CISPA tramples on privacy rights with no benefits to network security

valessiobrito_Plate_Computer_PrivacyAs I mentioned yesterday, this week is a Week of Action Opposing CISPA. CISPA attacks privacy and civil liberties, which of course makes it very bad from a liberty-loving perspective. To make matters even worse, CISPA provides no actual benefits.

The purpose of CISPA according to the HR-624 website is:

…simply provides narrow authority to share anonymous cyber threat information between the government and the private
sector so they can protect their networks and their customers’ private information.

That sounds well and good. However the bill allows unprecedented access to private information by the government. This is done by having companies share data ‘voluntarily’ (with no say from the actual customers). It is easy to imagine the DHS asking companies to ‘voluntarily’ provide data at any time in the name of cyber-security. Of course the term cyber-security itself is very vague.

But going back to the authors statement. At face value it seems logical that government and private sector organizations sharing information would make our networks safer. Think again. I’ve worked in the networking field (including security) for over 20 years and I can say with the greatest amount of confidence that simply sharing data will do nothing to make networks safer. The authors of this bill have fallen victim to some common misconceptions about network security:

Misconception 1: All network are the same.

Network and data infrastructures for large organizations are like snowflakes: no two are alike. There are similarities that most share, however a nearly unlimited amount of hardware, software, and configuration differences make it nearly impossible to have a single monitoring point (which is where CISPA is headed). Do we really want the bureaucrats at the DHS making decisions about people’s private data based upon the assumption that they can understand all networks?

Misconception 2: Vulnerability data is not shared.

Just because the government is not in charge of sharing vulnerability data does not mean it doesn’t get shared. Typically when a cyber-attack occurs a Network Security expert or experts are brought in. These experts will work with the vendors for any network security devices or software being used. In turn these vendors will release information relating to the vulnerabilities encountered. Also they will find ways to make their product prevent such attacks in the future. The system doesn’t always work this way, but for the most part it works quite well. Adding a government bureaucratic layer to this would lengthen the response time of security vendors.

Misconception 3: The network is the problem in cyber-security.

The network is not, nor has it ever been, the greatest threat for ‘cyber-security’. The greatest threat always has been and will likely remain to be the ‘human element’. Bad security policies coupled with uneducated network users is the greatest threat to network security. It doesn’t matter how hardened a network security infrastructure is if the users (including IT) do not follow security best practices. Bills such as CISPA takes focus away from the root cause of most network security issues. By focusing network security professionals upon pointless ‘voluntary information sharing’ they will lose sight of end-user education and network improvement.

There are many more misconceptions I could list. But I feel these three are enough to show how this bill has not been well thought out. Maybe they should have included more network security and privacy security professionals in the conversation when the bill was being drafted.

With the bill being based upon so many misconceptions it is hard to imagine why anyone would support giving up privacy rights so it can be passed. Simply put: this bill takes away fourth amendment and privacy rights without actually providing a tangible benefit. That sure doesn’t sound like good legislation to me.

Time to fight CISPA again!

Member of The Internet Defense LeagueThis post is in support of a Week of Action Opposing CISPA

In February of this year Representative Rogers (R-MI) and Representative Ruppersberger (D-MD) introduced the Cyber Intelligence Sharing and Protection Act of 2013 (HR-624). This is an updated version of CISPA that died in the Senate last year (twice). The new version of this bill is just as bad (if not worse) than the original. Here are a few reasons for any liberty-minded individual to fight against this bill:

  • Privacy laws would be completely bypassed by the government and corporations in the name of ‘cyber-security’. 
  • Companies could (and will) provide customers private data (including communications ) to government agencies with legal immunity from any privacy issues that arise.
  • Not only are “cyber-security” communications and data freely available to government agencies, but anything deemed as important for “national security” falls within the realm of CISPA. Basically any data the government wants it can have at any time for any reason.
  • The whole warrant process is bypassed by this bill. In fact this bill could very well end the need of many government agencies to comply with that pesky 4th Amendment.
  • Any information gathered by means of CISPA is not available via a Freedom of Information Act (FOIA) request. There is no transparency in the program!

Last year President Obama promised to block CISPA if it reached his desk. I’m not sure whether he will do so this year. His Cybersecurity Executive Order released in February of this year is similar to CISPA (without most of the privacy concerns). Obama may in fact back this bill just to give the appearance of caring about national security.

There are many more reasons to fight against CISPA. The Electronic Frontier Foundation (EFF) has a lot of good information about CISPA and what can be to fight this anti-freedom legislation.

Sen Rand Paul standing up for Civil Liberties with filibuster

podiumAs I write this post Rand Paul is almost 9 hours into his filibuster against John Brennan’s nomination as CIA director. It is being aired on CSPAN2 (he is still being aired live as I write this post). While Rand has said many things during his time up front during the filibuster I think his statement below is the most important made by Sen. Paul:

“When I asked the president, can you kill an American on American soil, it should have been an easy answer. It’s an easy question. It should have been a resounding, an unequivocal, ‘No.’ The president’s response? He hasn’t killed anyone yet. We’re supposed to be comforted by that?”

This filibuster is NOT about holding up the nomination that will likely go through anyhow. Instead the filibuster is about the Senator using a tool available for him to highlight an overreach of power by the executive branch. It also increases Rand’s support from liberty minded individuals; as opposed to political opportunists who instead have chosen to act like minuscule sequesters are destroying the country.

 

Even Democrats are dropping support for Obamacare

The Kaiser Family Foundation has released its February 2013 Public Opinion on Health Care Issues (PDF). This report focuses mostly around gun control and mental health issues. As part of this the Kaiser Family Foundation have provided updated polling results for the support of ACA (Obamacare).

First lets look at overall support for Obamacare categorized by: Favorable, Unfavorable, and Don’t Know/Refused.

obamacaresupport

As you can see for the last couple years unfavorable has generally done better than favorable. Around election time (Obama campaign) support spiked above the non-support a couple times. However now those that do not support Obamacare definitely outnumber those that support Obamacare. It is also worth noting that those who don’t know or refuse to answer has risen sharply. I personally believe this is a sign that Americans are waking up and realizing there is too much bad information coming at them from the mainstream media.

Now lets look at a partisan comparison of support for Obamacare. This graph shows support for Obamacare broke down into three categories: Democrats, Independents, and Republicans.

obamacaredemsupport

According to this poll support for Obamacare from Democrats is currently at 57%; its lowest point since Democrat all time low support in the fall of 2011. Also notice that Independent support for Obamacare is at 32%, barely beating the all-time low support from Independents a little over a year ago.

Hopefully the above trends continue (as I believe it will). More people are starting to realize that Obamacare is bad for the economy, the health-care system, the poor, the middle class, and civil liberties. About the only winners in Obamacare are special interests that have bought off their big government elected officials.