Ramblings of an old Doc

 

Privacy vs. security…that’s at the core of the newest effort to secure us and US corporations from the cyber criminals/spies/hackers. Supposedly it’s better than CISPA and CISA.

It protects your security by enabling corporations to share your data and the government as well.

“The Protecting Cyber Networks Act enables private companies to voluntarily share cyber threat indicators with one another and to voluntarily share these indicators with the federal government so long as it does not go through the NSA or the Department of Defense, all while providing strong protections for privacy and civil liberties.” – House Permanent Select Committee on Intelligence

Seriously? The NSA is out of the loop? Who the hell believes that? Why do I doubt the veracity of this? Maybe because of the fact that it even brags about its ability to wage cyber warfare. Also, it would seem that the NSA must be part of the loop in order to do its legitimate job.

    • Protects privacy by prohibiting the government from forcing private sector entities to provide information to the government. 
    • Requires companies to remove personal information before they share cyber threat indicators with the government. 
    • Requires the federal agency that receives cyber threat indicators to perform a second check to remove personal information before sharing the indicators with other relevant federal agencies. 
    • Strictly limits the private-to-private and private-to-government sharing to cyber threat indicators and defensive measures to combat a cyber threat. The legislation does not allow for the sharing of information for non-cyber purposes. 
    • Imposes strict restrictions on the use, retention, and searching of any data voluntarily shared by the private sector with the government. 
    • Only provides liability protections for companies that share in good faith. 
    • Enforces these strong privacy and civil liberties protections by permitting individuals to sue the federal government for intentional privacy violations in federal court. 
    • Provides for strong public and congressional oversight by requiring a detailed biennial Inspectors General (IG) report of appropriate federal entities of the government’s receipt, use, and dissemination of cyber threat indicators. The Privacy and Civil Liberties Oversight Board (PCLOB) must also submit a biennial report on the privacy and civil liberties impact of the Act. – ibid

So, if this is so benevolent, how come data shared under this act might well be immune from disclosure under FOIA and would create a new secret cyber-intelligence coordinating body through which all this info passes? Guess what? The government doesn’t see it like that. Surprise!

Of course, this body would be immune from hacking. We’re supposed to believe these clowns who can’t even isolate unclassified from classified systems?

What I really fear is that this bill would allow the use of this data with the Espionage Act and that would make it ripe for the abuse of things such as the surveillance of journalists and their sources. Already, we’ve seen the current administration go after journalists and whistle blowers (here, for example – never mind the usage of the IRS).

No, I’m sorry but I trust the government exactly zero…wait, that’s not true. I trust the government to screw up and to try to put space between my rights and me.

The problem? It’ll probably pass the Senate – and that will be the real end of the only group which can keep the government in any sort of check: The press.


Comments (Page 1)
2 Pages1 2 
on Apr 26, 2015

Ya new it was coming.

on Apr 26, 2015

That's like the most benign internet thing to come out of Congress in years.  Not saying I like the idea of Uncle Fuck Me in the Ass playing in cyber security to begin with, but considering the other stuff that's come down the pipe...

on Apr 26, 2015

Do you even know what "cyber threat indicators" are? They're lists of IP addresses, domain names, and file hashes that cyber security analysts have found to be potentially threatening to computer and network security. If a company does proper sanitization there is no personal data that could be shared. If they don't, that is a problem.

So private companies can already share these indicators. Many already do. It seems this act provides companies the ability to sue if those indicators are used against them or their customers. Aside from that it doesn't actually do anything.

I am a huge privacy, pro Constitution, small government guy. But I think perhaps you guys don't know what you're talking about here.

Also, my day job is protecting my company's networks from getting hacked.

on Apr 27, 2015

Remember terror alerts?  - by the colors?  Seems these "cyber threat indicators" are just vague enough to allow for all sorts of ... 

on Apr 27, 2015

Vague? When a piece if malware is calling home to idareyoutotrustthisdomain.com, that is a rather specific indicator of compromise.

on Apr 27, 2015

For mine, this is just another way to exert even greater control over the US population... it's online viewing habits, etc.  Okay, they might get lucky and thwart a cyber threat here or there, but me thinks the greater intent is to influence what content is seen, and prevent content that's 'deemed' inappropriate. 

Now that's all well and good if they took down sites promoting terrorism and violence - bomb making and the like - not to mention taking down sites distributing kiddie porn [that needs to end yesterday], but I believe something more covert and sinister is going on.

Censorship by stealth anyone?

And with all the hackers they have at their disposal... like offered deals to, greater control over the internet could spell an even greater invasion of privacy than the NSA already has/does.

Like Mulder used to say: "Trust Noone."

on Apr 28, 2015

starkers

Like Mulder used to say: "Trust Noone."

on Apr 28, 2015

As a cyber security professional myself, I can tell you right now the industry is very worried about the success foreign hackers have had. So right now we are sounding out the call for data sharing and collaboration. I think this is Congress listening to those calls, thinking they need to do something to help, and doing it because it might help them keep their jobs. Maybe there's some sinister plan behind the scenes, who could ever know.

 

on Apr 29, 2015

The_Gear


Quoting starkers,

Like Mulder used to say: "Trust Noone."




He also used to say: "The truth is out there."  However, you won't find it in government or its agencies.

In other words. one must suspect....

eviator

there's some sinister plan behind the scenes,

A bit like the old saying: "Justice must be seen to be done."  This bunch of snakes in the grass appear to be doing something, but to what end?  And what are the consequences, not only to US citizens, but the rest of the world?  All too often events inside the US have a broader influence/impact, particularly with allies who wish to remain in favour, and with those it considers enemies.

One example of this are the extreme security measures implemented here in Australia since 9/11.. like not being able to buy a sim card or cell phone with sim included without photo ID, yet anyone can phone a major carrier and have a land line connected without ID altogether; like not being able to rent a house without photo ID; like not being able to travel interstate without photo ID, yet a customer who books online and prepays by credit card can usually walk on to their desired transport without question. 

The thing is, these measures could be easily circumvented by terrorists quite easily, so in effect they're fechen useless and more often than not inconvenience the innocents who have nothing to hide.  The truth is more likely our government[s] reconised a steady revenue/income stream from producing official photo IDs that expire every 3 -5 years or so.... and for many it's not just the cost of the ID card, but having to purchase additional supporting documentation to validate the application/get it approved.  National security was just a secondary thought, IMO.

1984, anyone?

on Apr 29, 2015

starkers

A bit like the old saying: "Justice must be seen to be done."  This bunch of snakes in the grass appear to be doing something, but to what end?  And what are the consequences, not only to US citizens, but the rest of the world?  All too often events inside the US have a broader influence/impact, particularly with allies who wish to remain in favour, and with those it considers enemies.

One example of this are the extreme security measures implemented here in Australia since 9/11.. like not being able to buy a sim card or cell phone with sim included without photo ID, yet anyone can phone a major carrier and have a land line connected without ID altogether; like not being able to rent a house without photo ID; like not being able to travel interstate without photo ID, yet a customer who books online and prepays by credit card can usually walk on to their desired transport without question. 

The thing is, these measures could be easily circumvented by terrorists quite easily, so in effect they're fechen useless and more often than not inconvenience the innocents who have nothing to hide.  The truth is more likely our government[s] reconised a steady revenue/income stream from producing official photo IDs that expire every 3 -5 years or so.... and for many it's not just the cost of the ID card, but having to purchase additional supporting documentation to validate the application/get it approved.  National security was just a secondary thought, IMO.

1984, anyone?

I'm not sure photo I.D. is the best example. They are a form of authentication, proof you are who you say you are. I would love it if, here in the U.S. everyone was required to show photo I.D. while voting. It would seriously improve the integrity of our elections. I also agree with showing photo I.D. when purchasing something with a credit card or renting a house. Someone claiming to be me while doing those kinds of transactions could really hurt me! Yes, certainly the government can use them to track my actions and yes, certainly it brings them even more revenue. But they are essentially a crime prevention method too, and that is one of the few things I want my government to do, and do it well. If the I.D's are easily forged or circumvented, then they should be improved. Technology does have some answers.

But this is a side point to the one I think you are making, which, if I may try to paraphrase, is that government thinks it can and should do more and more to try to "help" us, while at the same time using it against us. On that point, I agree.

on Apr 29, 2015

eviator

I'm not sure photo I.D. is the best example.
'

It is a perfect example of how our governments, State and Federal, went over the top to so-say boost national security.  Prior to 9/11 we didn't need photo ID every time we needed to buy a cell phone; rent a house; travel or fart.  Now we do... and none of it prevents anything.  For example, I bought a sim card for my mobile phone without photo ID... I just got somebody else to purchase it and I activated it without issue through the telco of choice.  A terrorist could do the same thing, so the measure is as useless as tits on a bull.

Another example!  The people living behind us got others to rent the property they now live in, partly to avoid potential prejudice/racism, but mostly because neither the husband or wife have acceptable photo ID, just expired passports, which clearly show who they are, yet are not valid as proof of their identities.  I have the same trouble.

I have no photo ID [except for an expired passport] and cannot get it.  Despite documentation going back almost 62 years, some of it from the UK, but most of it originating in Australia, I have been refused official photo ID because this government does not recognise my passport or birth certificate, which are British, and the rest of my documentation/proof, which is Australian, does not amass enough points under the qualification system.  Over the last 15 or so years I've spent hundreds and hundreds of dollars to aquire the extra documents I was told would qualify me, but every time I've gone back with it the goal posts had been moved yet again.

Frankly, I've given up trying.  The c***s can shove their phto ID where the sun has never shone.  The last time I was told that if I spent $550 of non-refundable money on government held documents they 'may' be able to help me... and I'm not spending that kind of cash on a 'may' be able to.  Like I said in my earlier post, the whole thing is a government cah grab, thinly veiled by a "we're doing it for you and the good of the country".

eviator

But this is a side point to the one I think you are making, which, if I may try to paraphrase, is that government thinks it can and should do more and more to try to "help" us, while at the same time using it against us. On that point, I agree

No, it's more that government does what it can to help itself.... and if we happen to be accidental beneficiaries well so be it.  However, for the privelege of being accidental beneficiaries we pay a steep, steep price and lose much along the way.... our rights, freedoms and privacy being the first casualties every time the gov't gavel seals the deal.

Yes, I am distrusting and cynical, but I believe with good reason.

on Apr 29, 2015

The US has required valid I.D. for all this stuff since well before 9/11, not for "security" reasons, but as a measure to prevent fraud. Do you guys not care about fraud or identity theft in Australia?

Now, you are an immigrant to Australia, that complicates matters. Immigrants to the U.S. probably also have a tougher time getting an I.D. Again, it's not for phony security reasons, it's to prove you are who you say you are. In your specific case it seems like Australia is adding all kinds of bureaucracy in order to meet some obscure regulation. If your government officials tell you it's to combat terrorism, that's ridiculous.

 

on Apr 29, 2015

eviator

Now, you are an immigrant to Australia, that complicates matters.

'Everyone' is an immigrant to Australia.....just some of us did it a few generations [or thousands] earlier.

Quaintly though...the US has more of my 'identity' than Australia does...iris scans...fingerprints....sniffed my undies for the Empire State...

Australia's regulations re identity verification are fine... provided you're not a dodgy ring-in from some furren country who thinks he's Straylian just because his postcode says he is...

If a mate could get his gun licence for his work as an Armaguard driver without EVER having a recorded birth certificate to indicate he even existed then I'm sure anyone can resolve 'issues' provided they go about it the right way [avoiding dramatics] ...

on Apr 29, 2015

Um, Jafo, I'm no ring-in who's just arrived and selected a postcode to call home.  I've been here 45 years and spent more than 2/3rds of my life here.  I held a drivers license and worked for the QLD Police Service, but records of these things no longer exist.  I have dozens of documents pertaining to my person/identity, but they are insufficient as they do not accumulate enough points... and the only two documents in my possession that would earn enough points ordinarily [my birth certificate and passport] have been deemed as unacceptable.

The last time I was refused they told me I 'may' qualify if I obtained my original migration papers, my travel documants and entry visa when we arrived.  The cost to apply for those documents [I never had them personally, my parents did] was/is in excess of $550 and is non-refundable... even if they can't find/provide them.  So why would I spend that much without gaurantee?

Having already spent over $700 on documents I was told would get me this elusive photo ID, and being knocked back each time I went in with it, I'll be fucked if I will spend another cent on it,... for a simple 18+ card with my mugshot on it, for fuck sake.  I'm not asking for a security pass into their most sensitive areas, and I'm not asking for a paid trip on a private jet to to Canberra to bump off Tony Abbott. 

No, I'm just asking for an 18+ card, and I've provided dozens of government issued documents to verify I am who I say I am, but they supposedly are not Class A documents and do not accrue enough doddam points, as designated by some pencil pushing effwit who doesn't have a fechen clue.

As for avoiding the dramatics, I went into the relevant department several times and was as polite as buggery... I even thanked them when they virtually told me to piss off and not come back until I'd spent more money.  I even went to my state and federal members of parliament to seek assistance, and basically I got: "The law is the law and there's nothing we can do."

Yeah right!  No wonder I never want to vote for the pricks.  They want your help to get elected, and once they are , any help I/we might need isn't forthcoming and is too often flatly refused.

So it's not just that I'm untrusting and cynical, I'm fechen angry as well.

on Apr 29, 2015

eviator

The US has required valid I.D. for all this stuff since well before 9/11, not for "security" reasons, but as a measure to prevent fraud. Do you guys not care about fraud or identity theft in Australia?

It's not that we don't care, more that things have gone fronm the sublime to the ridiculous in some instance... like me getting photo ID, for instance.  It's not about security; it's not about fraud or crime prevention.  No, it's solely about raising revenue... PERIOD. 

If law Australian enforcement agencies need to verify my identity, Queensland police have my fingerprints, DNA as well as photos of me/my tattoos and distinguishinhg marks... was charged with assault after intervening when my former brother-in-law was beating on my sister.  This in itself is more than enough proof of who I am, but the Transport Dep't that issues the photo ID, a dep't that works very closely with police, refuses to access those records, and under state law the police dep't cannot release them to me as a civilian.  Ironic, isn't it, the very same government I'm seeking photo ID from has all the evidence/proof it needs to issue said card, yet it is too inept and/or greedy to fulfill my application[s]

eviator

In your specific case it seems like Australia is adding all kinds of bureaucracy in order to meet some obscure regulation. If your government officials tell you it's to combat terrorism, that's ridiculous.

There is no obscure regulation here, it is bureaucracy gone mad with power.  The fact is, some twat came up with a points system that I can never satisfy because the two most important documents that provide the majority of the 150 point required have been deemed unacceptable... and all the rest put together don't even come close, despite being issued by the very governments who require I have photo ID.

The bastards have me by the short n' curlies... and I point blank refuse to spend another cent on it.  If they want/need to know who I am, let them rummage around in their files/archives to ascertain it.  I'm done jumping through their hoops/being made to sit and beg

2 Pages1 2