Draconian Cybersecurity Bills
Draconian Cybersecurity Bills
by Stephen Lendman
Bipartisan complicity's involved in hyping cyber threats. At issue is promoting draconian cybersecurity legislation.
Obama supports congressional effects. Internet freedom's at stake. So are other civil liberties.
On March 8, the Department of Homeland Security (DHS) conducted a mock New York cyber attack. At issue was gaining support for pending Senate legislation.
White House spokesperson Caitlin Hayden called the stunt a way to give "senators....an appreciation for new legislative authorities that would help the U.S. government prevent and more quickly respond to cyber attacks."
DHS Secretary Janet Napolitano said:
"The fact that we could be subject to a catastrophic attack under the right circumstances and we now know some of the things that would help us to protect against such an attack, that’s why it’s important now for the Congress to take this up."
Destroying a free and open Internet and other civil liberties is no way to do it. Power grab politics are in play. Major media scoundrels are silent.
The past decade witnessed a systematic war on freedom. It last vestiges are being attacked. Unless stopped, tyranny will gain full control. It practically has it now.
Bipartisan complicity's on board to seize it. So is Obama. Bad as things are now, the worst is yet to come.
In recent years, various cybersecurity bills were introduced. Recent House and Senate versions are the latest threat.
On November 30, 2011, HR 3523: Cyber Intelligence Sharing and Protection Act of 2011 was introduced. It's pending for further consideration. On February 14, a companion Senate version was offered - S. 2105: Cybersecurity Act of 2012. It also awaits further consideration.
The Electronic Frontier Foundation (EFF) said the House version gives "companies or the government free rein to bypass existing laws in order to monitor communications, filter content, or potentially even shut down access to online services for 'cybersecurity purposes.' "
Companies are urged to share information with each other and Washington. At issue is allegedly foiling potential cyber attacks. In fact, the bill attacks vital freedoms.
Claiming a possible cyber threat, the bill lets government and business bypass existing laws. They include prohibiting telecommunication companies from monitoring routine communications. The bill permit it as long as done in "good faith."
Likely abuse is obvious. For example, bill language says "cyber threat intelligence" and "cybersecurity purpose" mean "theft or misappropriation of private or government information, intellectual property, or personally identifiable information."
EFF calls it "a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property."
As a result, ISPs could block or prevent access to accounts accused of infringing, whether or not true. At risk are those providing vital suppressed information everyone has a right to know.
Already severely weakened, First Amendment freedoms could erode further or entirely disappear. Anything business or government finds offensive could be blocked from the public domain. Online information as we now know it could vanish.
Freedoms we take for granted are on the chopping block to eliminate. Passage of current House and Senate bills will be a giant step toward doing it. They provide powerful new repressive tools. Any site or blog could be called a "cyber threat."
Congress wants legislation passed this year. So does Obama. HR 3523 is one of the worst. The Senate version is almost as bad. Vague language is their common denominator.
For example, the Senate bill states:
"(C)ybersecurity threat” means any action that may result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information that is stored on, processed by, or transiting an information system."
A "cybersecurity threat indicator" is defined in hugely disjunctive vague scenarios. They include, for example, "a method of defeating a technical (or operational) control." Merely using "a proxy or anonymization service" to access sites could be called a "cybersecurity threat indicator."
So could using cryptography to protect personal communications or be able to access systems securely. Nearly anything could be misinterpreted as a threat.
Government and business could monitor online traffic and communications without Wiretap Act or other legal restrictions.
"Effectively, the broad definitions of threats could immunize a whole host of monitoring activities by a huge swath of different government and non-government actors."
In addition, S. 2105 and a newer March 1 S. 2151: SECURE IT bills let "private entities" operate "countermeasures." Vague language means those allowed are open to interpretation. Abuses are certain.
Acting with "defensive intent" can also be abused. As always, the devil's in the details and potential latitude within them. Most worrisome is government and business in bed against personal freedoms for greater control.
ISPs could block all traffic on certain ports or filter out what they don't want the public to know. Cryptographic protocols could also be crippled. The best defense is a strong offense, no matter how destructive to personal freedoms.
EFF calls potential abuses worrisome. It's not known what countermeasures would be used. Senate and House bills give no guidance. Government and business will decide on their own privately. Transparency won't exist.
Safeguarding civil liberties requires laws with "utmost specificity." Concrete, not vague, language is essential. Online freedom depends on it. Cybersecurity should protect everyone equally, not government and business alone.
A Final Comment
EFF raised four unanswered questions in both Senate bills and the House one:
(1) Who'll be in charge of cybersecurity?
HR 3523 has the military/intelligence community running it. Still another House bill (HR 3674 introduced last December) puts DHS in charge.
EFF calls civilian control essential. Without it, openness, transparency, and accountability would be entirely destroyed. It may be either way, depending on enacted language and how it's interpreted.
(2) What constitutes a cybersecurity threat?
House and Senate bills lack clear definitions. Potential harm is obvious. People adopting privacy and security measures EFF recommends, potentially could be treated like criminals.
"(L)legitimate security research would be targeted and security researchers could find themselves under perpetual scrutiny as potential "cybercriminals.' "
(3) What does "information sharing" mean?
House and Senate bills mandate it in some form. They also let government and business collude. Information sharing's urged, including private emails, web searches, GPS data, social networking, and other personal data.
Moreover, claiming cybersecurity threats immunizes abusers from civil or criminal liability. Information sharing, in fact, is a euphemism for surveillance and other countermeasures like filtering content, blocking access to web sites, or shutting them down.
(4) Will an eventual cybersecurity law enhance or harm security?
Benefits are possible if everyone's protected equally with no personal freedoms infringed. Proposed House and Senate bills erode or entirely destroy them.
Measures improving online security are laudable. Major operating systems are vulnerable, as are various types of commercial software. Nothing is fail-safe, but better encryption, more secure protocols, and better authentication methods could improve things.
House and Senate bills fall short. "Instead of creating incentives for better defensive Internet security, the proposed bills take an offensive posture: more monitoring, more surveillance, and more disclosure of your private information."
Instead of improving online safety, user privacy and security more than ever will be comprised en route to destroying them altogether and a free and open Internet along with it. The stakes are that great.
Stephen Lendman lives in Chicago and can be reached at firstname.lastname@example.org.
Also visit his blog site at sjlendman.blogspot.com and listen to cutting-edge discussions with distinguished guests on the Progressive Radio News Hour on the Progressive Radio Network Thursdays at 10AM US Central time and Saturdays and Sundays at noon. All programs are archived for easy listening.