31821973
submission
SolKeshNaranek writes:
It appears that Congress still doesn't get it. Rep. Mike Rogers, the sponsor
of the bad
CISPA bill that puts your privacy at risk, really doesn't seem particularly concerned about the protests that
have been happening online this week. He referred to them as being "like
turbulence on the way down to landing" for the bill. He also said that he
fully expects the bill to easily pass next week when its
brought to the floor.
What really comes through in the article — which mostly talks about how Rogers has been supposedly working with Google to change
some of the language in the bill to make it more acceptable — is how little
concern Rogers
has for the public. Instead, most of the article just talks about how
he's been working with tech companies to make sure they're okay with the
bill. And while that's a start, it's no surprise that lots of tech companies
would be okay with CISPA, because it grants them broad immunity if they happen
to hand over all sorts of private info to the government.
But to then call the protests mere "turbulence" is pretty damned
insulting to the actual people this will impact the most: the public, whose
privacy may be violated. While we appreciate Rogers'
willingness to amend
the bill, it seems clear that there are still major problems with it, and Rogers does not seem to
be actually listening to the privacy concerns of the public — just the various
tech companies.
In the meantime, the
protests continue, and if Rogers
thinks they're mere "turbulence" then it appears that not enough
people are speaking out. The folks at Fight for the Future have put together an
excellent page to make it easier to speak out, over at CongressTMI.org. At
the very least, is it that difficult for Congress to present a real reason why
this bill is needed? Bogus stories of planes falling from the sky or evil
Chinese hackers really aren't cutting it. Perhaps Congress should talk to some
of the experts who note that Congress doesn't understand the tech enough to regulate it
properly. As privacy expert Jim Harper notes:
"Congress has no particular capacity or knowledge of
how to do cybersecurity," Harper says.
"It's not a choice between two different versions in the House and two
different versions in the Senate. The question is still open: is Congress
capable of doing any good here?"
Unfortunately, in the mad dash to pass these bills (which
appear to be much more about who gets to control multi-billion dollar "cybersecurity budgets" than anything else), no one in
Congress seems willing to address the basic question of what problem this
really solves.
31501835
submission
SolKeshNaranek writes:
CISPA at a Glance:
In broad terms, CISPA is about information sharing. It creates broad legal exemptions that allow the government to share "cyber threat intelligence" with private companies, and companies to share "cyber threat information" with the government, for the purposes of enhancing cybersecurity. The problems arise from the definitions of these terms, especially when it comes to companies sharing data with the feds.
Article:
The forces behind HR 3523, the dangerous Cyber Intelligence Sharing and Protection Act which is going to move forward in Congress at the end of the month, are beginning to get cagey about the growing backlash from the internet community. In an attempt to address some of the key concerns, the bill's authors, representatives Mike Rogers and Dutch Ruppersberger, hosted a conference call specifically geared at digital reporters. The invitation was for "Cyber Media and Cyber Bloggers" (seriously) and took place at 7am Silicon Valley time—thus demonstrating that they are totally in touch with the tech community. During the call, the representatives were intent on hammering certain points home: that the bill respects privacy and civil liberties, is not about surveillance, is targeted at actions by foreign states, and is nothing like SOPA.
Unfortunately, none of that is really true. The text of the bill, even with the two key amendments made since (all pdf links and embedded below), is still full of extremely broad definitions which fail to create the safeguards that the representatives insist are present, and which leave room for dangerous unintended consequences.
Is CISPA the new SOPA?
This is the notion that the reps behind the bill are most desperate to kill. Their primary response is that CISPA has nothing to do with seizing domains or censoring websites, but that's only true on the surface. The bill defines "cybersecurity systems" and "cyber threat information" as anything to do with protecting a network from:
(A) efforts to degrade, disrupt, or destroy such system or network; or
(B) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
It's easy to see how that definition could be interpreted to include things that go way beyond network security—specifically, copyright policing systems at virtually any point along a network could easily qualify. And since one of the recipients of the shared information would be Homeland Security—the department that includes ICE and its ongoing domain seizures—CISPA creates the very real possibility for this information to be used as part of a SOPA-like crusade to lock down the internet. So while the bill itself has nothing to do with domain seizures, it gives the people behind such seizures a potentially powerful new weapon.
The reps insist that when they refer to intellectual property, they are not thinking about media piracy or even counterfeiting, but about foreign-based attacks on domestic companies to steal their research and development (they tout examples like the plans for jet fighters). Unfortunately, the bill's definitions create no such restriction, leaving the door wide open for more creative interpretations.
How can the government use the information?
The original text of the bill was really bad, simply saying the government cannot use the information for "regulatory purposes." This was amended to be more restrictive, but not by much: now, the same broad "cybersecurity" definition applies to what they can use the data for, and as if that wasn't enough, they can also use it for "the protection of the national security of the United States." I don't need to tell you that the government is not exactly famous for narrowly interpreting "national security."
So is CISPA a surveillance bill?
The bill specifically prohibits the government from requiring anyone to hand over information, or offering any sort of "quid pro quo" data sharing arrangement. Sharing information is voluntary, and as far as the bill's supporters are concerned, that should end the debate. Of course, as we've seen with things like the warrantless wiretapping scandal, complicity between companies and the government, even when legally questionable, is common and widespread. But even if the safeguards work, CISPA will undoubtedly allow for invasions of privacy that amount to surveillance.
Firstly, while the reps insist that the bill only applies to companies and not individuals, that's very disingenuous. CISPA states that the entity providing the information cannot be an individual or be working for an individual, but the data they share (traffic, user activity, etc.) will absolutely include information about individuals. There is no incentive in the bill to anonymize this data—there is only a clause permitting anonymization, which is meaningless since the choice of what data to share is already voluntary. Note that any existing legal protections of user privacy will not apply: the bill clearly states that the information may be shared "notwithstanding any other provision of law".
So we've got the government collecting this data, potentially full of identifying information of users in the U.S. and elsewhere, and they are free to use it for any of those broadly defined cybersecurity or national security purposes. But, it gets worse: the government is also allowed to affirmatively search the information for those same reasons—meaning they are by no means limited to examining the data in relation to a specific threat. If, for example, a company were to provide logs of a major attack on their network, the government could then search that information for pretty much anything else they want.
Can CISPA be fixed?
Most of the new provisions currently being considered for CISPA have to do with adding oversight and liability to prevent the government from violating any of the terms—but that doesn't address the problems in the bill at all, since the terms are already so broad. CISPA would require significant new restrictions to come anywhere close to being a good bill—a fact that points to Congress' inability to effectively design internet regulation. Moreover, there isn't even clear evidence that new cybersecurity laws are necessary. This is a bill that needs to die.
The EFF has a tool to help you contact your representative about CISPA and the broader issue of cybersecurity legislation. The bill is going to the House the week of April 23rd, so now is the time to get involved. As with SOPA, this is not an issue that solely effects Americans: the data may come from U.S. companies, but it will involve people from all over the world—and, indeed, foreign entities are one of the bill's prime targets. It's once again time for the internet to speak up and send a clear message to Congress: don't mess with something you don't understand.
31444519
submission
SolKeshNaranek writes:
Synopsis: As the battle over the DMCA’s requirements and boundaries heats up, Google, Facebook, the EFF, Public Knowledge and now the MPAA have become involved in a copyright case currently being heard by the 7th Circuit Court of Appeals. Is it enough for a site to perform takedowns when copyright holders demand them, or must it also take additional steps to remove repeat infringers?
Article:
Flava Works, Inc v. Gunter is an ongoing case involving an adult studio plaintiff and a user-submitted video links/video embedding site.
It has become so important that some of the world’s leading Internet companies such as Google and Facebook, rights groups such as the EFF and Public Knowledge, and the biggest entertainment companies through the MPAA, have all become involved in the case.
First a little background. Marques Gunter owns a site called myVidster, a site designed for users to upload links and embed videos hosted on 3rd party sites. In 2010, adult studio Flava Works filed a copyright complaint against myVidster and 26 Doe users of its service.
Flava Works alleged that Gunter had failed to correctly police his site for infringement. Although Flava did not deny that Gunter had responded to specific takedown requests, the company said that despite being made aware of them, Gunter had done nothing to stop a sample of 26 repeat infringers who continually reposted links to infringing material on the myVidster site.
In July 2011, a contributory infringement claim was upheld and a preliminary injunction awarded against myVidster. The company was denied a DMCA safe harbor defense after it was said to have not done enough to deal with repeat infringement.
“[Gunter] removes videos from myVidster that are listed in DMCA notices, but goes no further. Beyond his mechanical response to the notices, Gunter refuses to concern himself with copyright protection,” Judge John F. Grady wrote.
“It is true that service providers are not required to police their sites for infringement, but they are required to investigate and respond to notices of infringement—with respect to content and repeat infringers,” Grady added.
Noting the importance of the case, late November 2011 the EFF and Public Knowledge filed an amicus brief. The pair said that Grady had gone too far with his interpretation of the DMCA and noted that the law “.does not say when and how service providers must terminate the accounts of ‘repeat infringers,’ nor does it define ‘repeat infringer’.'”
Also in November, Internet giants Google and Facebook signaled their interest in the case and their desire to have the original decision overruled. Their submission is complex, but boils down to a common theme.
“Lack of certainty not only harms established businesses like Google and Facebook, but may prevent investment in and development of the next Google or the next Facebook. A [recent study] found that imposing greater liability on Internet intermediaries for the actions of their users would have a devastating effect on investment in early-stage Internet companies,” the pair wrote in a joint amicus brief.
With such important issues at stake, and with their interests leaning more towards holding service providers liable wherever they can, on April 4th the MPAA added their amicus brief to the mix. The MPAA wants Judge Grady’s 2011 ruling upheld.
“Contrary to the assertions of myVidster and amici Google and Facebook, search engines and social networking sites are not the only businesses that desire certainty in a challenging online marketplace,” MPAA wrote. “MPAA member companies and other producers of creative works also need a predictable legal landscape in which to operate.”
“By advertising infringing material, refusing to terminate any of its users’ accounts, and failing to identify and stop infringers who repeatedly embedded links to unauthorized video streams and displays, myVidster did not qualify for safe-harbor protection,” the MPAA continued.
Again, the brief submitted by the MPAA is highly complex, but it too can be boiled down to a simple interest.
“Given the massive and often anonymous infringement on the internet, the ability of copyright holders to hold gateways like myVidster liable for secondary infringement is crucial in preventing piracy,” the MPAA states.
In keeping with that theme and according to a statement from Flava Works CEO Phillip Bleicher seen by AVN, Flava Works are also suing the web hosts of myVidster.
US-based Voxel.net and Netherlands-based LeaseWeb.com are said to be on the hook “for failing to remove MyVidster.com from its servers despite dozens of DMCA notices alerting Voxel.net and LeaseWeb.com that Gunter was a repeat infringer. Under DMCA, safe harbor no longer applies to sites that fail to remove repeat infringers.”
Flava Works, Inc v. Gunter, currently up before the 7th Circuit Court of Appeals, is one of the most important copyright-related cases around and definitely one to keep an eye on.
Related articles:
Google, MPAA and isoHunt Clash in Court: http://torrentfreak.com/google-mpaa-and-isohunt-clash-in-court-110423/
Google’s the Largest Torrent Search Engine, isoHunt Tells Court: http://torrentfreak.com/googles-the-largest-torrent-search-engine-isohunt-tells-court-110315/
Google Gets Involved in BitTorrent Search Engine Lawsuit: http://torrentfreak.com/google-gets-involved-in-bittorrent-search-engine-lawsuit-110220/
31340779
submission
SolKeshNaranek writes:
Summary: After Anonymous hacked hundreds of Chinese government, company, and other general websites, China has acknowledged the attacks. Meanwhile, Anonymous China has not stopped its onslaught.
The group has hacked and defaced hundreds of Chinese government, company, and other general websites over the last week. A few targets have had their administrator accounts, phone numbers, and e-mail addresses posted publicly. Last but not least, on many of the hacked sites, the group even posted tips for how to circumvent the Great Firewall of China. Surprisingly, the Chinese government has acknowledged the attacks.
While Anonymous was not specifically mentioned, it’s obvious what China’s Ministry of Foreign Affairs was referring to during a briefing on Thursday, given the events during the last week.
Additional info from related article: http://www.zdnet.com/blog/security/anonymous-hacks-hundreds-of-chinese-government-sites/11303
