By Jaime Ortega.
Private information computer image
One of the prime tasks of our generation is to set forth new laws that can allow cybersecurity and privacy rights to work together in perfect harmony.
During the Boston Marathon massacre and conveniently under the media radar, a legislation bill passed that could have profound implications for U.S. citizens.
The piece of legislation proposed could be far more controversial than the U.S. PATRIOT Act. Introduced by the Senate, and signed into law by President George W. Bush on October 26, 2001. The title of the Act stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act.
The PATRIOT ACT is a law used by the Government to fight terrorism threats inside the U.S. But over the decade, the controversial nature of the bill has prevailed latent, as said back in 2007 by Suzanne Spaulding, Fmr. CIA Senior Attorney, “It is inevitable that totally innocent Americans are going to be affected by these programs.”
The National Security Agency has increased its operations inside the U.S. in cooperation with many quasi-private security companies like AEGIS, Sierra GK, Control Risks Group, Stratfor and InfraGard, to expand ‘information awareness’ operations regarding national security within the U.S.
William Weaver, a Fmr. NSA Analyst said, “The average person doesn’t have a concept of the massive capability that is available to the National Security Agency.”
“Forget about the idea of the guy with the earphones on, listening to something. That’s not what happens.” Weaver said. “You know, the calls are being sucked up by the millions. And not just the calls — you’re engaged with data mining.”
Opposite to the nature of ‘data mining’ which clearly violates the 4th Amendment of the U.S. Constitution, could cybersecurity just be a good excuse to invade your personal information?
U.S. Internet security experts believe “almost all” powerful institutions in the Nation’s Capital have been penetrated by Chinese “cyber-spies” despite persistent denials by China about such activity.
“I’ve yet to come across a network that hasn’t been breached,” said Shawn Henry, former head of cybersecurity for the FBI and president of another security company, CrowdStrike Services. “It’s like having an invisible man in your room, going through your filing cabinets.”
“The dark secret is there is no such thing as a secure unclassified network,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies. This is one of the most prominent Washington think-tanks and according to the report has also been hacked in the past.
It’s not just corporations and governments being targeted by foreign intelligence spies, but also higher education institutions.
In a February interview Frank Figliuzzi, Federal Bureau of Investigation assistant director for Counterintelligence stated in the Bureau’s Washington headquarters, “We have intelligence and cases indicating that U.S. universities are indeed a target of foreign intelligence services.”
To confirm the problematic nature of cybersecurity and spying, about a month ago another case of dangerous information sharing was silently overlooked by most media networks.
Benjamin Bishop, 59, was arrested on charges that he communicated U.S. National security secrets to a 27-year-old woman, a citizen of the People’s Republic of China. The charges against Mr. Bishop come against the backdrop of deepening, and increasingly public, U.S. suspicions directed toward China’s government over its knowledge of, or participation in, cyber attacks against the U.S. and American businesses. According to U.S. officials cybersecurity was a topic of discussion in Beijing between U.S. Treasury Secretary Jack Lew and China’s new president, Xi Jinping. Over the past six years cybersecurity programs have increased to counterbalance the rapid growth of internet utilities to ploy alongside other controversial bills like the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, (PIPA), introduced unsuccessfully to the Senate on 2012.
Earlier this month, the House of Representatives passed the Cyber Intelligence Sharing and Protection Act, known as CISPA, in a 288-127 vote. The bill would give businesses and the federal government legal protection to share information on cyber threats with each other to enhance the nation’s cybersecurity.
House Intelligence Committee Chairman Rep. Mike Rogers (R-Mich.) and the committee’s ranking member Rep. C.A. Dutch Ruppersberger (D-Md.) said that they believe that the nation’s cyber defenses would be best improved through legislation, not White House executive order, and that’s the reason they want to try a second time to get their bill through both houses of Congress.
The bill failed last year in part because it faced strong opposition from civil liberties groups on the grounds that it did not carry strong enough privacy measures.
Noting the high cost of cyber attacks to the U.S. economy and to national security, stronger measures are needed to “enable American companies to defend themselves against these devastating cyberattacks,” Ruppersberger said. “Our bill does just that by permitting the voluntary sharing of critical threat intelligence while preserving important civil liberties.”
“American businesses are under siege,” Rogers said. “We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats. It is time to stop admiring this problem and deal with it immediately. Congress urgently needs to pass our cyber threat information sharing bill to protect our national security, our economy and U.S. jobs.”
But some experts disagree. Joel Dubin, CISSP, an independent computer security consultant specializing in Web and application security is worried about the potential threats involved with granting access to a third-party provider. “Giving any third-party provider access to your company’s systems is a security risk,” Dubin said. ”Even if there’s no malicious intent, or the access is provided for a legitimate business purpose, it should be strictly controlled, if not prohibited.” Dubin says that granting system access to an outsider lowers your security level to that of the external provider. “If they have feeble controls, they become the weakest link in your security chain,” Dublin said. “If a hacker compromises their system, he or she can use that as a backdoor into your network. In parallel, as their risk increases, so does yours.” Key lawmakers suggested that the controversial CISPA, will soon die in the U.S. Senate — just like last year. And so it did. Sen. Jay Rockefeller (D-W.V.) who is chairman of the Senate Commerce Committee stated he believes “that information sharing is a key component of cybersecurity legislation, but the Senate will not take up CISPA.” But even though the bill was not passed in legislature, it’s not the end of the controversy. In her statement to Computerworld, Chair of the Senate Intelligence Committee, Senator Dianne Feinstein (D-CA) stated, “We are currently drafting a bipartisan information sharing bill and will proceed as soon as we come to an agreement.” It was thought from a financial view that powerful corporations would support a radical change on cybersecurity laws, because it affected their Business Cycle on the market. But CEO’s supporting the bill have clockwise reasons as presented in the letters below, sent to the House of Representatives back in 2011. Peter M. Cleveland, Vice President of Intel, sent a letter to Chairman Rogers that read, “Our companies are in the forefront of efforts to improve cybersecurity.” “We also understand that governments, business and consumers are facing a cybersecurity threat landscape that has changed fundamentally over this same period,” Cleveland said. In the letter, Cleveland admits the bill would break the constitutional law of privacy. “Countering these increasingly sophisticated threats to networks, intellectual property and privacy requires breaking down the legal and policy barriers that currently impede the sharing of actionable threat information.” But one of the reasons the bill failed to convince the senate was that the cost was too high for lobbyists to pass the bill. According to data from the Sunlight Foundation, “It was an expensive win.” CISPA allies have spent $605 million lobbying for the bill since 2011. A list below, of some of the companies trying to push congress to pass the bill, with rank and expenditure. For more information visit: https://data.sunlightlabs.com/dataset/CISPA-Proponents/p8gn-c3hr
US Chamber of Commerce
$162,800,000
AT&T Inc
$34,260,000
Comcast Corp
$31,880,000
National Cable & Telecommunications Assn
$31,540,000
Boeing Co
$27,910,000
Verizon Communications
$27,705,000
Edison Electric Institute
$22,450,790
Financial Services Roundtable
$13,740,000
US Telecom
$10,640,000
Airlines for America
$9,570,000
Securities Industry & Financial Mkt Assn
$9,410,000
Canadian Electricity Assn
$215,000
Ciena Corp
$210,000
Juniper Networks
$200,000
Technet
$150,000
GridWise Alliance
$100,000
As the analysis of Sunlight Labs demonstrates, pro-CISPA groups spent 140 times as much lobbying Congress as those on the other side of the debate. Furthermore, they have dozens of former Capitol Hill insiders working on their behalf, .
It is curious to note that corporations like Intel that support the bill want to work on behalf of consumers and government to regulate the web from cyber attacks. But back in the 2008 financial bailout, Craig Barrett, chairman of chipmaker Intel was not optimistic when he dropped into Reuters offices in London. “I don’t know what regulation we’ll get but the issue is that people just got over-heated and over-excited and it’s really tough for the government to come in and slap you around and say it’s illegal to get over-heated and excited,” he said. Barrett angered by the proposition of Government intervention Ironically said, “That’s trying to regulate greed and stupidity, which are are two tough things to regulate.” Hypocritical point by Barrett, if one considers he was afraid the government would step in to regulate Intel at a time when regulation against corporate fraud was most needed. So it deems likewise stupid, that Intel wants to regulate the internet because of cybersecurity concerns. The Daily Journalist would also like to include an important point not covered by most media networks that could spark some interest to the reader.
Its interesting to note that Rogers’ wife, Kristi Clemens Rogers, was, until recently, the president and CEO of Aegis LLC, a “security” defense contractor company, whom she helped to secure a $10 billion (with a b) contract with the State Department.
The company describes itself as “a leading private security company, provides government and corporate clients with a full spectrum of intelligence-led, culturally-sensitive security solutions to operational and development challenges around the world.”
It raises questions as to whether Kristi influenced Chairman Rogers to pass the controversial bill in the House of Representatives considering her past with AEGIS.
Rogers accidentally tweeted what he earned from lobbying groups backing his campaign, “House Intelligence Committee received 15 times more from pro-CISPA groups than anti-Cispa orgs.”
Cybersecurity goes beyond consumerism and foreign intelligence, and there should be concerns in connection with a few US corporations, spying on the home front, that might provide vital data to other countries for the sake of profiting. Verint, a leading manufacturer of surveillance technologies, is headquartered in Melville, N.Y., in a small cluster of nondescript buildings that also includes the office of a multinational cosmetics supplier and some electronics companies. Verint sells some of the world’s most sophisticated eavesdropping equipment, creating a line of spy tools designed to help governments and intelligence agencies snoop on communications across an entire country. Verint sells what it calls “monitoring centers” that “enable the interception, monitoring, and analysis of target and mass communications over virtually any network.” These systems are designed to be integrated within a country’s communications infrastructure and are currently used in more than 75 nations. The technology Verint designs is tailored to intercept the phone calls and emails of millions of everyday citizens and store them on vast databases for later analysis. Verint boasts in its marketing materials that its “Vantage” monitoring center enables “nationwide mass interception” and “efficiently collects, analyzes, and exposes threats from billions of communications.” Verint, as other US corporations that work side-by-side with foreign intelligence agencies should be more transparent with the public. They should allow lawyers from the outide to check their books, open records and see private transactions according to the Freedom of Information Act (FOIA); just as CISPA requires citizens to provide their passwords to other corporations for cybersecurity purposes. To share sensitive user information legally, to businesses, is only another way to spy on citizens via opening the front door, instead of the garage door. Despite CISPA’s failure in congress the US already is the most spied upon country in the world
Wall Street Journal reporter Julia Angwin (who’s been one of the best at covering the surveillance state of the US) made a simple observation that puts much of this into context when she said, “the US surveillance regime has more data on the average American than the Stasi ever did on East Germans.”
Civil right groups and privacy advocates fear CISPA would allow government agencies to monitor the activities of ordinary Internet users under the pretext of cybersecurity. The information being gathered could then be used by the military to study civilian behavior.
One of CISPA’s controversial laws is the Civilian Control of Domestic Cyber Programs that allows for pet-corporations to share sensitive information from its users with other corporations, government, and intelligence programs to protect the critical-infrastructure.
One can be certain that sooner or later another controversial bill related to privacy will sprang out from the wallets of lobbyists on Capitol Hill.
