[...] Cybersecurity Information Sharing Act, or CISA, is an out and out surveillance bill masquerading as a cybersecurity bill. It won't stop hackers. Instead, it essentially legalizes all forms of government and corporate spying.
Here's how it works. Companies would be given new authority to monitor their users -- on their own systems as well as those of any other entity -- and then, in order to get immunity from virtually all existing surveillance laws, they would be encouraged to share vaguely defined "cyber threat indicators" with the government. This could be anything from email content, to passwords, IP addresses, or personal information associated with an account. The language of the bill is written to encourage companies to share liberally and include as many personal details as possible.
That information could then be used to further exploit a loophole in surveillance laws that gives the government legal authority for their holy grail -- "upstream" collection of domestic data directly from the cables and switches that make up the Internet.
[...] CISA would create a huge expansion of the "backdoor" search capabilities that the government uses to skirt the 4th Amendment and spy on Internet users without warrants and with virtually no oversight.
All of this information can be passed around the government and handed down to local law enforcement to be used in investigations that have nothing to do with cyber crime, without requiring them to ever pull a warrant. So CISA would give law enforcement a ton of new data with which to prosecute you for virtually any crime while simultaneously protecting the corporations that share the data from prosecution for any crimes possibly related to it.
Will CISA be used against the guilty, or the innocent?
(Score: 5, Insightful) by Spook brat on Thursday July 30 2015, @11:43PM
Will CISA be used against the guilty, or the innocent?
Yes. Probably both, given recent behavior.
Travel the galaxy! Meet fascinating life forms... And kill them [schlockmercenary.com]
(Score: 2, Insightful) by unzombied on Friday July 31 2015, @04:10AM
When in a position of sufficient power, the guilty are who you say they are. As are the innocent. With CISA "evidence," or lack thereof, to prove it.
(Score: 1) by redneckmother on Friday July 31 2015, @01:13PM
"Long hair, short hair... what the hell's the difference once the head's blowed off?"
National Lampoon, Lemmings album.
Mas cerveza por favor.
(Score: 0) by Anonymous Coward on Friday July 31 2015, @06:17PM
Everyone is guilty of breaking several laws every day, so its a pointless question. Whether the laws they're breaking should be laws is another matter.
(Score: 2) by Gaaark on Thursday July 30 2015, @11:43PM
I just can't WAIT until Harper brings this to Canada.
Now to decide who's the best option to vote for to get Harper out.
Go Liberal, NDP, or vote green again and 'waste' my vote......
If only the Rhino party was still around, lol!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Touché) by davester666 on Friday July 31 2015, @06:28AM
It probably was in our last budget. I don't think anyone who started reading it when it was published is finished yet.
(Score: 0) by Anonymous Coward on Friday July 31 2015, @07:06AM
The neorhino party is around. They are trying to run a lot of candidates this election due to some kind of anniversary.
I recommend the Pirate Party myself.
Registered (Canadian) Political Parties and Parties Eligible for Registration [elections.ca]
(Score: 5, Insightful) by stormwyrm on Thursday July 30 2015, @11:55PM
Numquam ponenda est pluralitas sine necessitate.
(Score: 3, Interesting) by mendax on Thursday July 30 2015, @11:58PM
It's probably time to avoid Gmail and other U.S.-based e-mail services, or for that matter any U.S.-based services. I use Hushmail for my important e-mail and I like its ability to send encrypted e-mail to non-encrypted email boxes. The company is based in Canada, which would not exactly protect me from any unholy U.S. search warrant because of the court reciprocity agreements between the U.S. and Canada, but it does protect me from the CISA program, at least for the present.
But I think CISA is a great opportunity for someone to provide truly secure e-mail services, unlike Hushmail which can read your encrypted e-mail if it wants to. Hmmm...... time to start thinking. Of course, this service could not operate in the U.S. It would be litigated to death by the government.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 5, Interesting) by kurenai.tsubasa on Friday July 31 2015, @12:36AM
Yes, and we all saw what happened to Lavabit on top of this all.
Perhaps we need some kind of easy-deployment package, something like this: Fire up a VM instance with a clean hosting provider (I'd like to think my Linode instance is clean, but one can never be too sure these days with USA hosted services), install this version of Slackware, Gentoo, or FreeBSD (fsck systemd), then run this script and input the domain name and what you want your username to be. Then it configures the MX records, Postfix, and maybe SquirrelMail all on its own with appropriate plugins for SMTP+TLS and GnuPG.
I've often wished that KMail from KDE 3.5 would have become popular. That client had excellent and very user-friendly GnuPG and S/MIME support. It actually explained to one in plain English what it meant when one received a mail from an unknown key and gave reasonable options to either reject it or recognize it as legitimate.
Switching gears, this is clearly in violation of the 4th Amendment to the USA Constitution, and if I'm not mistaken, the declaration of rights in the constitution traces back in history to the Virginia constitution and has further roots in enlightenment philosophy, although out of scope of the Magna Carta. A warrantless search?! The redcoats are coming!
(On a completely unrelated note, just because I've chosen to drink tonight some wine from the distant lands of Leelanaw, MI that's fairly strong (good terrior, those Michigan wines!), I can't keep help but to wonder. Is Lex Luthor's line from the Batman v Superman trailer, “The redcapes are coming! The redcapes are coming!” meant to commercialize and satirize that night a couple centuries ago when one light meant by land and two by sea?)
Except here's the big problem with my original idea. How the heck do we get the average person to care about encryption? Microsoft's Outlook has never had good support for S/MIME, and they've pretty much said fsck you to GnuPG. Yet, that's what everyone uses. That doesn't even solve the problem of ensuring the headers will be encrypted with SMTP+TLS during transmission and not stored (intercepted) by relaying servers. As we know, the “metadata” are just as useful, if not moreso, than the actual mail contents.
To frame this in a market context, when a one is shopping for an email provider, shouldn't one be concerned that it supports proper SMTP+TLS. When one is shopping for an email reader, shouldn't one be concerned that it supports GnuPG or S/MIME in a user-friendly manner? How do we make these market priorities, so one would call a potential provider and ask, “Do you have a proper SMTP+TLS capabilities” or call an email client vendor and ask, “Is your GnuPG interface easy to use?” Well, ok, nobody calls anybody anymore except idiots that still use answering services, but you get my drift. How can we make it a market competition point to offer secure email?
(Score: 2) by hemocyanin on Friday July 31 2015, @02:05AM
Sadly, but probably not under current interpretations of the 4th where a third party is involved (the three parties are you, the Feds, and some random business/doctor/person/whatever): https://en.wikipedia.org/wiki/Third-party_doctrine [wikipedia.org]
At this point, there are only two ways we could get our privacy rights back. One would be a constitutional amendment expressly stating that information stored or gathered by third parties is subject to 4th Amendment protections, or a Supreme Court ruling overturning precedent that has consistently expanded the 3d Party Doctrine since the 60s. Good luck with that. Might as well go outside and start flapping your arms in a mars bid.
Sotomeyer did have an interesting and somewhat hopeful comment in a recent case, which I'm happy to see has made it into the wikipedia document, but I figure her words are the token we get to support a belief that there is actually some hope, when in fact there is none:
(Score: 3, Interesting) by mhajicek on Friday July 31 2015, @04:34AM
Encryption may not be the only way to fight back. I bet a few knowledgeable people could poison the metadata by adding bogus traffic.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2, Interesting) by Anonymous Coward on Friday July 31 2015, @08:49AM
DOS It!
(Score: 1, Touché) by Anonymous Coward on Friday July 31 2015, @04:39PM
WINDOWS it!
(Score: 1) by AnonymousCowardNoMore on Friday July 31 2015, @03:45PM
I disagree. Your Dear Leaders are collecting data in case they ever need to put you away for something "evil". You are presumed guilty based on having any suspicious traffic, not based on the percentage of your traffic that is suspicious. Put simply, bogus traffic gives the old cardinal another six lines if he wants to find something to hang you by and has no real impact if he doesn't.
(Score: 2) by mhajicek on Tuesday August 04 2015, @02:06AM
Hence Windows 10.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 4, Informative) by Kromagv0 on Friday July 31 2015, @01:55PM
Sadly, but probably not under current interpretations of the 4th where a third party is involved (the three parties are you, the Feds, and some random business/doctor/person/whatever): https://en.wikipedia.org/wiki/Third-party_doctrine [wikipedia.org]
Which is one of the worst parts of USA FREEDOM act. All of the data that the NSA had been collecting illegally that the act specifically states is illegal is now to be kept by a 3rd party so now all that is needed is for the government to simply ask maybe with a stern letter and it will be handed over all completely legal. My 2 stupid senators (Amy Klobuchar and Al Franken) as well as my hawkish congressman (John Kline) all voted for it. Kline was even proud that he sponsored the bill but at least had the willingness to respond to my letter, Klobuchar and Franken won't even bother responding. Kline at least is open about his support and is probably a true believe that it will make everyone safer.
T-Shirts and bumper stickers [zazzle.com] to offend someone
(Score: 2) by hemocyanin on Friday July 31 2015, @06:28PM
Exactly, and it doesn't even need to be stern. The whole point of the 3d Party Doctrine is to obviate the need for a warrant.
(Score: 2) by Kromagv0 on Monday August 03 2015, @11:50AM
I did say maybe with a stern letter as some businesses have in the past said no, but I do fully expect most to just hand it over at the drop of a hat.
T-Shirts and bumper stickers [zazzle.com] to offend someone
(Score: 2) by curunir_wolf on Friday July 31 2015, @04:27PM
I am a crackpot
(Score: 0) by Anonymous Coward on Saturday August 01 2015, @03:29AM
WhatsApp is proprietary so I don't recommend that. But Signal is Free Software.
(Score: 1, Troll) by CyprusBlue on Friday July 31 2015, @01:46AM
You should realize that this is some guy's crazy rant and wild speculation, and not any actual thing.
(Score: 3, Informative) by hemocyanin on Friday July 31 2015, @02:14AM
What is a crazy rant? CISA is all the evil it is cracked up to be:
http://gizmodo.com/cisa-bill-promises-safety-but-actually-expands-governm-1692675523 [gizmodo.com]
https://firstlook.org/theintercept/2015/04/01/nsa-corporate-america-push-broad-cyber-surveillance-legislation/ [firstlook.org]
https://sunlightfoundation.com/blog/2015/07/28/cisa-is-bad-for-accountability-and-transparency-and-it-must-be-stopped/ [sunlightfoundation.com]
http://www.washingtonpost.com/news/powerpost/wp/2015/07/30/wyden-internet-privacy-guru-pushes-back-on-cyber-intel-bills/ [washingtonpost.com]
(Score: 3, Insightful) by mendax on Friday July 31 2015, @07:05AM
Maybe, but I have no doubt that many of the suits in Congress, in the three-letter agencies, and in law enforcement want this kind of thing and they will try to do whatever it takes to get it. The stuff Edward Snowden made public only showed what the government wants. They just went about getting it the wrong way.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 0) by Anonymous Coward on Friday July 31 2015, @01:40PM
Completely encrypted mail already exists (plaintext only ever exists in your browser in your machine's RAM so even if the provider is strong-armed it is literally impossible for them to hand over your un-encrypted data). It's called Protonmail (www.protonmail.ch) and is Based in Switzerland and => non-US (and non-EU). It's entirely free, although they can't keep up with demand so you'll have to wait a number of weeks for your account after you request it. Protonmail to protonmail is encrypted seamlessly by default. With one click of a mouse you can encrypt mails to non-protonmail addresses, but then you'll obviously have to share the password with the recipient via some other channel.
(Score: 2) by Yog-Yogguth on Tuesday August 04 2015, @01:23AM
https://tutanota.com [tutanota.com] might be an alternative or additional choice.
German, Gratis, GPL, encrypted locally, browser based/webmail, however I don't think they send encrypted to outside destinations (one could encrypt the message oneself though like copypasta GPG-encrypted message content). They don't have your password (so if you forget you lose everything) which if I remember correctly is validated locally (a salted hash perhaps?) and functions as part of your key or something like that, I'm iffy on the details because I've forgotten and not had time to look more at it.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by jasassin on Friday July 31 2015, @12:20AM
I wish we could have private communication. For some reason they wanna know all the porn sites I might visit and the last time I took a shit. No wonder they bid on that supercomputer!
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 5, Insightful) by captain normal on Friday July 31 2015, @12:21AM
The only place I've heard that Google was involved in drafting the CISA is this one blog from The Hill, a rather suspect source for information. I've been following this on EFF: https://www.eff.org/deeplinks/2015/03/senate-intelligence-committee-advances-terrible-cybersecurity-bill-surveillance [eff.org]
Blaming Google is a real stretch. Mostly the companies doing the collecting of information and defending their positions by virtue of this bill are the big ISPs---the telcos and cable companies. Their're the ones that have been collecting such info for many years and for the NSA for the last few years.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 4, Informative) by Anonymous Coward on Friday July 31 2015, @01:00AM
> The only place I've heard that Google was involved in drafting the CISA is this one blog from The Hill,
You didn't hear it from this one blog either. The point of the article is not that Google collaborated to write the bill, it is that if the bill comes to pass all bigcorps will end up as collaborators because of the incentives built into the bill.
(Score: 3, Informative) by captain normal on Friday July 31 2015, @03:36AM
"CISA: the dirty deal between Google and the NSA that no one is talking about"
The title of TFA.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 3, Interesting) by mhajicek on Friday July 31 2015, @04:38AM
Well, Google and the NSA have been working together on quantum computing and machine learning. I wouldn't be surprised if they cooperated on other things as well.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by curunir_wolf on Friday July 31 2015, @04:58PM
You might be right. This might be part of the recently revealed MPAA smear Google campaign [techdirt.com] to make them look bad and turn public opinion against them. Then again, Google has done enough evil that they cannot be trusted.
I am a crackpot
(Score: 3, Interesting) by c0lo on Friday July 31 2015, @01:56AM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Friday July 31 2015, @03:22AM
That's great, we can always use more nodes!
(Score: 2) by c0lo on Friday July 31 2015, @04:04AM
How many do you have? (why having just another one excites you so much?)
(grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Phoenix666 on Friday July 31 2015, @10:44AM
Freenet was created in the wake of Napster 15-16 years ago. I even ran a node at some point. I was surprised it never took off, and am more surprised it still exists. One way to make sure it grows is to make it a default part of a distro. I think more of them are doing that sort of thing with cloud accounts, so the social inertia has already been overcome.
Washington DC delenda est.
(Score: 2) by c0lo on Friday July 31 2015, @11:12AM
I reckon it wasn't about "social inertia" (as in "reluctance to make your files public"), but rather about the easy way of sharing (like easier than connecting to a FTP server; so easy that you don't have to think too much).
If I'm right on my assertion, then there's your explanation why freenode hasn't quite take off: "you need to understand a bit this mumbo-jumbo like darknet/opennet, keys, distributed storage and... and... all this non-sense. Why can't we have just a username and password and be done with it with just simple drag-drop?"
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford