Draconian Cybersecurity Bills

Draconian Cybersecurity Bills

by Stephen Lendman

Bipartisan complicity’s involved in hyping cyber threats. At issue
is promoting draconian cybersecurity legislation.

Obama supports congressional effects. Internet freedom’s at stake.
So are other civil liberties.

On March 8, the Department of Homeland Security (DHS) conducted a
mock New York cyber attack. At issue was gaining support for pending
Senate legislation.

White House spokesperson Caitlin Hayden called the stunt a way to
give “senators….an appreciation for new legislative authorities that
would help the U.S. government prevent and more quickly respond to
cyber attacks.”

DHS Secretary Janet Napolitano said:

“The fact that we could be subject to a catastrophic attack under
the right circumstances and we now know some of the things that would
help us to protect against such an attack, that’s why it’s important
now for the Congress to take this up.”

Destroying a free and open Internet and other civil liberties is no
way to do it. Power grab politics are in play. Major media scoundrels
are silent.

The past decade witnessed a systematic war on freedom. It last
vestiges are being attacked. Unless stopped, tyranny will gain full
control. It practically has it now.

Bipartisan complicity’s on board to seize it. So is Obama. Bad as
things are now, the worst is yet to come.

In recent years, various cybersecurity bills were introduced. Recent
House and Senate versions are the latest threat.

On November 30, 2011, HR 3523: Cyber Intelligence Sharing and
Protection Act of 2011 was introduced. It’s pending for further
consideration. On February 14, a companion Senate version was offered –
S. 2105: Cybersecurity Act of 2012. It also awaits further
consideration.

The Electronic Frontier Foundation (EFF) said the House version
gives “companies or the government free rein to bypass existing laws in
order to monitor communications, filter content, or potentially even
shut down access to online services for ‘cybersecurity purposes.’ “

Companies are urged to share information with each other and
Washington. At issue is allegedly foiling potential cyber attacks. In
fact, the bill attacks vital freedoms.

Claiming a possible cyber threat, the bill lets government and
business bypass existing laws. They include prohibiting
telecommunication companies from monitoring routine communications. The
bill permit it as long as done in “good faith.”

Likely abuse is obvious. For example, bill language says “cyber
threat intelligence” and “cybersecurity purpose” mean “theft or
misappropriation of private or government information, intellectual
property, or personally identifiable information.”

EFF calls it “a little piece of SOPA wrapped up in a bill that’s
supposedly designed to facilitate detection of and defense against
cybersecurity threats. The language is so vague that an ISP could use
it to monitor communications of subscribers for potential infringement
of intellectual property.”

As a result, ISPs could block or prevent access to accounts accused
of infringing, whether or not true. At risk are those providing vital
suppressed information everyone has a right to know.

Already severely weakened, First Amendment freedoms could erode
further or entirely disappear. Anything business or government finds
offensive could be blocked from the public domain. Online information
as we now know it could vanish.

Freedoms we take for granted are on the chopping block to eliminate.
Passage of current House and Senate bills will be a giant step toward
doing it. They provide powerful new repressive tools. Any site or blog
could be called a “cyber threat.”

Congress wants legislation passed this year. So does Obama. HR 3523
is one of the worst. The Senate version is almost as bad. Vague
language is their common denominator.

For example, the Senate bill states:

“(C)ybersecurity threat” means any action that may result in
unauthorized access to, exfiltration of, manipulation of, or impairment
to the integrity, confidentiality, or availability of an information
system or information that is stored on, processed by, or transiting an
information system.”

A “cybersecurity threat indicator” is defined in hugely disjunctive
vague scenarios. They include, for example, “a method of defeating a
technical (or operational) control.” Merely using “a proxy or
anonymization service” to access sites could be called a “cybersecurity
threat indicator.”

So could using cryptography to protect personal communications or be
able to access systems securely. Nearly anything could be
misinterpreted as a threat.

Government and business could monitor online traffic and
communications without Wiretap Act or other legal restrictions.

“Effectively, the broad definitions of threats could immunize a
whole host of monitoring activities by a huge swath of different
government and non-government actors.”

In addition, S. 2105 and a newer March 1 S. 2151: SECURE IT bills
let “private entities” operate “countermeasures.” Vague language means
those allowed are open to interpretation. Abuses are certain.

Acting with “defensive intent” can also be abused. As always, the
devil’s in the details and potential latitude within them. Most
worrisome is government and business in bed against personal freedoms
for greater control.

ISPs could block all traffic on certain ports or filter out what
they don’t want the public to know. Cryptographic protocols could also
be crippled. The best defense is a strong offense, no matter how
destructive to personal freedoms.

EFF calls potential abuses worrisome. It’s not known what
countermeasures would be used. Senate and House bills give no guidance.
Government and business will decide on their own privately.
Transparency won’t exist.

Safeguarding civil liberties requires laws with “utmost
specificity.” Concrete, not vague, language is essential. Online
freedom depends on it. Cybersecurity should protect everyone equally,
not government and business alone.

A Final Comment

EFF raised four unanswered questions in both Senate bills and the
House one:

(1) Who’ll be in charge of cybersecurity?

HR 3523 has the military/intelligence community running it. Still
another House bill (HR 3674 introduced last December) puts DHS in
charge.

EFF calls civilian control essential. Without it, openness,
transparency, and accountability would be entirely destroyed. It may be
either way, depending on enacted language and how it’s interpreted.

(2) What constitutes a cybersecurity threat?

House and Senate bills lack clear definitions. Potential harm is
obvious. People adopting privacy and security measures EFF recommends,
potentially could be treated like criminals.

“(L)legitimate security research would be targeted and security
researchers could find themselves under perpetual scrutiny as potential
“cybercriminals.’ “

(3) What does “information sharing” mean?

House and Senate bills mandate it in some form. They also let
government and business collude. Information sharing’s urged, including
private emails, web searches, GPS data, social networking, and other
personal data.

Moreover, claiming cybersecurity threats immunizes abusers from
civil or criminal liability. Information sharing, in fact, is a
euphemism for surveillance and other countermeasures like filtering
content, blocking access to web sites, or shutting them down.

(4) Will an eventual cybersecurity law enhance or harm security?

Benefits are possible if everyone’s protected equally with no
personal freedoms infringed. Proposed House and Senate bills erode or
entirely destroy them.

Measures improving online security are laudable. Major operating
systems are vulnerable, as are various types of commercial software.
Nothing is fail-safe, but better encryption, more secure protocols, and
better authentication methods could improve things.

House and Senate bills fall short. “Instead of creating incentives
for better defensive Internet security, the proposed bills take an
offensive posture: more monitoring, more surveillance, and more
disclosure of your private information.”

Instead of improving online safety, user privacy and security more
than ever will be comprised en route to destroying them altogether and
a free and open Internet along with it. The stakes are that great.

Stephen Lendman lives in Chicago and can be reached at
lendmanstephen@sbcglobal.net.

Also visit his blog site at sjlendman.blogspot.com and listen to
cutting-edge discussions with distinguished guests on the Progressive
Radio News Hour on the Progressive Radio Network Thursdays at 10AM US
Central time and Saturdays and Sundays at noon. All programs are
archived for easy listening.

http://www.progressiveradionetwork.com/the-progressive-news-hour/.

Bookmark the permalink.

Leave a Reply