Is the Cyber Security Information Sharing Act actually at Trojan Horse?

When I first heard about Cyber Security Information Sharing Act (CISA) concept, it appeared to make some sense.  If one company encounters a cyber attack, or discovers a serious vulnerability, it should be required to notify a government agency and its peers ASAP to help protect all other government agencies and companies, as well as the overall network.  If a company reports such an attack or vulnerability in good faith, and the report was later determined to be a false alarm, the company should not be subject to a lawsuit for false reporting.  A law that would allow that seems fair and reasonable.  It would help protect all users of the internet and help to catch the "bad guys."

The concept of the bill sounds good, but like a Trojan Horse, it may have an enemy hiding inside it -- a serious attack on privacy.  According to recent articles about the CISA) (See this one in The Guardian by Sam Thielman), the big database companies Government law enforcement agencies, and credit reporting businesses have piled onto this bill with heavy lobbying and big campaign donations in order to expand the bill to increase surveillance over all Americans with no recourse or liability to them. See this on TechCrunch.  They will be able to buy, sell and exchange information about what sites we visit, what we buy, our banking etc.  We will not be able to know when the exchanges occur, or to whom they were given.  Information about us could be available to all Government agencies, and since most corporations are international businesses now, the same information could be made available to Governments of other countries.

I believe the CISA bill should be stripped of those provisions before it is passed.  However I have my doubts it will happen.  We have a "perfect storm" in congress now.  Republicans have always voted to increase Government law enforcement, and have consistently been against any attempt for individual freedoms.  Democrats who typically stand up for individual freedoms, appear now to think of themselves as trying to appear to be tough on terrorism, may vote to approve the bill as written.  Pretty scary!

We had a similar situation in 1998 when the terrible Digital Millennium Copyright Act (DMCA) was passed.  The concept that as publishing moved to the digital world, laws needed to change to reflect the new world of the internet.  That was the "horse" -- but the Trojans inside were much more evil, and, of course, lucrative, for the industry.  We had a Republican majority in congress, and Bill Clinton as Democratic President.  The President wanted to support the movie industry and the Republicans were getting tremendous pressure (and huge political donations) from Disney, and the publishing industry.  The Disney and the publishers wanted to be able to merge and expand their monopolies across print, radio and TV, and didn't seem to care about individual rights.  Disney also wanted to prevent their very old "Mickey Mouse" copyrights from expiring and being transferred to the public domain.  The law passed easily and the large corporations reaped windfall profits of hundreds of billions of dollars over the past 17 years. 

Chase Bank: "No Cash in your Safe Deposit Box" -- Really?

I just received a letter from Chase Bank about my annual renewal for safe deposit box rent.  I scanned through the letter, and it looked like sort of the standard stuff that we get every year from banks.  It had a cover letter and 5 pages of typical "boilerplate."  Then I spotted something that said "Contents of the Box:  You agree not to store any cash or coins other than those found to have a collectible value"  -- That seemed like something new!  I didn't remember that!
I always thought that the reason people had safe deposit boxes was to keep extra cash, so that if the banking system collapsed they'd have cash to use to survive.  I figured that most of the boxes probably had bundles of $100 bills.  However, I don't think we have ever kept money in a safe deposit box.  It always seemed dumb to not be able to get some sort of interest on the money -- particularly if it was losing value each year due to inflation.  So if I left $100 in the box for a year, I would then only be able to buy $97 worth of stuff if we had 3% inflation.  But if I could get 6% interest on the money, I could buy $103 worth of stuff.  But, during the past few years, we've had almost zero (officially) inflation, and the interest I'm getting on a $6000 bank balance is less than 10 cents/month, so maybe people would be tempted to keep money in their bank box!
After I read this letter, I looked on the internet.  Apparently Chase's change in policy did hit the news in April.  See this link.  Some people and organizations are concerned about this change.  I found this web page: http://www.infowars.com/report-jpmorganchase-bans-storage-of-cash-in-its-safety-deposit-boxes/
Paul Joseph Watson wrote an article for Alex Jones "infowars" website that the "war on cash" continues, and attributes it to the banking industry trying to get away from handling cash.  It doesn't seem like anyone else is concerned.  Apparently there is an obscure law that prohibits taking cash out of "circulation" --which is interpreted as putting cash into a safe deposit box.  I suppose the Feds could prosecute someone for putting currency in a safe deposit box.  But according to this Marketplace Report, 80% of US Currency is in $100 bills, at least 30% of that is outside the country, and the US ships overseas pallets of $100 bills, each worth $64 million--sounds like moving a lot of cash outside of US circulation, doesn't it?  .
I'm very suspicious that this change in policy may be coming from our Government's war on individual privacy.  Could this change have been part of the Government's settlement with Chase for their part in the mortgage industry meltdown?  I'll bet we will see other banks do the same thing -- probably due to Government pressure.  Government would like to be able to see every financial transaction we make at any time they want.  It makes it easier to catch bad guys, drug dealers, blackmailers, etc.  We saw in the recent Dennis Hastert case that the Government is charging him with money transfer crimes and lying about it.  Not any concern about child molestation, of course.  Government was concerned when he withdrew amounts less than the $10,000 limit for being reported.  By forcing everyone away from cash, the Government will now be able to track us much closer.  Yes, they may be able to catch criminals -- but they will also be able to know more about who we donate to for political campaigns too!  Of course the multi-millionaires like Koch Brothers will still be able to keep their donations anonymous -- but not the rest of us!

FBI Behind Mysterious Surveillance Aircraft over US Cities

This article By JACK GILLUM, EILEEN SULLIVAN and ERIC TUCKER Associated Press was in the San Diego Union Tribune reveals the huge flight of aircraft used by many of our Federal law enforcement agencies.  Apparently they use lots of "tricked out" Cessnas  and fake companies to "protect the pilots & crew."  

FBI behind mysterious surveillance aircraft over US cities | UTSanDiego.com

The fact of the planes being used doesn't surprise me!  I can picture myself in a leadership position with one of these agencies trying to do my job in "fighting crime"  I would try to use every tool possible to do the job, and would attempt to balance the cost/benefit of each technique.  I'm sure that there are a lot of crime-fighting situations where use of small aircraft with photo and electronic eavesdropping equipment would be much more effective than using agents on the ground.   The article quotes the FBI as saying that the planes weren't a "secret" -- but it is clear that the FBI wasn't telling everyone about it either!  

One reason that the FBI is flying planes rather than using drones is that their policy currently allows "piloted planes" to do the spying, while it forbids drones from doing it.  Was this a "loophole" in the rules?  Or is it intentional?  I find it difficult to understand the differences between a drone carrying cameras and listening devices relaying information back to an agency and a plane piloted by a human doing exactly the same thing. 

The flying of planes is very expensive!  Pilots are relatively expensive too!  Think of the costs involved to the taxpayer for just this FBI effort.  Now imagine these costs for border patrol, DEA, as well as State and Local police forces -- it will really add up!  The employment of so many pilots doing this may be part of the reason for the current dire shortage of pilots that is causing many of the small regional airlines and airports to have to shut down.  I'm sure pilots would much rather fly these cesna-based FBI missions than passenger flights!  I'd bet that the FBI can also offer much higher pay than the small regional airlines.  

However, drones are now starting to be used!  Drones will be much cheaper to operate, won't require licensed pilots, and will have fewer constraints.  Because they will be cheaper, I would imagine that the cessna planes and pilots will be reduced and replaced with drones.  Because drones will be less expensive, I would think that the agencies will use them even more than they do today!  What effect will that have on our privacy?  

My other concern is that I believe that most of the efforts of our FBI, DEA, U.S. Marshalls, Border Patrol, and State & Local Police involves fighting the "drug war"  -The agencies like to tout how much the "street value" is of the drugs that they confiscate -- but we NEVER hear about the total cost to the various Government agencies in order to make that arrest. 

USA Freedom Act - Extension of Patriot Act -- both misnomers!

I just signed an online petition against mass surveillance -- will you?

I also wrote my congressman asking him to oppose the USA FREEDOM Act, which would reauthorize the PATRIOT Act. What do you think? Would you also write Congress? Sign a petition? See this link:http://act.credoaction.com/sign/usa_freedom_2015_2/…

I understand we need to use every tool possible to stop terrorism, and using modern eavesdropping & communication tools have got to be a part of our defense. My objection to the law is that there is not adequate oversight of the whole process. The oversight needs to have an open process, not "secret court and judges." If any Government agency wants to obtain metadata or communications related to an American Citizen, it should be approved by a legitimate, accountable judge, or panel of judges. The decision needs to be documented. The judges need to be rotated with a reasonable rotation rate (3 year appointment) and should be required to have served a minimum of 3 years as a Federal Judge. Yes the identity of those judges could be secret while they are empaneled, but their names should be released within a year after their term expires, so the public knows who they are. All decisions made by this "secret court" should be made public after 7 years. It seems to me that all US Citizens who have been targets of such surveillance should be informed either when the data is made public, or some time after. Exceptions could be made on a case-by-case standpoint, but only if approved by another court-approved Federal Judge.   There probably also needs to be some "teeth" such as penalties, fines, or jail time for anyone who misuses these capabilities.  It is probably just a matter of time until some politician uses collected metadata or communications from a political opposition group as a tool to either embarrass or blackmail for political gain.
These many metadata databases (including those created by local police using "stingray" listening devices) should also be available for use by defendants. For example, if the Government says that their data shows you were located at the scene of a terrorist act based upon their data, you should be permitted to query that same database to prove you weren't there. Right now, it is all "secret." and you have no rights to review their data. 

I understand that the agencies would like to work quickly and quietly without supervision.  Nobody likes to be held up on their job, and nobody really wants supervision.  I believe adequate supervision could be provided with totally online connections.  Judges could review cases online and render opinions.  All could be done using very secure, dedicated, encrypted communication systems.
I also object to the names given to either of the acts: The act has nothing to do with patriotism or freedom. More correctly, it refers to the exact opposite: despotism and loss of rights.

N.S.A.: “Not (So) Secret Anymore” : Joel Brenner

I saw an article by Ken Dilanian, Associated Press, that said that Joel Brenner, a former NSA Inspector General from 2002-2008 also thought that that NSA's telephone records grab was a big mistake.  I found he has a very detailed and descriptive blog that does present some interesting opinions about the collection of data.

N.S.A.: “Not (So) Secret Anymore” : Joel Brenner

I agree with a lot of his thoughts and recommendations.  I believe we have the exact same problem with the Stingray and other listening and tracking systems that are currently being used by the FBI, Border Patrol, Police Departments and DEA.  Who "Polices the Police" in using these modern listening & tracking systems?  If the NSA Inspector General was unable to "police" the NSA when that agency was doing illegal listening and tracking, how can anyone monitor and discipline use of the thousands of other tracking systems deployed around the country.

Pay To Play - Volunteer Police -Footsoldiers for Big Brother?

I've had friends who worked as police volunteers, and have seen police cars around Oceanside with "volunteer" printed on the side of the cars.  I've also seen older folks in police uniforms sauntering up and down the strand sidewalk and the beach on busy days. Sometimes, I've seen them cruising the beach in City of Oceanside "dune buggies" which sort of looked like fun.   I imagined they could work to enforce the rules about no smoking, drinking or dogs on the beach, if nothing else. It seemed like a very selfless volunteer public service job! I really admire people willing to put in so much volunteer time and effort -- particularly in retirement.
After reading about the accidental Tulsa shooting by Bates, a volunteer, I researched information about the City of Oceanside's "Senior Volunteer" program:  --Pretty impressive! 100 volunteers over the age of 50! It does say that volunteers are not put in "confrontational situations" --apparently not like Tulsa's program.    I also discovered the "Volunteers In Police Service" or VIPS program sponsored by the US Department of Justice actually promotes the concept of putting volunteers in local police forces.  On the surface, this sounds like a great idea!  Expanded police force with little cost to Government.  Brilliant!

I've often thought it was probably useful to have additional, visible, police presence around the community to help citizens, and provide "eyes and ears" for the professional police whom the volunteers could call if needed.  I wondered a little about the cost to the City for maintaining the volunteer forces.  After all, they would need uniforms, radios, and vehicles, but volunteers probably would only be working a few days per week. A good staff of well-trained volunteers could supplement the force, and also serve as a "reserve surge" if and when a crisis occurred.  During fires, earthquakes, or floods, we need all of the trained help we can get!  I wondered if the volunteers were compensated at all.  This article amazed me!

150 cops, population 300: pay-to-play policing, from Tulsa to Kid Rock's town | US news | The Guardian

Who knew that citizens would actually pay money (or bribes to campaign funds) in order to be a member of the "volunteer" police force?  Is it really that much fun that people would pay money to be able to walk around in uniform and annoy their neighbors?  Is it really possible that Oakley Michigan,  a town of 300 could have 150 cops (albeit part-time, and many are non-resident)?  Is it hard to imagine an America where half of the population are "volunteer police officers?" -- What about an America where half of the population "pays to play?" -- If half of our citizens had to contribute "donations" to politicians campaigns in order to be appointed as a volunteer police officer, what would those volunteers expect to receive in return?  Would they be allowed to shake down their enemies or assist their friends?  It really sounds crazy when taken to extreme! If they are carrying cameras and license plate readers, they would be able to collect even more real time "street view" data. There are other concerns as well.  TPM News article points out that the volunteers may be doing it so they can do open carry of firearms.  This Business Insider article points out that police forces like to use the volunteers as undercover cops, because they might not be as easily recognized.  That seems even more frightening!  Gun-carrying, undercover, volunteer police paying (with donations) to be able to do so, being assigned to spy on their neighbors in plain clothes!

There have been many science-fiction books written that have focused upon the notion of a surveillance society with everyone spying on their neighbors.  Some books have added the concept of electronic tracking and video surveillance with chips inserted into citizen's bodies and pervasive video camera tracking systems. The book 1984 by George Orwell is one of the most notable.  Quite a few of those books were made into movies.   Those stories seemed hard to believe!  First of all, the electronics seemed far to0 difficult and expensive for a society to install.  The data collected would be much too much for anyone to ever be able to track a single individual, and where would a community every get a force of volunteers to spy on their neighbors?  Wow!  It came true!  We now have pervasive electronic systems that can track our every move continuously, as well as almost everything we do.  Our cellphones are tracked, our license plates are read and tracked, our debit and credit cards track what we buy, and internet tracks products we buy, facts we research, movies we watch, music we listen to, and friends we connect with using email or text.  Big Data analysis software can now sort through that massive amount of information and produce maps of where we've been, what we've done,  and generate large charts showing all connections to our friends and relatives. That analysis is getting cheaper and cheaper as computers and software get better.  Now, to top off all of that, the Federal Government is building a huge network of volunteers in all levels of police forces to serve as additional eyes and ears "on the ground" to track individuals.  I believe President Bush implemented this system as a response to the 9/11 attacks.  With the excuses of a "war on drugs" and a "war on terrorism" our nation has given up most of what we stood for to the "right wingers"... So we have lost our war for freedom.

I would like to know how much of our Federal, State, and local police efforts and expenditures are in support of the "war on drugs."  We know that most of our Homeland Security efforts (including Coast Guard, FBI, CIA, NSA, Border Patrol, Customs and Coast Guard are involved in drug interdiction.  However, even at the local level, our volunteers are apparently involved in DUI checkpoints, sniffing out marijuana smokers, and ticketing people drinking beer or smoking on the beach -- all aspects of the "war on drugs."

My bottom line:  It appears that the use of volunteers is worthwhile in many situations.  However there needs to be VERY strict controls on what kind of training they need and what they are permitted to do.  Pay to play should not be permitted, and maybe should be considered a criminal act.

The Government will continue to hide its surveillance programs, by Trevor Timm in The Guardian

Trevor Timm of the Guardian had a column today that describes the lengths that our Government agencies are going to hide the existence of their surveillance systems.

The government will hide its surveillance programs. But they won't eliminate them | Trevor Timm | Comment is free | The Guardian

It is clear that many of our Government agencies "bent the law" in establishing and using their surveillance systems.  There are so many overlapping systems collecting data and using information for "crime fighting" that I doubt the public will ever learn about all of them.  They have gone to great lengths to hide the existence of the collection systems and have flaunted the law.

I think a lot of the databases are very useful for not just fighting crime, but also for forensic defense.  If the Government can use evidence obtained by these systems to prosecute criminals, shouldn't citizens also be permitted to use evidence obtained by these systems to defend themselves?  I think Prosecutors wouldn't want that to happen!

Again, it seems to me that the first task is to catalog all of the surveillance databases, and license them in some way.  In addition to this sort of phone collection database, we should also include all of the roadside cameras, automated tolling systems, license plate readers on highways and parking lots, immigration & customs databases from entry & exits of the country or airport security checkpoints, utility consumption, search engine history, etc.  For each database, the government needs to know who the owner is, what is collected, how long it will be kept, and how citizens or Government agencies can access the data.

U.S. secretly tracked billions of calls for decades

I always wondered about the DEA and what they were doing for surveillance.  It always appeared to me that DEA considered themselves "above the law" in that they seemed to think it was OK to search people's phones and computers without a warrant, and generally searched people and cars without probable cause.  This article in USA Today  by Brad Heath confirms my suspicions
U.S. secretly tracked billions of calls for decades  I think it is an excellent piece of investigative journalism.

One very obvious situation is the confusing mess of cross-jurisdiction and overlapping collections of databases and software--all with what appears to be random forms of oversight.  Why wouldn't it all be in one database?  Why wouldn't all agencies share in the databases and share software  applications?  What a true waste of taxpayer dollars!!  I would prefer that all data be collected and maintained by ONLY one agency which could be used by CIA, FBI, DEA, DIA, State police forces, as well as prosecutors and defense councils -- all if requested through proper judicial channels, of course.

What worries me is the way the DEA browbeat the telephone carriers to do their bidding and provide them information without any legal grounds.  Even though what they were doing was illegal, and the DEA authorities knew it, probably nobody be sanctioned or arrested for doing it.

I can sympathize with the DEA "soldiers" who believe they are serving their country.  They are to be congratulated for making the best with the resources and information they are able to obtain to do the job that they are assigned.  The problem is that they are soldiers in an un-winnable war -- The "Drug War" --that is being fought only because our right wingers--push the Government to continue the war.  The "Drug War" brings in tremendous revenue to many businesses who are directly involved in selling equipment and services to fight the drug war.  The right wing also likes the idea of taking away rights and privileges of "common citizens" to help them build power.  They like the idea of being able to monitor everyone's finances, travels, and communications, and feel they can justify it as part of the "war on terror" or "drug war."   It still amazes me that right-wingers and Republicans think it must be a crime for an adult to smoke a joint in their own house, but it is totally OK for people to own dozens of guns, including automatic assault rifles and thousands of rounds of armor-piercing ammunition.

NSA's Mike Rodgers in A tough spot

I can sympathize with NSA in its current situation.  I also admire Mike Rodgers for being willing to speak publicly to a group of cryptographers.  Tough job! Very tough audience!

NSA director defends plan to maintain 'backdoors' into technology companies http://gu.com/p/463px

The problem of allowing NSA, CIA, & FBI have a backdoor to ba able to listen to all our phone calls, emails & texts isn't just Mike Rodger's problem.  It is an international issue, and it requires a leadership role from our government, including congress.
I see the main issues as:
If we know our communications are monitored why would we buy eqipment or service from a US company who provides that "backdoor?"
If the US government is given a back door, should all other governments in the world also be given the back door?
If there is a back door, how do we make sure it won't get hacked by "bad guys?"

I think a big part of the problem that the government agencies have promoted the idea that they can keep citizens safe by discovering plots (such as 9/11) prior to them being carried out and stop them from happening and catch the bad guys.  Because they have said they can do such a thing, they are on the hook to try to do it! --even if it compromises our basic freedoms. 

Intelligence goldmine

Phil Zimmerman, founder of PGP, points out that the international intelligence agencies are complaining about encrypted losing access to encrypted communication while they are wallowing in more information about citizens than they have ever had before.  
PGP creator Phil Zimmermann: 'Intelligence agencies have never had it so good' http://gu.com/p/45dcn

Do they really need to listen to the contents of all of our phone calls and emails when they now have so much other information?

CIA Creating a Digital Spy Division

This was news in LA Times today.

CIA to create a digital spy division http://lat.ms/1EUmyr5

Not sure why it is news, except for the step up in the CIA hierarchy.  Also not clear how this fits with NSA or USAF
Cyber Command.  Clearly what is needed is a Government agency to protect US citizens & businesses from internet spying and crime-'whether from within the US or from orher countries.  It appears this organization's goal is to be on "offense" against the rest of the world.  Who is on defense?

Police camera databases

TED had a talk about license plate readers and databases. http://www.ted.com/talks/catherine_crump_the_small_and_surprisingly_dangerous_detail_the_police_track_about_you

Government spy agencies will stop at nothing!

This article in The Guardian shows a vast violatiion of our privacy.  What worries me is that we may be seeing only the tip of the iceberg of what they are actually collecting,  saving, and mining with little or no oversight. 
Sim card database hack gave US and UK spies access to billions of cellphones. http://gu.com/p/46xeq
International row likely after revelations of breach that could have given NSA and GCHQ the power to monitor a large portion of world’s cellular communications
Follow contributor  Dominic Rushe in New York
Published: 06:28 GMT+07:00 Fri 20 February 2015
147
Sim card
Gemalto, the company targeted by the spy agencies, produces 2bn sim cards per year for clients including AT&T, Sprint, T-Mobile and Verizon. Photograph: Kimmo Mntyl /Rex Features

DEA cameras tracking hundreds of millions of car journeys across the US | ITworld

My son sent me this link to an IT World web site that reveals that DEA cameras are tracking hundreds of millions of car journeys across the US:

DEA cameras tracking hundreds of millions of car journeys across the US | ITworld

I'm not surprised.  I figured that all of the cameras we see along the highway are doing it now.  If it isn't DEA, it is FBI, Border Patrol, State Highway Patrol, or County or City government.  Supposedly the DEA databases are only kept for "6 months" and then deleted.  Really?  Or are they archived?  Who supervises or inspects that they are, in fact, deleted? What about all of the other data bases?  All of the Toll roads not only collect the electronic "fast trak" or "sun pass" information, but they also capture license plates and have a database.  Undoubtedly, the Government agencies have access to that also.

According to the article, the DEA justifies the camera system by saying that they were able to capture some Marijuana, Cocaine and cash.   One more example of how the Government's unnecessary and unconstitutional war on drugs has trampled some of our freedoms.

Snowden doesn't use iPhone for security reasons | Security Affairs

On the website Securityaffairs.co, Pierluigi Paganini announced that Snowden said he doesn't use iphones because of spyware that can listen in to his conversations and track him.   It is presented as "news." 

Snowden doesn't use iPhone for security reasons | Security Affairs

I'm not sure this is real news.  When the iphone first came out AT&T established a corporate policy that no business was to be done on an iphone because of security leaks.  I believe the security flaws have been known for many years.

We really do need a trusted entity that we can turn to to make sure our devices are safe from malware.  It would be nice if we could trust a Government agency to tell us if our devices have spyware, however, now we know that many of the spyware systems are actual creations of the Government.  Those spyware systems are "released into the wild" in order to hope that suspects might get them installed on their device and allow government or police to listen in or track the owner of the device.  Can we trust Apple, Yahoo, Microsoft or Google?  Those companies say they are trying to patch "zero day" vulnerabilities as soon as they are recognized.  However it is clear that those businesses can be bullied by Government agencies.  In addition, those businesses want to keep our information unencrypted and on their servers so they can search through our collections of mail, music, video, and geographic locations in order to better target their advertising.  That is clearly a conflict of interest!  Could we trust a Consumer's Union type of company?  An anti-virus company such as Symantec or Kaspersky?

Device manufacturers could provide positive, physical disconnect capability for gps, cameras and microphones, but they are trying to keep the cost and complexity of their device down, and possibly receive pressure from governments to not make it easy to disable those features on the devices they sell.