The hackers who stole
information from
76 million households and 7 million businesses aren’t the only
ones exploiting people in the JP Morgan Chase security breach.
Politicians are, too.
Sen. Angus King (I-Maine), who sits on the Senate Intelligence
Committee, issued a
statement pushing for some government action:
This terrible news only further underscores the urgent need for
Congress to pass comprehensive cyber security legislation. …
Congress must work to pass legislation that will improve our
capabilities and protect us against more attacks like these. The
next Pearl Harbor will be cyber, and shame on us if we’re not
prepared for it. We have a bi-partisan bill teed up in the Senate
and I’d like to see it move before the end of the year.
That bill is the
Cybersecurity Information Sharing Act (CISA).
Earllier this year, a broad coalition of about two dozen
organizations, including the National Coalition Against Censorship
and the National Whistleblower Center,
signed a letter to congressional leaders earlier this year
explaining why this bill has little to do with cybersecurity and
more to do with prosecuting whistleblowers, curtailing people’s
online privacy, and making government less transparent.
The Electronic Frontier Foundation
notes that this is just latest iteration of unpopular
“cybersecurity” bills (like CISPA and SOPA) that lawmakers have
been pushing for the last four years, and points out some serious
problems:
The bill authorizes companies to launch countermeasures for a
“cybersecurity purpose” against a “cybersecurity threat.”
“Cybersecurity purpose” is so broadly defined that it means
almost anything related to protecting (including physically
protecting) an information system, which can be a computer or
software. The same goes for a “cybersecurity threat,” which
includes anything that “may result” in an unauthorized effort to
impact the availability of the information system. Combined, the
two definitions could be read by companies to permit attacks on
machines that unwittingly contribute to network congestion. The
countermeasures clause will increasingly militarize the Internet—a
prospect that may appeal to some “active defense” (a.k.a.
offensive) cybersecurity companies, but does not favor
the everyday user.Second, the bill adds a new authority for companies to monitor
information systems to protect an entity’s rights or property. Here
again, the broad definitions could be used in conjunction with the
monitoring clause to spy on users engaged in potentially innocuous
activity. Once collected, companies can then share the information,
which is also called “cyber threat indicators,” freely with
government agencies like the NSA.
The American Civil Liberties Union
adds that CISA would esentially “circumvent the warrant
requirement [of the Fourth Amendment] by allowing the government to
approach companies directly to collect personal information.”
[Hat tip:
Techdirt, Mike Masnick]
from Hit & Run http://ift.tt/1utANhk
via IFTTT