My new Guardian column, "Privacy, public health and the moral hazard of surveillance," discusses the way that the governments' reliance on social networks for intelligence purposes means that they can't intervene to help their populations get better at trading their privacy for services.
That's a crisis. If online oversharing is a public health problem, then the state's decision to harness it for its own purposes means that huge, powerful forces within government will come to depend on oversharing. It will be vital to their jobs – their pay-packets will literally depend on your inability to gauge the appropriateness of your online disclosure.
They will be on the same side as the companies that profit from oversharing, because they will, effectively, be just another firm that benefits from oversharing.
It's as though Scotland Yard decreed that obesity was critical to its ability to catch slow-moving, easily winded suspects. It's as though the NHS announced it would cope with the expense of an aging population by encouraging chain-smoking. The dangers of oversharing are hard enough to manage when it's just the private sector that benefits from them.
Privacy, public health and the moral hazard of surveillance
Evan from Fight for the Future sez, "All of your phone calls, emails, petition signatures, and tweets are working. The privacy-killing back-from-the-dead zombie bill CISPA is a bit stalled in the Senate, with over $605 million in lobbying spent on it already, it's bound to be back to haunt us in some form soon.
So we made an infographic to get everyone up to speed. This Spring, we'll be organizing the largest online privacy protest in history, to send this bill back where it belongs. Join us?"
Read the rest
After months of activist agitation and a crushing disappointment from the cowards in the House of Representatives, the US senate has effectively killed CISPA, a sweeping Internet surveillance proposal. This is astoundingly great news! But CISPA died once before, and came back from the dead, and it will not likely stay dead this time around either. The price of liberty is eternal vigilance, etc etc etc:
Sen. Jay Rockefeller (D-WV), the chairman of the U.S. Senate Committee on Commerce, Science and Transportation, said in a statement on April 18 that CISPA's privacy protections are "insufficient."
A committee aide told ZDNet on Thursday that Rockefeller believes the Senate will not take up CISPA. The White House has also said the President won't sign the House bill.
Staff and senators are understood to be "drafting separate bills" that will maintain the cybersecurity information sharing while preserving civil liberties and privacy rights.
Rockefeller's comments are significant as he takes up the lead on the Commerce Committee, which will be the first branch of the Senate that will debate its own cybersecurity legislation.
Michelle Richardson, legislative council with the American Civil Liberties Union, told the publication she thinks CISPA is "dead for now," and said the Senate will "probably pick up where it left off last year."
CISPA 'dead' in Senate, privacy concerns cited [Zack Whittaker/ZDNet]
We've been CISPA'd again.
For a second year the US House has passed the embarrassingly vague Cyber Intelligence Sharing and Protection Act, a bill that could scatter your personal information like a tornado hitting a trailer park. Echoing last year, the Obama administration has threatened to veto CISPA if it fails to incorporate privacy controls, but we shouldn't have to rely on presidential intervention or the Senate's questionable wisdom to save us. Though Congress is gifted in the arts of incompetence and believes digital liberties only matter to basement-dwelling teens, we cannot entirely vilify the House, either. If there's one thing our representatives actually represent about us, it is our ignorance of technology.
Read the rest
It's about as horrible as it can be: the House Rules Committee won't even allow privacy-protecting amendments on the agenda; the bill's sponsor Rep. Mike Rogers dismisses people who oppose CISPA as 14-year-olds in their parents' basements; and a bunch of tech companies are lobbying in favor of CISPA because the bill cannily immunizes them from liability for firehosing your personal, sensitive information all over the place.
The sole bright light is this: the Obama White House has taken an uncharacteristically progressive stance on privacy this time around, and has threatened to veto the bill.
The Electronic Frontier Foundation is, as always, the best place to go to find things you can (and should, and MUST) do to kill this insane proposal.
Evan from Fight for the Future sez, "In the hours before the House Intelligence Committee's secretive, closed-door markup on privacy killing bill, CISPA, we had to unleash our secret weapon.
CISPA threatens to invalidate every privacy law on the books and give companies full legal immunity when they share our private data with the government. That's why the tech giants that stood with us during SOPA (Google, Facebook, and Twitter) haven't said much about CISPA.
Sign the petition, kill CISPA, save the Internet (again!).
CISPA is a bill before Congress that will radically increase the ease with which the government and police can spy on people without any particular suspicion. It is being rammed through by people like Rep. Mike Rogers (R-MI), who received a small fortune in funding from the companies that stand to get rich building the surveillance tech CISPA will make possible.
What's more, Rogers admits it, and even tweets about it! Nicko Margolies from the Sunlight Foundation writes,
Rep. Mike Rogers (R-MI), a co-sponsor and major supporter of the controversial Cyber Intelligence Sharing and Protection Act (CISPA), deleted a retweet of an analysis of contributions to lawmakers from pro-CISPA companies. MapLight looked at the powerful House Intelligence Committee, where Rep. Rogers serves as Chairman, and followed campaign contributions to the members who are currently considering the bill that would allow companies to share more information on Internet traffic and users with the U.S. government.
Rep. Rogers, or possibly a member of his staff, retweeted the story that identified that members of the House Intelligence Committee "have received, on average, 15 times more money in campaign contributions from pro-CISPA organizations than from anti-CISPA organizations." He retweeted MapLight's tweet of this information from his iPhone and after 23 minutes thought better of it and removed it. Fortunately the Sunlight Foundation's Politwoops project caught it and archived this change of message and of heart. According to the MapLight piece, Rep. Rogers received $214,750 from interest groups that support CISPA.
The EFF has more info on CISPA, and ways you can help kill it.
Pro-CISPA Lawmaker Deletes Retweet about Money Received from Pro-CISPA Groups
from the Sunlight Foundation sez, "Since the reintroduction of the controversial CISPA bill, I imagine many in the Boing Boing community will be interested to follow the latest developments on the legislation. The Sunlight Foundation's Scout alert service
will send anyone an email or text message for any official activity and votes on the bill including notices of upcoming hearings and when it's coming to the floor. I've created a collection of alerts about CISPA
so you can follow speeches in Congress that use the phrase 'Cyber Intelligence Sharing and Protection Act' or 'CISPA' and, for those interested in wider coverage, there are alerts for any mentions of 'Cybersecurity' in federal regulations and state-level bills. It's just a few clicks to follow the full collection of CISPA alerts, cherry-pick favorites or create your own custom ones with Scout
Tiffiniy from the SOPA-killing activist group Fight for the Future sez,
Remember when we worked together and beat back internet censorship and SOPA, and changed the world earlier this year? 2012 is a historic year for our basic rights on the web - the year the internet came alive and fought for free speech and freedom. Sites like Boing Boing depend on an open and free web, and so doesn't much of what you love and do on the web.
Unfortunately, Congress still only cares about the opinions of likely voters. If everyone who cares about internet freedom stays at home this election, Congress will bring back SOPA. That's why we've been working on a campaign to turn out a massive number of internet users at the polls, and we're asking people to join us tomorrow for Internet Voter Registration Day, right before a bunch of state deadlines, by pledging that you'll vote, and register if you need to: internetvotes.org.
Washington insiders thought SOPA, PIPA, and CISPA were all 'certain to pass.' How did the internet win against those bills? Because people stood up to protect free speech and the transformative power of the internet in their lives.
Let's dramatically increase the number of people egging each other on to vote, which has shown to get people to the polls. The first thing we're asking people to do is to get our friends to pledge and register to vote starting Tuesday, National Voter Registration Day (right before a bunch of state deadlines with time to send in your forms). Then we'll work together to mobilize millions of internet users to get to the polls. People can use our tools to see which of their friends are voting and registered, mobilize their audiences into voting blocks for their cause, site, or group, get important voting information, and make sure their friends go vote.
Promise to vote for the internet in 2012
A reader writes, "The Bill of Rights Defense Committee has a list of candidates
who are running for Congress who strongly oppose indefinite detention of American citizens and SOPA/CISPA. The link also mentions current incumbents who are working to defend the Internet."
Tiffiny from champion SOPA-fighters Fight for the Future says:
This year, grassroots movements defeated SOPA in the US and ACTA in Europe. We might be able to make another bad-idea bill, CISPA, go down in flames too (or get the privacy protections we've been fighting for). CISPA-- which already passed the House -- would give government access to all your personal data with no restrictions on what they could do with it. The Senate version of CISPA, which is slightly better but could be made much, much worse is going to final vote today.
If you have a secret --
Or think it's creepy that the government listens in on your cell phone calls, knows your location right now, reads your emails, all without a warrant? A bill going to vote today in Congress would make all of this government spying legal.
Millions of us aren't aware of this bill or don't realize how far they go.
That's why we're sharing this link: doyouhaveasecret.org
We took some time to try to capture exactly what's so dangerous and disturbing about having secrets at all.
This year, grassroots movements defeated SOPA in the US and ACTA in Europe. We might be able to make another bad-idea bill go down in flames too (or get the privacy protections we've been fighting for).
This could be the year for internet freedom and the open internet to prevail above huge amounts of lobbying dollars. And racking up wins on SOPA, CISPA, ACTA -- that'd be unprecedented. Millions of people could help make that happen.
Do you have a secret?
Sean Morley, AKA Val Venis, a professional wrestler, has informed a fan via Twitter that "#WWE asked me to appear but I just cannot do anything with them for as long as they continue their support of #SOAP/#CISPA"
Kick ass, dude. From Techdirt:
While the WWE was never listed on the official Judiciary Committee list of supporters, the organization made many community sourced lists as a supporter of SOPA. Regardless of when and how the WWE came to be supportive of the unpopular bills, this shows that there is a long lasting bitter aftertaste left in the mouths of those who feel betrayed by organizations that supported SOPA and CISPA.
WWE Raw SuperShow One Wrestler Short Due To SOPA Support
Zak from Fight for the Future/Privacy is Awesome sez,:
It's only days before the Senate votes on its version of CISPA, and the SECURE IT Act. The bill would open all your data up to the government, no matter how personal. Good bye privacy, hello police state. Since the vote is soon, anything we do at this point has a big impact, so if you care about your privacy, stand with us and take these actions:
The first thing you can do is change your Facebook cover photo to show your friends the creepy records government will be keeping on us if CISPA passes.
There's another thing you can do to send your message even stronger. Visit a Senator's office and deliver this explanation of how CISPA and SECURE IT would trample our privacy, or mail it in if you can't visit in person. Tons of people will be doing this. It's the best way we can educate our senators; a disturbing number of them don't really understand what they're about to vote on.
Tiffiniy from Fight for the Future (standard-bearers in the fight against SOPA) sez,
Privacy is Awesome. Kill CISPA.
Congressional hero of the SOPA wars, Senator Wyden, said about cyber security legislation (CISPA and Lieberman-Collins) that is expected to be taken up and passed in early June:
"I believe these bills will encourage the development of an industry that profits from fear and whose currency is Americans' private data. These bills create a cyber industrial complex that has an interest in preserving the problem to which it is the solution."
Furthermore, privacy is awesome -- it lets you be yourself without fear of unjust scrutiny. But, these bills would end meaningful privacy and install meaningful surveillance. But, we can change the game: www.privacyisawesome.com.
CISPA passed the house recently. That seems like a blow, but unless a similar bill passes the Senate, that means nothing. We have one week to kill CISPA indefinitely.
The playbook for this is rolling out today. If we can get senators to just stop and think for a minute before they vote on the bill, the clock will run out on it. To do that, we need to call Senate offices in the thousands requesting meeting at and information on Memorial Day events and during the Senators' recess, and get meetings in every state.
We're looking for people who can help keep building the movement for internet freedom, and who want to help stop CISPA.
Remember the seizure of Dajaz1.com, a hiphop blog that posted all kinds of music clips that record company promoters (and even CEOs) begged them to post? The one that was shut down for a year on a trumped-up copyright charge that was quietly dropped without explanation? Now we have an explanation.
Rebecca from the Electronic Frontier Foundation writes, "After a year-long seizure and six more months of secrecy, the court records were finally released concerning the mysterious government takedown of Dajaz1.com -- a popular blog dedicated to hip hop music and culture. The records confirm that one of the key reasons the blog remained censored for so long is that the government obtained three secret extensions of time by claiming that it was waiting for 'rights holders' and later, the Recording Industry Association of America, to evaluate a 'sampling of allegedly infringing content' obtained from the website and respond to other 'outstanding questions.'"
Update: Mel from Dajaz1.com in the comments asks me to remind you that the site is back. It deserves your attention.
Now that the full court records are out, this seizure raises critical questions about the government’s use of its new powers to shut down lawful speech in the form of domain seizures for alleged copyright infringements. It also demonstrates the basic unfairness of the processes and secrecy invoked here and possibly in hundreds of other domain name seizures across the country. For nearly a year, the government muzzled Dajaz1.com – denying the blog’s author the right to speak and the public’s right to read what was published there – and then compounded matters by claiming extreme secrecy and blocking the Dajaz1 and the public’s access to information about the case.
Equally troubling, the records confirm what was already suggested by the initial affidavit used to obtain the seizure order: that ICE, and its attorneys, are effectively acting as the hired gun of the content industry at taxpayers' expense. Instead of relying on rightsholders to determine whether a seizure was appropriate, the government should have been conducting its own thorough investigation. If it had acted in anything like good faith, it could have determined that the site wasn't a proper target even before the seizure, or at least could have discovered and rectified the mistake before a year had passed.
Unsealed Court Records Confirm that RIAA Delays Were Behind Year-Long Seizure of Hip Hop Music Blog
CISPA, the sweeping cyber-surveillance bill that is gallumphing through Congress despite its constitutional deficiencies, has hit a snag. The Office of Management and Budget has recommended that Obama veto the bill, should it reach his desk. The bill's up for a vote on Friday. Here's Cyrus Farivar, writing about it on Ars Technica:
"Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens, especially at a time our Nation is facing challenges to our economic well-being and national security," the e-mail states. "The Administration looks forward to continuing to engage with the Congress in a bipartisan, bicameral fashion to enact cybersecurity legislation to address these critical issues. However, for the reasons stated herein, if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill."
The eight-paragraph message articulates various reasons why the OMB opposes the bill, including that the bill "significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres" and that it "also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes."
CISPA veto recommended by White House, bill's authors defend it
Forest sez, "The Creators of 'The Day the LOLcats Died' bring you a new video in protest of CISPA: We appointed a Congressional committee to create a video opposing CISPA, a new bill being voted on later this week in the House of Representatives. This is what they came up with. Don't let Congress make things for the Internet. Oppose CISPA today. The EFF has a great tool to help."
Zakkai from Fight for the Future (the folks who brought you the war on SOPA) sez, "Want to fight for Internet privacy with cute cat photos? CISPAcat is a new advice animal that wants nothing more than to spy on your internet activity. He's the child of the privacy-killing cybersecurity bill CISPA and the equally creepy ceiling cat. Check him out and submit your own. Curious why CISPA is so bad? Read about it at the EFF's website."
CISPA CAT IS WATCHING YOU
Zakkai sez, "We have the feeling that even CISPA's sponsors don't understand how ridiculous their bill is. Do government agencies and corporations really need to be able to spy on us all the time for any reason? To draw attention to how unnecessary and inappropriate CISPA is, Fight for the Future is launching the CongressTMI campaign along with a coalition of organizations including the ACLU, EFF and Avaaz. The CongressTMI campaign organizes internet users to flood CISPA sponsors' Twitter accounts with our uninteresting and useless personal data (Too Much Information or TMI) - the kind of information that the government will have access to if CISPA passes. But if it does pass, we won't be able to keep the government away from data we don't think is funny, like our personal email or search history. In fact, we'll barely have any privacy rights at all. Hopefully this deluge of mundane crap will be enough to open some eyes in congress and get some internet citizens excited about fighting for their rights."
Congress ending privacy with CISPA? Fight back with TMI!
A coalition of US civil liberties organizations have declared this to be Stop Cyber Spying Week, with the goal of scuttling CISPA, the Internet spying bill that promotes web-censorship, bulk surveillance, and warrantless wiretapping by government and Internet companies, while turning over spying governance to the unaccountable, secretive NSA.
CISPA's supporters, notably CISPA sponsor Rep Mike Rogers (R-MI), have pooh-poohed the Internet's concerns, and say that the bill is a lock, and nothing we say can change Congress's mind (apparently, they've forgotten the lesson of SOPA). Now, the Electronic Frontier Foundation replies with specific, Internet-breaking, out-of-control surveillance scenarios CISPA would create:
One of the scariest parts of CISPA is that the bill goes above and beyond information sharing. Its definitions allow for countermeasures to be taken by private entities, and we think these provisions are ripe for abuse. Indeed, the bill defines "cybersecurity purpose" as any threat related to safeguarding or protecting a network. As long as companies act in "good faith" for a cybersecurity purpose, they have leeway to protect against “efforts to degrade, disrupt, or destroy [a] system or network.” This opens the door for ISPs and other companies to perform aggressive countermeasures like dropping or altering packets, so long as this is used as part of scheme to identify cybersecurity threats. These countermeasures could put free speech in peril, and jeopardize the ordinary functioning of the Internet. This could also mean blocking websites, or disrupting privacy-enhancing technologies such as Tor. These countermeasures could even serve as a back door to enact policies unrelated to cybersecurity, such as disrupting p2p traffic.
Yes, CISPA Could Allow Companies to Filter or Block Internet Traffic
US Secretary of State Hillary Clinton has repeated her view that the world's governments should respect Internet freedom, telling the Brasilia Open Government Summit that the world is dividing into "open" and "closed" societies characterized by their attitude towards net freedom. It's a laudable sentiment, but as they say, "We know you love freedom, we just wish you'd share." After all, America is one of the world's leading exporters of Internet censorship and surveillance laws (in the form of its intervention into copyright laws, as well as instigating unaccountable, secret copyright treaty negotiations like ACTA and TPP. They're also the world's leading exporter of Internet surveillance and censorship technology, thanks first to the US national requirement that telcoms companies buy equipment that allows for direct police surveillance, and the aggressive sale of this surveillance and control technology to the world's dictatorship by US firms.
Speaking at the inaugural meeting of the Open Government Partnership in Brasilia, she said countries could only become more secure and peaceful if they were open. "In the 21st century, the US is convinced that one of the most significant divisions between nations will be not between east or west, nor over religion, so much as between open and closed societies," she said.
"We believe those governments that hide from public view and dismiss ideas of openness and the aspirations of their people for greater freedom will find it increasingly difficult to create a secure society."
It's particularly galling that Secretary Clinton made these remarks even as the US Congress is poised to pass CISPA, which establishes a national US regime of censorship and warrantless surveillance.
Open or closed society is key dividing line of 21st century, says Hillary Clinton
(Image: Clinton Rally 90, a Creative Commons Attribution Share-Alike (2.0) image from kakissel's photostream)
CISPA, the pending US cybersecurity bill, is a terrible law, with many of the worst features of SOPA -- surveillance and domain seizures and censorship and so on. What's more, it is being supported by one of the largest Web companies in the world: Facebook. DemandProgress is asking its supporters to write to Facebook and ask them to withdraw their support.
What is Facebook thinking? They've signed on in support of CISPA -- the new bill that would obliterate online privacy, give the military crazy new abilities to spy on the Internet, and potentially let ISPs block sites and cut off users accused of piracy.
Tell Facebook: Withdraw Your Support For CISPA
CISPA, the Cyber Intelligence Sharing and Protection Act of 2011 (H.R. 3523), is a successor, of sorts, to the loathesome SOPA legislative proposal, which was shot down in flames earlier this year. EFF's chilling analysis of the bill shows how it could be used to give copyright enforcers carte blanche to spy on Internet users and censoring the Internet (it would also give these powers to companies and governments who'd been embarrassed by sites like Wikileaks).
Under the proposed legislation, a company that protects itself or other companies against “cybersecurity threats” can “use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property” of the company under threat. But because “us[ing] cybersecurity systems” is incredibly vague, it could be interpreted to mean monitoring email, filtering content, or even blocking access to sites. A company acting on a “cybersecurity threat” would be able to bypass all existing laws, including laws prohibiting telcos from routinely monitoring communications, so long as it acted in “good faith.”
The broad language around what constitutes a cybersecurity threat leaves the door wide open for abuse. For example, the bill defines “cyber threat intelligence” and “cybersecurity purpose” to include “theft or misappropriation of private or government information, intellectual property, or personally identifiable information.”
Yes, intellectual property. It’s a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.
There's a DemandProgress petition against CISPA (DemandProgress was one of the leaders of the SOPA fight).