The Stop Online Piracy Act led to the voluntary blackouts of websites like Reddit and Wikipedia, while the Cyber Intelligence Sharing and Protection Act gained President Obama’s promise of a veto.

The Cybersecurity Act of 2012 was originally introduced into the Senate on Feb. 12, “To enhance the security and resiliency of the cyber and communications infrastructure of the United States.” On July 19, Senators Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine) reintroduced a revised version of the legislation for consideration in the Senate, expected to reach the floor sometime this week.

The revised bill has been praised for addressing privacy concerns raised by the American Civil Liberties Union and the Center for Democracy and Technology, such as the bill’s provisions that ensure information is passed onto civilian government agencies instead of military agencies. It also allows individuals to pursue litigation if the use of their information violates the law, a notably absent provision in CISPA.

The legislation also incorporates narrowed language regarding its provisions to create a National Cybersecurity Council from existing members of the Departments of Defense, Justice and Commerce in collaboration with members of the intelligence community and federal agencies. Authors of the bill also included a new section on “incentivizing the adoption of voluntary cybersecurity practices” by providing protection for “owners of critical infrastructure” who meet the standards of cybersecurity practices, as determined by the Council.

Unlike previous pieces of legislation geared towards cybersecurity, CSA has the White House’s approval. In a July 19 op-ed published in the Wall Street Journal, President Obama urged the U.S. Congress to pass the Act, citing a serious need for comprehensive cybersecurity legislation to avoid being compromised.

“It doesn’t take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home,” Mr. Obama wrote. “This is the future we have to avoid.”

However, organizations like the Heritage Foundation and the Electronic Frontier Foundation still have reservations about the bill’s language regarding monitoring and countermeasures. The EFF raises concerns that, “the bill specifically authorizes companies to use cybersecurity as an excuse for engaging in nearly unlimited monitoring of user data,” which the organization finds especially broad and susceptible to administrative abuse.

Similarly, the Heritage Foundation finds the revised legislation still provides, “far too great an intrusive federal role in defining cybersecurity standards.” Instead, Heritage calls for the legislation to prohibit, “any effort to create a new regulatory system for cybersecurity.”

With the bill reaching the Senate floor this week, the amendments in place may or may not remain in their current form, but will hopefully fulfill Mr. Obama’s words:

“It’s time to strengthen our defenses against growing danger.”

The article Cybersecurity Act of 2012: Revised and Revealed appeared first on The Toonari Post - News, Powered by the People!.

On April 26, Propublica reported on the Cyber Intelligence Sharing and Protection Act, or CISPA, and the debate it has inspired about the privacy of your Internet data and security. The underlying bill allows Internet providers, software companies and other private firms to share information about “cybersecurity” with the federal government — and protects them from legal liability.

The bill’s sponsors touted a handful of amendments they said addressed privacy and civil liberties concerns, but privacy activists say the amendments still don’t go far enough. The House had been set to vote on the bill today but instead passed it Thursday night, 248-168, with some changes:

How “cyber threat” information can be used: Rep. Ben Quayle, R-Ariz., proposed an amendment that limits the use of shared cyber threat information to five purposes: protecting cybersecurity, investigating cybersecurity crimes, protecting people from death or injury, protecting minors from harm, and protecting U.S. national security.

What kind of information can be shared: An amendment by Rep. Bob Goodlatte, R-Va., specifies the kind of information that can be shared, saying it must be “directly pertaining to” a threat, vulnerability, attack or unauthorized access. It also makes clear that violating a website’s terms of service — that’s the form on which you check “agree” when registering at a site like Facebook or Gmail — doesn’t constitute a cyber threat.

A second look: An amendment proposed by Rep. Mick Mulvaney, R-S.C., states that five years after the bill is enacted, Congress would have to re-examine and reauthorize it, providing an opportunity to address changes in technology or unintended consequences.

Addressing civil liberties: An amendment proposed by Mulvaney and Rep. Norman Dicks, D-Wash., says that in sharing information, the federal government should take “reasonable efforts” to limit the impact on privacy and civil liberties, consistent with the need to protect cyber threats.

Personal records: Put forth by Rep. Justin Amash, R-Mich., the amendment says the government can’t make use of educational, medical, firearms or tax return records that it receives from private companies through CISPA.

Why privacy activists are unhappy

The American Civil Liberties Union, the Electronic Frontier Foundation and other pro-privacy groups continue to argue that the bill would enable commercial interests and intelligence agencies to misuse personal information under the guise of preventing cybercrimes. The pro-privacy groups say the amendments represent an improvement but don’t offer sufficient safeguards. CISPA allows private companies to hand information directly to military and intelligence agencies, such as the National Security Agency.

Privacy activists backed amendments by Democrats to give the Department of Homeland Security authority to devise privacy protections. None made it to the floor in the GOP-controlled House.

Under the amended bill, shared information can be used for the protection of national security, not just cybersecurity. Some opponents say this is too broad and fear it would be easy for the government to justify collecting private data even when unrelated to hacking or Internet security.

What’s next 

CISPA faces a hard road in the Democrat-controlled Senate, where it must duke it out with cybersecurity bills backed by Sen. Joe Lieberman, I-Conn., and Sen. John McCain, R-Ariz. The White House said this week that advisers would recommend that President Obama veto CISPA if it ever reaches his desk.

by Megha Rajagopalan, ProPublica, April 27, 2012, 4:37 p.m.

The article In the Evening Hours, CISPA Gets Some New Features appeared first on The Toonari Post - News, Powered by the People!.

Thursday, April 26, the House of Representative approved the Cyber Intelligence Sharing and Protection Act (CISPA) on a bipartisan vote by a margin of 248 to 168, despite the threat of a possible veto by President Obama.

The Cyber Intelligence Sharing and Protection Act would allow the government to access web users’ private data and to pass on information to commercial companies on suspicion of cyber attacks and hacker threats, and it would allow also the companies to share their users’ information with the government and security agencies to ensure the networks’ security.

The Obama Administration strongly opposes the measure and it says the law repeals “important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality and civil liberties safeguards.”

In a statement on Wednesday, the White House has also threatened to veto the House bill.  “[CISPA] would allow broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information,” reads the statement. “The broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation’s economic, national security, and public safety interests.”

Instead of putting private information and cybersecurity in the hands of military and intelligence agencies, the White House would prefer a Senate measure to give the “central role” to the Department of Homeland Security, which is a civilian agency.

Despite the opposition of the Administration, the bill passed with some amendments to the original that moderate its effects and limit the government’s use of threat information to specific purposes such as the protection of individuals from death or serious bodily harm investigation and the prosecution of cybersecurity crimes; protection of minors from exploitation; and the protection of national security.

Advocacy groups, CISPA opponent coalitions and lawmakers strongly condemned the passage of the bill, arguing that these amendments are not enough to assure users’ privacy protection.

“CISPA goes too far for little reason,” said ACLU legislative counsel Michelle Richardson. “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.”

“In an effort to foster information sharing, this bill would erode the privacy protections of every single American using the Internet. It would create a “Wild West” of information sharing,” said Rep. Bennie Thompson of Mississippi.

CISPA was introduced by Republican Rep. Mike Rogers in November 2011 and it is supported by more than 800 private companies. Among those include Facebook, Microsoft, AT&T, Intel, IBM and Verizon.

“We can’t stand by and do nothing as US companies are hemorrhaging from the cyber looting coming from nation states like China and Russia,” said Rep. Mike Rogers. “America will be a little safer and our economy better protected from foreign cyber predators with this legislation.” “There is no government surveillance, none, not any in this bill,” he argued referring to the legislation.

Over the last weeks, activist groups and organizations like Avaaz.org, American Civil Liberties Union (ACLU), Reporters Without Borders, the Electronic Frontier Foundation, strongly criticized CISPA and launched campaigns to turn the spotlight on the internet privacy right issues tied to it.

In a video released on April 27, titled “Operation Defense. Phase II,” the famous hacker group ‘Anonymous’ called on American CISPA opponents to take the battle to the street and organize local protests at the offices of the companies that support the bill between May and June.

“Remember, you have a right to protest if you care about your freedom of speech, your right to privacy and your government censoring you. This is your time to act now. We will defend our home. Operation Defense phase two engaged. We are Anonymous. We are legion. We do not forgive. We do not forget. Supporters of CISPA, you should have expected us,” the video statement concludes.

After SOPA, CISPA is the new battle for the internet, but what will be the next? 

The article CISPA: The New Battle for the Internet appeared first on The Toonari Post - News, Powered by the People!.