Cross posted from The Stars Hollow Gazette
Well, this didn’t take long. President Barack Obama and Britain’s Prime Minister David Cameron didn’t let any dust settle.
Cybersecurity bill: privacy activists warn of unnecessarily ‘broad legal immunity’
By Dan Roberts, The Gusrdian
White House hoping legislation will toughen private sector response by allowing companies to share information with government agencies including NSA
Barack Obama plans to announce new cybersecurity measures on Tuesday amid warnings from privacy campaigners about unnecessarily “broad legal immunity” that could put personal information at risk in the wake of attacks like the Sony Pictures hack.
Just a day after the Pentagon’s own Twitter account was compromised and Obama pushed a 30-day window for consumer security breaches, his administration was hoping the proposed legislation would toughen the response of the private sector by allowing companies to share information with government agencies including the NSA – almost immediately and under broad protection. [..]
The administration believes the legislation is necessary partly to give companies legal immunity for sharing information on attacks so that counter-measures can be coordinated, but the White House has stepped back from suggestions that companies should be allowed to individually retaliate against hackers, fearing such encouragement could lead to an escalation of cyber warfare.
A White House statement released in advance of Obama’s speech on Tuesday said it “encourages the private sector to share appropriate cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center”.
David Cameron pledges anti-terror law for internet after Paris attacks
By Nicholas Watt, Rowena Mason and Ian Traynor, The Guardian
PM calls for new laws to break into terrorists’ communications but Nick Clegg warns of encroachment on civil liberties
Britain’s intelligence agencies should have the legal power to break into the encrypted communications of suspected terrorists to help prevent any Paris-style attacks, David Cameron proposed on Monday.
The prime minister said a future Conservative government would aim to deny terrorists “safe space” to communicate online, days after a warning from the director general of MI5, Andrew Parker, that the intelligence agencies are in danger of losing the ability to monitor “dark places” on the net.
His proposed legislation, which would be introduced within the first year of Cameron’s second term in Downing Street if the Conservatives win the election, would provide a new legal framework for Britain’s GCHQ and other intelligence agencies to crack the communications of terror suspects if there was specific intelligence of an imminent attack. Political approval would also be necessary.
They aren’t the only ones leaping on the security train wreck, the French and Italian governments have hooped on board.
More Surveillance Won’t Protect Free Speech
By Jillian York, Electronic Frontier Foundation
Following a terrorist attack, it is not uncommon to hear calls from politicians and government officials for increased surveillance. Fear and grief can lead to quick “solutions” that have significant consequences; as we pointed out last week, some of the most far-reaching surveillance and law enforcement powers around the world were devised in the wake of tragedies.
That’s why what we’re hearing this week-in the wake of the attack on Charlie Hebdo-alarms us. On Friday, French Prime Minister Manuel Valls suggested that “it will be necessary to take further measures” to address the threat of terrorism, despite the fact that French intelligence had collected “reams of intelligence” on the terror suspects, and despite a draconian anti-terror law established last November. As our German colleagues point out in a joint statement, France already has some of the strictest security measures in Europe. [..]
Italian authorities are planning new legislation that would enable the government to seize the passports of those suspected of traveling to Syria to join the Islamic State. Interior Minister Angelino Alfano stated Friday that Italy also needed “greater access to conversations between extremists online,” demanding help from Internet companies to provide the Italian government with better access to such data in order to create a “black list” of those who pose a security threat. [..]
Mass surveillance doesn’t only infringe on our privacy, but also our ability to speak freely. As a recent PEN American study found, for writers around the world, surveillance has the effect of chilling speech. The knowledge, or even the perception of surveillance, can prompt writers to think twice before touching upon a given issue.
Let us resist attempts to use this tragic moment as an opportunity to advance law enforcement surveillance powers. Freedom of speech can only thrive when we also have the right to privacy.
And last but not least, there is Manhattan District Attorney Cyrus Vance, a Democrat, scared that your i-phone is harboring criminals
New York’s Top Prosecutor Says We Need New Laws To Fight iPhone/Android Encryption
By Tim Cushing, Techdirt
from the because-child-murdering-drug-dealers,-of-course dept
The greatest threat to law enforcement since the motocar continues to receive attention from entities aghast at the notion that peoples’ communications and data might not be instantly accessible by law enforcement. Apple’s decision (followed shortly thereafter by Google) to offer default encryption for phone users has kicked off an avalanche of paranoid hyperbole declaring this effort to be a boon for pedophiles, murders and drug dealers.
New laws have been called for and efforts are being made to modify existing laws to force Apple and Google into providing “law enforcement-only” backdoors, as if such a thing were actually possible. New York County’s top prosecutor, Manhattan DA Cyrus Vance — speaking at an FBI-hosted cybersecurity conference — is the latest to offer up a version of “there ought to be a law.”
Mark Jaycox and Lee Tien of Electronic Frontier Foundaton released this statement regarding the president’s proposal.
Statement on President Obama’s Cybersecurity Legislative Proposal
More needs to be done to protect cyberspace and enhance computer security. But President Obama’s cybersecurity legislative proposal recycles old ideas that should remain where they’ve been since May 2011: on the shelf. Introducing information sharing proposals with broad liability protections, increasing penalties under the already draconian Computer Fraud and Abuse Act, and potentially decreasing the protections granted to consumers under state data breach law are both unnecessary and unwelcome.
Information Sharing
The status quo of overweening national security and law enforcement secrecy means that expanded information sharing poses a serious risk of transferring more personal information to intelligence and law enforcement agencies. Given that the White House rightly criticized CISPA in 2013 for potentially facilitating the unnecessary transfer of personal information to the government or other private sector entities when sending cybersecurity threat data, we’re concerned that the Administration proposal will unintentionally legitimize the approach taken by these dangerous bills.
Instead of proposing unnecessary computer security information sharing bills, we should tackle the low-hanging fruit. This includes strengthening the current information sharing hubs and encouraging companies to use them immediately after discovering a threat. [..]
Increased Criminalization
The administration’s proposals to increase penalties in the Computer Fraud and Abuse Act are equally troubling. We agree with the President: “Law enforcement must have appropriate tools to investigate, disrupt and prosecute cyber crime;” however, the past two years of surveillance disclosures has shown law enforcement certainly doesn’t need more legal authorities to conduct digital surveillance or prosecute criminals. [..]
Federal Data Breach Law
The President’s legislative proposal also follows up on yesterday’s announcement to pursue a federal data breach law. Consumers have a right to know when their data is exposed, whether through corporate misconduct, malicious hackers, or under other circumstances. Over 38 states already have some form of breach notification law-so the vast majority of Americans already get some protection on this score. While the President has not yet released detailed legislative language, the Administration’s May 2011 Cybersecurity legislative proposal would preempt state notification laws, removing the strong California standard and replacing it with a weaker standard. [..]
Many of these proposals are old ideas from the administration’s May 2011 Cybersecurity legislative proposal and should be viewed skeptically. While the Administration information sharing proposal may have better privacy protections than dangerously drafted bills like CISPA, we think the initial case for expanding information sharing requires much less secrecy about how intelligence and law enforcement agencies collect and use data on our networks. And instead of increasing penalties under the Computer Fraud and Abuse Act, we’ve long advocated common sense reform to decrease them.
Here’s hoping there are enough sane heads left in legislatures to stop this in its tracks, on both sides of the pond.