merrell

CISA Security Bill: An F for Security But an A+ for Spying | WIRED - 0 views

www.wired.com/...ty-bill-gets-f-security-spying

surveillance state legislation CISA

shared by Paul Merrell on 23 Mar 15 - No Cached
  • When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won’t actually boost security. And second, the “information sharing” it describes sounds more than ever like a backchannel for surveillance.
  • On Tuesday the bill’s authors released the full, updated text of the CISA legislation passed last week, and critics say the changes have done little to assuage their fears about wanton sharing of Americans’ private data. In fact, legal analysts say the changes actually widen the backdoor leading from private firms to intelligence agencies. “It’s a complete failure to strengthen the privacy protections of the bill,” says Robyn Greene, a policy lawyer for the Open Technology Institute, which joined a coalition of dozens of non-profits and cybersecurity experts criticizing the bill in an open letter earlier this month. “None of the [privacy-related] points we raised in our coalition letter to the committee was effectively addressed.” The central concern of that letter was how the same data sharing meant to bolster cybersecurity for companies and the government opens massive surveillance loopholes. The bill, as worded, lets a private company share with the Department of Homeland Security any information construed as a cybersecurity threat “notwithstanding any other provision of law.” That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence.
  • In a statement posted to his website yesterday, Senator Burr wrote that “Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes.” But in fact, the bill’s data sharing isn’t limited to cybersecurity “threat indicators”—warnings of incoming hacker attacks, which is the central data CISA is meant to disseminate among companies and three-letter agencies. OTI’s Greene says it also gives companies a mandate to share with the government any data related to imminent terrorist attacks, weapons of mass destruction, or even other information related to violent crimes like robbery and carjacking. 
  • ...2 more annotations...
  • The latest update to the bill tacks on yet another kind of information, anything related to impending “serious economic harm.” All of those vague terms, Greene argues, widen the pipe of data that companies can send the government, expanding CISA into a surveillance system for the intelligence community and domestic law enforcement. If information-sharing legislation does not include adequate privacy protections, then...It’s a surveillance bill by another name. Senator Ron Wyden
  • “CISA goes far beyond [cybersecurity], and permits law enforcement to use information it receives for investigations and prosecutions of a wide range of crimes involving any level of physical force,” reads the letter from the coalition opposing CISA. “The lack of use limitations creates yet another loophole for law enforcement to conduct backdoor searches on Americans—including searches of digital communications that would otherwise require law enforcement to obtain a warrant based on probable cause. This undermines Fourth Amendment protections and constitutional principles.”
  • Paul Merrell on 23 Mar 15
     
    I read the legislation. It's as bad for privacy as described in the aritcle. And its drafting is incredibly sloppy.
Paul Merrell

Hacker claims to have breached CIA director's personal email - 0 views

bigstory.ap.org/...d-cia-directors-personal-email

surveillance state CIA DHS email-hacks spying-on-spies

shared by Paul Merrell on 20 Oct 15 - No Cached
  • An anonymous hacker claims to have breached CIA Director John Brennan's personal email account and has posted documents online, including a list of email addresses purportedly from Brennan's contact file. The CIA said it referred the matter to the proper authorities, but would not comment further. The hacker spoke to the New York Post, which described him in an article published Sunday as "a stoner high school student," motivated by his opposition to U.S. foreign policy and support for Palestinians. His Twitter account, @phphax, includes links to files that he says are Brennan's contact list, a log of phone calls by then-CIA deputy director Avril Haines, and other documents.
  • The hacker also claimed to have breached a Comcast account belonging to Homeland Security Secretary Jeh Johnson, and released what appeared to be personal information. One document purporting to come from Brennan's AOL email account contains a spreadsheet of people, including senior intelligence officials, along with their Social Security numbers, although the hacker redacted the numbers in the version he posted on Twitter. It's unclear why Brennan would have stored such a document in his private email account. Based on the titles, the document appears to date from 2009 or before. When people visit the White House and other secure facilities, they are required to supply their Social Security numbers. Brennan could have been forwarding a list of invitees to the White House when he was President Barack Obama's counter terrorism adviser, the job he held before he became CIA director in 2013.
  • The hacker told the Post he had obtained a 47-page version of Brennan's application for a security clearance, known as an SF86. That document — millions of which were stolen from the federal personnel office last year by hackers linked to China — contains detailed information about past jobs, foreign contacts, finances and other sensitive personal details. No such document appears to be posted on the hacker's Twitter account, but it's not clear whether the hacker posted it elsewhere.
  • Paul Merrell on 20 Oct 15
     
    Got to love it. I can think of few people more deserving of getting their email accounts cracked.
1 - 9 of 9
Showing 20 items per page