Slashdot Mirror
US Gov't To Scan More Civilian Infrastructure Traffic
helix2301 writes with this snippet from NBC News: "The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure. As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks."
Further on, the story notes that "By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency's eavesdropping."
'cause everybody trusts the DHS.
It's supposed to be completely automatic, but actually you have to press this button.
If you aren't browsing over a VPN with HTTPS / SSL and transmitting all your data encrypted by this point you ought to be.
So, big business implements half ass computer security for its infrastructure, at a lower cost. This could have been the logical business decision, especially with constantly changing computer technology. However, China, and increasingly other nations, are now going after security holes, and changes in computer technology have slowed down.
However, for the American People to pay for the incompetance of half ass measures of big business is something else. Just, like the bank bailouts of 2008. This country has been going downhill since Bush jr. got elected.
The NSA has taps on the fiber backbones already - the telcos have legal immunity and so are letting them mirror all traffic going through the major peering points. I don't see how a minor adjustment in the location of said tapping changes things. All traffic is already monitored, and relationship graphs are already generated for most US residents.
I still don't trust the government. If this was to track malware, botnets, or attempts to attack vital parts of our infrastructure, I'd be all for it. However I also know this will be used to clandestinely monitor everyone's communication. While I fall into the "nothing to hide" category, the definition of "nothing to hide" is flexible and ever changing. The truth is, in a way, I do hide. A lot. I don't mouth off on social media sites. I don't put my political opinions into forums. I limit confrontation to in-person or via telephone communication. We already live in an age of online surveillance. This new level of government surveillance is just the next step.
I look forward to the rise of the DarkNets!
Only the dead have seen the end of War. - Plato
Employers already have the right to scan everything coming in and leaving, and AFAIK defense contractors count as employers.
I don't particularly see this as a loss of Internet privacy since I don't expect any at a place of employment.
After the AT&T revelation, why would you believe they aren't ALREADY scanning pretty much everything they can?
Dear Mr.Obama,
Just because you move the shady / possibly-abuse-filled surveillance project to another department does not make us "like" the program anymore.
Also if you think the whole issue was the department handling the program, you have no clue why people are upset and outraged. That or you are intenionally ignoring the real reason.
Please take the critical systems off the public internet if you are that worried about a "cyber" attack against public infastructure.
Signed,
- The People of the USA
This is not their job, please get busy and get a balanced budget out! Then maybe think about things you shouldn't be doing.
Not only do we need to encrypt everything going over the network we need to develop systems which defeat infererence of useful envelope information by adding noise in space and time and via the use of indirect reflections.
Aggregation of power into the hands of the government regardless of the justification will only incite internal corruption and bring out the same human failings that lead to oppression. Technology will corrupt our society if we don't take steps to prevent it.
My power company won't even trim the stinkin' trees. When the lights go out, how will we differentiate between an attack and normal operations?
Have gnu, will travel.
Finally something progressives and conservatives can team up to fight.
The last briefing I heard there were something like 200 Chinese front companies operating in the U.S. gathering data on Americans, particularly those with security clearances.
Maybe we stop the obvious stuff and the cloud databases being stored all over the world before we go all 1984 on our own citizens.
In the same briefing I found out the French are also spying on our defense related industries. And the Israelis. Some allies we have. The ones not spying on us think we're idiots.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Hello, Actually, it's one of the few technologies which was adapted and worked quite well over the past couple of decades. Regards, Aryeh Goretsky
Dexter is a good dog.
"By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency's eavesdropping."
Translation: People don't fear the DHS as much as they fear the NSA, this should fix that.
"Grab them by the pussy" -- President of the United States of America
Erode away rights, waste away privacy. You will succumb to the second law of thermodynamics like everything else.
Silence is a state of mime.
You know it occurs to me...
All the major telecommunications carriers are defense contractors, as are the people running MAE East and MAE West.
So what exactly isn't going to be scanned under this proposal?
What the fuck did you just fucking say about me, you little bitch? I'll have you know I graduated top of my class in the Navy Seals, and I've been involved in numerous secret raids on Al-Quaeda, and I have over 300 confirmed kills. I am trained in gorilla warfare and I'm the top sniper in the entire US armed forces. You are nothing to me but just another target. I will wipe you the fuck out with precision the likes of which has never been seen before on this Earth, mark my fucking words. You think you can get away with saying that shit to me over the Internet? Think again, fucker. As we speak I am contacting my secret network of spies across the USA and your IP is being traced right now so you better prepare for the storm, maggot. The storm that wipes out the pathetic little thing you call your life. You're fucking dead, kid. I can be anywhere, anytime, and I can kill you in over seven hundred ways, and that's just with my bare hands. Not only am I extensively trained in unarmed combat, but I have access to the entire arsenal of the United States Marine Corps and I will use it to its full extent to wipe your miserable ass off the face of the continent, you little shit. If only you could have known what unholy retribution your little "clever" comment was about to bring down upon you, maybe you would have held your fucking tongue. But you couldn't, you didn't, and now you're paying the price, you goddamn idiot. I will shit fury all over you and you will drown in it. You're fucking dead, kiddo.
Seek. Professional. Help.
Only against the very best, the APT-class attackers, who have the skill and the time to write and test their own tools. Against your common script kiddie or for-profit botnet operator, it'll still work fine.
This is Slashdot. We're a bunch of nerds. So let us do what it is that nerds do: Find a technological solution. Let us get every website using HTTPS, every email and IM conversation encrypted. It doesn't have to be perfectly secure against an attacker who can plant their own certificates on client devices, it just has to make interception difficult enough to prevent governmental fishing expeditions.
The idea is really not to prevent law breaking but instead provide justification after the fact.
Say or do something that offends officialdom? Now your past actions can be used against you.
If you were watching TV and some plot point about exposives happen and you decide to go search on that plot point - now officialdom can claim you are a wannabe terrorist and place you under lock and key and THEN state how wonderful the new system is, because it prevented you from getting the explosives you expressed an interest in.
Officialdom is scared and is adding to the framework to attempt to control challengers to their authority. You may not due the time but you'll ride the ride is the buzzphrase of the day.
(note how Aaron didn't do the time and in the end wanted off the ride the DOJ put him on)
The DHS deserves to ... because they've done such a fine job scanning us at airports.
*** Don't be dull.***
.
We do do that, don't we?
*** Don't be dull.***
NSA doesn't have any cops.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
If the banks request it, good.
If they don't, bad. As in Hitler bad.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
2. To protect national cybersecurity concerns, the government thinks that it has to protect critical infrastructure.
3. Most owners and operators of entities that would be considered critical infrastructure as per the above are in the private sector.
4. Under 47 USC 606(d), the President has the authority to take over communications infrastructure when there is a state of war or a threat of war. They're not claiming that's the case right now.
QED, the government wants to protect critical infrastructure, but it can't just send the military in to private companies to make sure protections are implemented (unless things get worse and we get into something that the President declares to be a "state of war" or "threat of war"), so it's doing some application of existing legal precedent to the current issue and figuring out how some level of government intervention in the interest of national security could be justified. Currently, from my understanding of the recent executive order (which we won't see anything real from until at least October when the first draft of the Cybersecurity Framework must be published), the government will be relying on a voluntary compliance program. That is the type of thing that's authorized by the Homeland Security Act of 2002, and any mandatory compliance program would require congressional action. But congress has been retreating from any kind of mandatory program. CISPA, for example, would create a voluntary information sharing program, and has nothing to do with requiring specific protections, but it's probably going to be dead in the water this congressional term as well.
The emphasis on critical infrastructure needs to be understood here. This is not the government spying on everyone at work, only people working at critical infrastructure providers, many of whom are arguably in a position where malicious software compromising THEIR work computers could then get passed along through a very sensitive network. The important thing is figuring out how to keep malicious code that originates from outside the network from entering these sensitive networks. This is the reasoning being applied by the lawyers and government officials who are focusing on this issue.