SoylentNews is people
SoylentNews
[...] Cybersecurity Information Sharing Act, or CISA, is an out and out surveillance bill masquerading as a cybersecurity bill. It won't stop hackers. Instead, it essentially legalizes all forms of government and corporate spying.
Here's how it works. Companies would be given new authority to monitor their users -- on their own systems as well as those of any other entity -- and then, in order to get immunity from virtually all existing surveillance laws, they would be encouraged to share vaguely defined "cyber threat indicators" with the government. This could be anything from email content, to passwords, IP addresses, or personal information associated with an account. The language of the bill is written to encourage companies to share liberally and include as many personal details as possible.
That information could then be used to further exploit a loophole in surveillance laws that gives the government legal authority for their holy grail -- "upstream" collection of domestic data directly from the cables and switches that make up the Internet.
[...] CISA would create a huge expansion of the "backdoor" search capabilities that the government uses to skirt the 4th Amendment and spy on Internet users without warrants and with virtually no oversight.
All of this information can be passed around the government and handed down to local law enforcement to be used in investigations that have nothing to do with cyber crime, without requiring them to ever pull a warrant. So CISA would give law enforcement a ton of new data with which to prosecute you for virtually any crime while simultaneously protecting the corporations that share the data from prosecution for any crimes possibly related to it.
Will CISA be used against the guilty, or the innocent?
(Score: 3, Interesting) by mendax on Thursday July 30 2015, @11:58PM
It's probably time to avoid Gmail and other U.S.-based e-mail services, or for that matter any U.S.-based services. I use Hushmail for my important e-mail and I like its ability to send encrypted e-mail to non-encrypted email boxes. The company is based in Canada, which would not exactly protect me from any unholy U.S. search warrant because of the court reciprocity agreements between the U.S. and Canada, but it does protect me from the CISA program, at least for the present.
But I think CISA is a great opportunity for someone to provide truly secure e-mail services, unlike Hushmail which can read your encrypted e-mail if it wants to. Hmmm...... time to start thinking. Of course, this service could not operate in the U.S. It would be litigated to death by the government.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 5, Interesting) by kurenai.tsubasa on Friday July 31 2015, @12:36AM
Yes, and we all saw what happened to Lavabit on top of this all.
Perhaps we need some kind of easy-deployment package, something like this: Fire up a VM instance with a clean hosting provider (I'd like to think my Linode instance is clean, but one can never be too sure these days with USA hosted services), install this version of Slackware, Gentoo, or FreeBSD (fsck systemd), then run this script and input the domain name and what you want your username to be. Then it configures the MX records, Postfix, and maybe SquirrelMail all on its own with appropriate plugins for SMTP+TLS and GnuPG.
I've often wished that KMail from KDE 3.5 would have become popular. That client had excellent and very user-friendly GnuPG and S/MIME support. It actually explained to one in plain English what it meant when one received a mail from an unknown key and gave reasonable options to either reject it or recognize it as legitimate.
Switching gears, this is clearly in violation of the 4th Amendment to the USA Constitution, and if I'm not mistaken, the declaration of rights in the constitution traces back in history to the Virginia constitution and has further roots in enlightenment philosophy, although out of scope of the Magna Carta. A warrantless search?! The redcoats are coming!
(On a completely unrelated note, just because I've chosen to drink tonight some wine from the distant lands of Leelanaw, MI that's fairly strong (good terrior, those Michigan wines!), I can't keep help but to wonder. Is Lex Luthor's line from the Batman v Superman trailer, “The redcapes are coming! The redcapes are coming!” meant to commercialize and satirize that night a couple centuries ago when one light meant by land and two by sea?)
Except here's the big problem with my original idea. How the heck do we get the average person to care about encryption? Microsoft's Outlook has never had good support for S/MIME, and they've pretty much said fsck you to GnuPG. Yet, that's what everyone uses. That doesn't even solve the problem of ensuring the headers will be encrypted with SMTP+TLS during transmission and not stored (intercepted) by relaying servers. As we know, the “metadata” are just as useful, if not moreso, than the actual mail contents.
To frame this in a market context, when a one is shopping for an email provider, shouldn't one be concerned that it supports proper SMTP+TLS. When one is shopping for an email reader, shouldn't one be concerned that it supports GnuPG or S/MIME in a user-friendly manner? How do we make these market priorities, so one would call a potential provider and ask, “Do you have a proper SMTP+TLS capabilities” or call an email client vendor and ask, “Is your GnuPG interface easy to use?” Well, ok, nobody calls anybody anymore except idiots that still use answering services, but you get my drift. How can we make it a market competition point to offer secure email?
(Score: 2) by hemocyanin on Friday July 31 2015, @02:05AM
Sadly, but probably not under current interpretations of the 4th where a third party is involved (the three parties are you, the Feds, and some random business/doctor/person/whatever): https://en.wikipedia.org/wiki/Third-party_doctrine [wikipedia.org]
At this point, there are only two ways we could get our privacy rights back. One would be a constitutional amendment expressly stating that information stored or gathered by third parties is subject to 4th Amendment protections, or a Supreme Court ruling overturning precedent that has consistently expanded the 3d Party Doctrine since the 60s. Good luck with that. Might as well go outside and start flapping your arms in a mars bid.
Sotomeyer did have an interesting and somewhat hopeful comment in a recent case, which I'm happy to see has made it into the wikipedia document, but I figure her words are the token we get to support a belief that there is actually some hope, when in fact there is none:
(Score: 3, Interesting) by mhajicek on Friday July 31 2015, @04:34AM
Encryption may not be the only way to fight back. I bet a few knowledgeable people could poison the metadata by adding bogus traffic.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2, Interesting) by Anonymous Coward on Friday July 31 2015, @08:49AM
DOS It!
(Score: 1, Touché) by Anonymous Coward on Friday July 31 2015, @04:39PM
WINDOWS it!
(Score: 1) by AnonymousCowardNoMore on Friday July 31 2015, @03:45PM
I disagree. Your Dear Leaders are collecting data in case they ever need to put you away for something "evil". You are presumed guilty based on having any suspicious traffic, not based on the percentage of your traffic that is suspicious. Put simply, bogus traffic gives the old cardinal another six lines if he wants to find something to hang you by and has no real impact if he doesn't.
(Score: 2) by mhajicek on Tuesday August 04 2015, @02:06AM
Hence Windows 10.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 4, Informative) by Kromagv0 on Friday July 31 2015, @01:55PM
Sadly, but probably not under current interpretations of the 4th where a third party is involved (the three parties are you, the Feds, and some random business/doctor/person/whatever): https://en.wikipedia.org/wiki/Third-party_doctrine [wikipedia.org]
Which is one of the worst parts of USA FREEDOM act. All of the data that the NSA had been collecting illegally that the act specifically states is illegal is now to be kept by a 3rd party so now all that is needed is for the government to simply ask maybe with a stern letter and it will be handed over all completely legal. My 2 stupid senators (Amy Klobuchar and Al Franken) as well as my hawkish congressman (John Kline) all voted for it. Kline was even proud that he sponsored the bill but at least had the willingness to respond to my letter, Klobuchar and Franken won't even bother responding. Kline at least is open about his support and is probably a true believe that it will make everyone safer.
T-Shirts and bumper stickers [zazzle.com] to offend someone
(Score: 2) by hemocyanin on Friday July 31 2015, @06:28PM
Exactly, and it doesn't even need to be stern. The whole point of the 3d Party Doctrine is to obviate the need for a warrant.
(Score: 2) by Kromagv0 on Monday August 03 2015, @11:50AM
I did say maybe with a stern letter as some businesses have in the past said no, but I do fully expect most to just hand it over at the drop of a hat.
T-Shirts and bumper stickers [zazzle.com] to offend someone
(Score: 2) by curunir_wolf on Friday July 31 2015, @04:27PM
I am a crackpot
(Score: 0) by Anonymous Coward on Saturday August 01 2015, @03:29AM
WhatsApp is proprietary so I don't recommend that. But Signal is Free Software.
(Score: 1, Troll) by CyprusBlue on Friday July 31 2015, @01:46AM
You should realize that this is some guy's crazy rant and wild speculation, and not any actual thing.
(Score: 3, Informative) by hemocyanin on Friday July 31 2015, @02:14AM
What is a crazy rant? CISA is all the evil it is cracked up to be:
http://gizmodo.com/cisa-bill-promises-safety-but-actually-expands-governm-1692675523 [gizmodo.com]
https://firstlook.org/theintercept/2015/04/01/nsa-corporate-america-push-broad-cyber-surveillance-legislation/ [firstlook.org]
https://sunlightfoundation.com/blog/2015/07/28/cisa-is-bad-for-accountability-and-transparency-and-it-must-be-stopped/ [sunlightfoundation.com]
http://www.washingtonpost.com/news/powerpost/wp/2015/07/30/wyden-internet-privacy-guru-pushes-back-on-cyber-intel-bills/ [washingtonpost.com]
(Score: 3, Insightful) by mendax on Friday July 31 2015, @07:05AM
Maybe, but I have no doubt that many of the suits in Congress, in the three-letter agencies, and in law enforcement want this kind of thing and they will try to do whatever it takes to get it. The stuff Edward Snowden made public only showed what the government wants. They just went about getting it the wrong way.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 0) by Anonymous Coward on Friday July 31 2015, @01:40PM
Completely encrypted mail already exists (plaintext only ever exists in your browser in your machine's RAM so even if the provider is strong-armed it is literally impossible for them to hand over your un-encrypted data). It's called Protonmail (www.protonmail.ch) and is Based in Switzerland and => non-US (and non-EU). It's entirely free, although they can't keep up with demand so you'll have to wait a number of weeks for your account after you request it. Protonmail to protonmail is encrypted seamlessly by default. With one click of a mouse you can encrypt mails to non-protonmail addresses, but then you'll obviously have to share the password with the recipient via some other channel.
(Score: 2) by Yog-Yogguth on Tuesday August 04 2015, @01:23AM
https://tutanota.com [tutanota.com] might be an alternative or additional choice.
German, Gratis, GPL, encrypted locally, browser based/webmail, however I don't think they send encrypted to outside destinations (one could encrypt the message oneself though like copypasta GPG-encrypted message content). They don't have your password (so if you forget you lose everything) which if I remember correctly is validated locally (a salted hash perhaps?) and functions as part of your key or something like that, I'm iffy on the details because I've forgotten and not had time to look more at it.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))