cybersecurity

Companies working with the NSA could get blanket immunity

National Security Agency HQ

The common American might be at a much more vulnerable spot now that Gen. Keith Alexander, the head of the NSA, asked lawmakers for more authority in order to offer liability immunity to companies working closely with the National Security Agency in digital defense programs.

The change in law would allow for mistakes to go unaccounted for in case a company hits the wrong target while attempting to block the home base of a suspicious or seemingly threatening source. While this change in the law seems harmless to some, it could offer protection to companies that act on behalf of the agency, and leave innocent consumers without any access to legal recourse.

Congress was left with the duty of rethinking how private companies are held liable. According to POLITICO, a White House official assured that the Obama administration would be willing to accept a change in the law in order to maintain a company protected while participating in defensive countermeasures online. The source remained anonymous.

While many companies still fight to protect their reputation after news regarding the National Security Agency’s surveillance programs broke, the increased immunity would strip a firm’s only incentive to resist government pressure: its good name.

While certain companies still take their consumers’ privacy into consideration, some fear losing their strong presence in the market, which is why they might be welcoming to the change in the law. Some companies may see this as an opportunity to have their assets protected by avoiding being hit with lawsuits over possible target errors.

Soviet Cybersecurity, Part II

Written by Jim Harper, Director of Information Policy Studies at the Cato Institute. Posted with permission from Cato @ Liberty.

A year ago, almost to the day, I blogged about a legislative package on cybersecurity being proposed in the Senate. “Soviet-Style Cybersecurity,” I called it, because of the “centralizing and deadening effect” it would have on the many and varied efforts to respond to the many problems lumped together as “cybersecurity.” President Obama’s new executive order, titled “Improving Critical Infrastructure Cybersecurity,” has similar, if slightly more sinister, qualities.

To understand my thinking in this area, you must first understand the concepts in a superlative law review article I first read when I was doing oversight of the regulatory process as a congressional staffer. “Administrative Arm-Twisting in the Shadows of Congressional Delegations of Authority” is by University of Flordia law professor Lars Noah. In it, he described the administrative practice of imposing sanctions or withholding benefits in order to elicit “voluntary compliance” from regulated entities. The upshot? There is no “voluntary” when businesses are repeat players or under ongoing supervision of an agency.

The cybersecurity executive order has arm-twisting all over it.

Virginia man’s personal information allegedly stolen after using Healthcare.gov

Rich Guillory

Cybersecurity experts and congressional Republicans have warned that Healthcare.gov could be a security risk for users, but the White House and administration officials have dismissed those concerns. Now, a Virginia man is wondering why he’s getting phone calls from solicitors after using the federal Obamacare exchange.

In a story aired by this week by WVEC, a Norfolk-based television station, Rich Guillory said the strange phone calls started the day after he signed up for a health plan on Healthcare.gov. After several calls, all of which were solicitations related to health insurance, he finally phoned one of the numbers back.

“A lady answered the call and said ‘I don’t know what you’re talking about,’” Guillory told WVEC. He tried another number and got the same line from the person on the other end of the call.

On the third try, Guillory says, the person on the other end hung up. He alleges that the calls are related to his visit to Healthcare.gov. “Has to be,” he said. “There’s no other way for those people to have known that I was looking for insurance.”

CISPA making a comeback…again

The Cyber Intelligence Sharing and Protection Act (CISPA) could soon be coming back up in Congress thanks to efforts by Sens. Dianne Feinstein (D-CA) and Saxby Chambliss (R-GA).

After quite speculation at the end of last monthMother Jones reported on Monday that Feinstein confirmed that she and Chambliss were working to revive the measure, which is sure to get under the craw of Internet activists and civil liberties groups.

“I am working with Senator Saxby Chambliss (R-Ga.) on bipartisan legislation to facilitate the sharing of cyber related information among companies and with the government and to provide protection from liability,” Feinstein told Mother Jones. “The legislation will…still maintain necessary privacy protections.”

This is the second attempt this year to move CISPA through Congress. The House of Representatives passed CISPA back in April, over a veto threat from the White House due to a lack of privacy protections. The Senate, however, shelved the measure shortly thereafter.

Outside Contractors May Have Influenced NSA, Lobbyists Won’t Talk

K Street

K Street lobbyists may have a thing or two to teach us about bipartisanship.

Recent reports concerning the latest NSA scandals suggest major super-computer makers, defense contractors and telecommunication companies are big on landing a hand to any member of the political class from both sides of the aisle, so long as they are ready to push for legislation outlined to promote the use of their services. We might not want to blame the companies for using the tools available to attempt to create an artificial increase in demand for their services, but we can blame the government for encouraging the push.

The Hill has announced recently that defense giants Northrop Grumman Corp., Raytheon Co. and General Dynamics have contacted the National Security Agency in the last quarter. While representatives for the firms declined to comment on what was found on the record, experts claim that lobbyists were simply following the money.

Critics are quick to point out that nobody has come out publicly to state just how much money is in play at the NSA. This piece of information could be crucial in light of claims linking lobbyists for major defense contractors and the NSA. In the recent past, General Dynamics lobbied on “funding and issues related to Intelligence Classified Annex for Fiscal Year 2013.” According to official numbers disclosed by OpenSecrets.org, General Dynamics alone spent over $22 million with lobbying efforts in past couple of years.

The Senate Shelves CISPA

CISPA

Nearly a week after the House of Representatives overwhelmingly passed the controversial legislation, it appears that the Cyber Intelligence Sharing and Protection Act — commonly known as CISPA — has been shelved, at least for now. Citing Internet privacy concerns, the Senate will not take up the bill, but will instead work on new legislation that addresses cyber attacks on the United States:

The Senate will not vote on a cybersecurity bill that passed the House earlier this month, according to two Senate staffers, dealing a blow to a measure that sparked opposition from privacy advocates and the White House.
[…]
Sen. Jay Rockefeller (D-W.V.), who is chairman of the Senate Commerce Committee, “believes that information sharing is a key component of cybersecurity legislation, but the Senate will not take up CISPA,” a committee staffer told HuffPost.

A staffer for the Senate Intelligence Committee said the committee also is working on an information-sharing bill and will not take up CISPA.

“We are currently drafting a bipartisan information sharing bill and will proceed as soon as we come to an agreement,” Sen. Dianne Feinstein (D-Calif.), chairwoman of the Senate Intelligence Committee, said in a statement Thursday.

The White House had already issued a veto threat on CISPA, citing privacy concerns, as ironic as that sounds given some of the things this administration has pushed. This is also quite similar to what happened last year when the House passed CISPA and it was killed by the Senate.

CISPA Passes the House

CISPA

Despite a veto threat from the White House, the House of Representatives overwhelmingly passed the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that puts Internet privacy at risk:

The Cyber Intelligence Sharing and Protection Act (CISPA), H.R. 624, was approved in a 288-127 vote despite ongoing fears from some lawmakers and privacy advocates that the measure could give the government access to private information about consumers.

Ninety-two Democrats voted with Republicans in favor of the bill and just 29 Republicans opposed it. The bill secured enough votes to override a veto.

That’s greater support than last year, when a similar bill passed 248-168 with the support of 42 Democrats. Twenty-eight Republicans opposed that bill.

Click here to see how the representatives from your state voted.

While most agree that more needs to be done to protect the United States from hackers and other cyber threat, it needs to be done in a way that ensures Internet privacy. The bill, as currently, simply doesn’t go far enough to that end. The Electronic Frontier Foundation (EFF) recently noted that CISPA gives immunity to companies that improperly share data with the government.

White House Issues Veto Threat Over CISPA

CISPA

It looks like President Barack Obama may finally come down on the right side of an issue. According to a statement released yesterday from the White House, President Obama has issued a veto threat over H.R. 624 — the Cyber Intelligence Sharing and Protection Act, which is more commonly known as CISPA.

“The Administration recognizes and appreciates that the House Permanent Select Committee on Intelligence (HPSCI) adopted several amendments to H.R. 624 in an effort to incorporate the Administration’s important substantive concerns,” read the statement from the White House. “However, the Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill.”

The “improvements” mentioned in the statement are the need for greater privacy protections than the bill currently provides for Internet users.

“H.R. 624 appropriately requires the Federal Government to protect privacy when handling cybersecurity information,” noted the statement. “Importantly, the Committee removed the broad national security exemption, which significantly weakened the restrictions on how this information could be used by the government.”

House to Vote on CISPA

CISPA

Nearly two months have passed since President Barack Obama signed an executive order dealing with cybersecurity. This move reignited the debate over CISPA, controversial legislation that has some very severe implications for Internet privacy.

Yesterday, the House Intelligence Committee approved CISPA, paving a path for a final vote in the House some time next week:

The House Intelligence Committee passed a controversial cybersecurity bill on an 18-2 vote Wednesday.

The Cyber Intelligence Sharing and Protection Act, known as CISPA, is expected to be voted on in the House next week with a set of other cybersecurity-focused bills.

House Intelligence Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.), the authors of the bill, expressed optimism that Wednesday’s markup vote signaled they have enough momentum to pass CISPA through the House, as it did last year.

While threats to infrastructure are very serious and should be addressed, Congress should be working for ways to protect Internet privacy and due process. That clearly has not been done with previous or current versions of CISPA. In fact, Declan McCullagh noted yesterday that amendments that were offered in committee that would have protected privacy were overwhelmingly voted down.

Obama set to bring back CISPA via executive fiat

cyber security

Don’t look now, folks, but the Cyber Intelligence Sharing and Protection Act (CISPA) is making a comeback thanks to President Barack Obama.

Between the end of 2011 and early 2012, online activists were able to raise a firestorm over legislation — Stop Online Piracy Act (SOPA), PROTECT IP Act (PIPA), and CISPA — that would have severely diminished Internet privacy. Thanks to the outcry, all three bills eventually died.

According to a report yesterday from The Hill, President Obama will on Wednesday sign an executive order — completely bypassing Congress, which is becoming an all too familar pattern with this White House — that will implement cybersecurity measures from against attack on the United States:

The White House is poised to release an executive order aimed at thwarting cyberattacks against critical infrastructure on Wednesday, two people familiar with the matter told The Hill.

The highly anticipated directive from President Obama is expected to be released at a briefing Wednesday morning at the U.S. Department of Commerce, where senior administration officials will provide an update about cybersecurity policy.

The executive order would establish a voluntary program in which companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government.

 


The views and opinions expressed by individual authors are not necessarily those of other authors, advertisers, developers or editors at United Liberty.