Group items matching

in title, tags, annotations or url

Several pending bills would promote increased sharing of cybersecurity-related information — such as threat intelligence and system vulnerabilities — in order to combat the perceived rise in the frequency and intensity of cyber attacks against private and government entities. But such information sharing is easier said than done, according to a new report from the Congressional Research Service, because it involves a thicket of conflicting and perhaps incompatible laws and policy objectives. “The legal issues surrounding cybersecurity information sharing… are complex and have few certain resolutions.” A copy of the CRS report was obtained by Secrecy News. See Cybersecurity and Information Sharing: Legal Challenges and Solutions, March 16, 2015. Cyber information sharing takes at least three different forms: the release of cyber intelligence from government to the private sector, information sharing among private entities, and the transfer of threat information from private entities to government agencies.

“While collectively these three variants on the concept of cyber-information sharing have some commonalities, each also raises separate legal challenges that may impede cyber-intelligence dissemination more generally,” said the CRS report, which examines the legal ramifications of each category in turn. Among the concerns at issue are: the potential for liability associate with disclosure of cybersecurity information, inappropriate release of private information through open government laws, loss of intellectual property, and potential compromise of personal privacy rights. All of these create a legal morass that may be unreconcilable. “A fundamental question lawmakers may need to contemplate is how restrictions that require close government scrutiny and control over shared cyber-information can be squared with other goals of cyber-information sharing legislation, like requirements that received information be disseminated in an almost instantaneous fashion,” the CRS report said.

“Ultimately, because the goals of cyber-information legislation are often diametrically opposed, it may simply be impossible for information sharing legislation to simultaneously promote the rapid and robust collection and dissemination of cyber-intelligence by the federal government, while also ensuring that the government respects the property and privacy interests implicated by such information sharing,” the report said. Other new or newly updated CRS reports that Congress has withheld from public distribution include the following. Cybersecurity: Authoritative Reports and Resources, by Topic, March 13, 2015

Steven Salaita will not be reinstated under the terms of an out of court settlement with the University of Illinois. The deal will pay Salaita $875,000 – about ten times the annual salary he would have received as a tenured professor in the American Indian Studies program at the university’s flagship Urbana-Champaign campus. “This settlement is a vindication for me, but more importantly, it is a victory for academic freedom and the First Amendment,” Salaita said in a release from his legal counsel, the Center for Constitutional Rights and the law firm Loevy & Loevy. The settlement brings an end to Salaita’s breach of contract lawsuit against university trustees and administrators over his August 2014 firing because of his tweets excoriating Israel’s attack on Gaza. Salaita had sought reinstatement as well as financial damages.

The university statement said Salaita would receive a lump sum of $600,000, while the remaining amount would cover his legal fees.

Salaita’s case became a cause celebre for academic freedom, highlighting the role of pro-Israel donors in pressuring university administrators. Thousands of academics pledged to boycott the university until he was reinstated. The Salaita affair devastated and demoralized the university’s celebrated American Indian Studies program, leading to the departure of several faculty. His firing also earned the University of Illinois a formal censure from the American Association of University Professors for violating academic freedom, a rare rebuke and severe blow to its reputation.

When the National Security Agency’s bulk collection of records about Americans’ emails came to light in 2013, the government conceded the program’s existence but said it had shut down the effort in December 2011 for “operational and resource reasons.” While that particular secret program stopped, newly disclosed documents show that the N.S.A. had found a way to create a functional equivalent. The shift has permitted the agency to continue analyzing social links revealed by Americans’ email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.

The disclosure comes as a sister program that collects Americans’ phone records in bulk is set to end this month. Under a law enacted in June, known as the U.S.A. Freedom Act, the program will be replaced with a system in which the N.S.A. can still gain access to the data to hunt for associates of terrorism suspects, but the bulk logs will stay in the hands of phone companies.The newly disclosed information about the email records program is contained in a report by the N.S.A.’s inspector general that was obtained by The New York Times through a lawsuit under the Freedom of Information Act. One passage lists four reasons that the N.S.A. decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that “other authorities can satisfy certain foreign intelligence requirements” that the bulk email records program “had been designed to meet.”The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court. Because of the way the Internet operates, domestic data is often found on fiber optic cables abroad.

The N.S.A. had long barred analysts from using Americans’ data that had been swept up abroad, but in November 2010 it changed that rule, documents leaked by Edward J. Snowden have shown. The inspector general report cited that change to the N.S.A.’s internal procedures.The other replacement source for the data was collection under the FISA Amendments Act of 2008, which permits warrantless surveillance on domestic soil that targets specific noncitizens abroad, including their new or stored emails to or from Americans.“Thus,” the report said, these two sources “assist in the identification of terrorists communicating with individuals in the United States, which addresses one of the original reasons for establishing” the bulk email records program.

In New York City, the police now maintain an unknown number of military-grade vans outfitted with X-ray radiation, enabling cops to look through the walls of buildings or the sides of trucks. The technology was used in Afghanistan before being loosed on U.S. streets. Each X-ray van costs an estimated $729,000 to $825,000.The NYPD will not reveal when, where, or how often they are used.

Here are some specific questions that New York City refuses to answer:How is the NYPD ensuring that innocent New Yorkers are not subject to harmful X-ray radiation? How long is the NYPD keeping the images that it takes and who can look at them? Is the NYPD obtaining judicial authorization prior to taking images, and if so, what type of authorization? Is the technology funded by taxpayer money, and has the use of the vans justified the price tag? Those specifics are taken from a New York Civil Liberties Union court filing. The legal organization is seeking to assist a lawsuit filed by Pro Publica journalist Michael Grabell, who has been fighting New York City for answers about X-ray vans for 3 years.“ProPublica filed the request as part of its investigation into the proliferation of security equipment, including airport body scanners, that expose people to ionizing radiation, which can mutate DNA and increase the risk of cancer,” he explained. (For fear of a terrorist “dirty bomb,” America’s security apparatus is exposing its population to radiation as a matter of course.)

A state court has already ruled that the NYPD has to turn over policies, procedures, and training manuals that shape uses of X-rays; reports on past deployments; information on the costs of the X-ray devices and the number of vans purchased; and information on the health and safety effects of the technology. But New York City is fighting on appeal to suppress that information and more, as if it is some kind of spy agency rather than a municipal police department operating on domestic soil, ostensibly at the pleasure of city residents.Its insistence on extreme secrecy is part of an alarming trend. The people of New York City are effectively being denied the ability to decide how they want to be policed.

Hillary Clinton’s Benghazi testimony on Thursday certainly confirmed suspicions that she knew that the September 11, 2012 attack on the US Consulate was not a spontaneous protest by individuals enraged by an anti-Muslim video. Rather, as the emails she fought so fiercely to protect from public disclosure reveal, the attack was a pre-planned operation, involving fore- knowledge by the assailants of the whereabouts of Ambassador Christopher Stevens, among other details.

Clinton and the Obama Administration had attempted to place the blame for the attack, which resulted in the deaths of Ambassador Stevens and three other Americans, on an unplanned protest, a “spontaneous mob.” However, knowing that Clinton and other Administration officials lied extensively as to the genesis of the attack raises further questions. According to the Wall Street Journal, Clinton lied in order to “attempt to avoid blame for a terror attack in a presidential re-election year”  The WSJ article maintains that the House Select Committee on Benghazi, chaired by Representative Trey Gowdy, has ferreted out the deception. “What that House committee did Thursday was finally expose the initial deception,” writes WSJ reporter Kimberley Strassel.

It is known now, through the subsequent email and cable releases, that the responsibility for the attack was claimed by Ansar al Sharia, al Qaeda’s affiliate on the Arabian Peninsula. In an email to her daughter Chelsea, sent at 11:12 pm the night of the attack, Hillary Clinton wrote: “Two of our officers were killed in Benghazi by an Al Queda-like group.” Not by a spontaneous mob, protesting a YouTube video. But by a group which has already been exposed as having deep and covert ties to the United States intelligence agencies. Questions must be addressed as to why the Benghazi compound was not guarded. US Embassies abroad are known to be protected by an elite corps of US Marines. Known as the MSG (Marine Security Group), this elite group is pledged to protect US information and persons in Embassies and Consulates.