US Gov't To Scan More Civilian Infrastructure Traffic

helix2301 writes with this snippet from NBC News: "The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure. As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks." Further on, the story notes that "By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency's eavesdropping."

yeah, makes perfect sense

[new+death+barbie]

'cause everybody trusts the DHS.

Re:yeah, makes perfect sense

'cause everybody trusts the DHS.

While it would be nice to believe that this is sarcasm, and while most slashdotters don't trust the DHS, most nongeeks do trust the DHS. And there's whole, "If you don't have anything to hide then who cares..." that most people believe in.

Re:yeah, makes perfect sense

"more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks"

I don't follow the logic of this. Scanning our people's stuff is going to protect us from outside attacks, or attacks by outside agencies done by their people here? How so?

"The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cyber security providers that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program."

So we, that is, our own government agencies, don't have the manpower, equipment, or expertise, or some combination, so the secret info from the various intel folks will be used to determine the scans mentioned in first quote, then the scans' results will pass to a private group that's going to offer to do - what, exactly? - for those who might be affected, if, that is, they join up somehow, somewhere?

All I can make of it is a foot in the door kind of thing, scan hell out of biz/personal e-stuff, pass it through a clearinghouse of interested parties, and use it for something something. Oh, yeah, to protect us from some cyber. This whole thing seems inside-out and backwards. Then it's "you're with us or against us (nice cyber you got there, hate to see some cyber done to it)" all done by selling one thing, calling it another, and actually doing a third thing. I think.

Can someone clarify this shit?

Re:yeah, makes perfect sense

Can someone clarify this shit?

The cyberwar boogie man is prompting Very Serious People to act. They need to do be seen doing something and they stick to what used to work in the 70's: more surveillance, more spying of your own people for their own benefit. Never mind that wont make any difference whatsoever and certainly leads to a full blown surveillance state. They only have the surveillance hammer and are looking around for nails.

Some alternate suggestions that would make indeed a difference:
1. Make credit card companies liable for fraud, instead of passing the loss to businesses as chargebacks; this will motivate them to secure their infrastructure and cut a major source of funding for the criminal underworld, thus lowering demand on black market vulnerabilities.
2. Make companies liable for the data they leak as a result of failing to properly secure their infrastructure
3. Decriminalize unauthorized penetration testing, as long as no data is stolen and the whole reported to the affected company or the authorities. Imagine that: you are not only liable for any data breach, but there are thousands of skidies all trying to get it for fun and fame. It's like antibodies fighting disease.
3. Hold public vulnerability finding contests in popular software and reward exploit writers. The best and brightest will work for us instead of against us.
4. Demand a high level of security in government acquired software and financially penalize vendor for holes. 'No warranty, no liability' my ass.

Encrypt everything

If you aren't browsing over a VPN with HTTPS / SSL and transmitting all your data encrypted by this point you ought to be.

Re:Encrypt everything

[c0lo]

If you aren't browsing over a VPN with HTTPS / SSL and transmitting all your data encrypted by this point you ought to be.

Why? After all, if you have nothing to hide and you set your evil bit to zero, the DHS won't intercept your traffic.

I mean: nobody is so crazy to waste citizens' money on intercepting and storing everyone's communication, the investment and maintenance cost will be everly increasing.
And for what? After all it is only the traffic caused by hackers that would be interesting, not honest citizens' traffic. And the institutions/companies have already organized their own defense, as any good citizen does (e.g. installing locks and buying riffles); this along with paying their taxes (for supporting the infrastructure development and research and whatnot), behaving responsibly (e.g. avoiding the externalization of their cost of environment protection or defending their infrastructure), etc.

(grin)

Re:Encrypt everything

[TheSeatOfMyPants]

Just using a VPN isn't enough -- most of them hand over user data to the US government without question when asked, regardless of whether the VPN account was free or paid and even if the VPN company and all of its servers are located in other parts of the world. (Yes, the article was focused on the use of VPNs for file-sharing, but the lesson remains the same: don't trust them to protect your personal data from your government.)

Re:Encrypt everything

[Seumas]

Agreed. The government is all about fiscal accountability and doesn't waste money or spend money it doesn't have.

Americans paying for big biz cheapness

So, big business implements half ass computer security for its infrastructure, at a lower cost. This could have been the logical business decision, especially with constantly changing computer technology. However, China, and increasingly other nations, are now going after security holes, and changes in computer technology have slowed down.

However, for the American People to pay for the incompetance of half ass measures of big business is something else. Just, like the bank bailouts of 2008. This country has been going downhill since Bush jr. got elected.

Re:Americans paying for big biz cheapness

[Opportunist]

The run for the bottom started way earlier, you can't blame the chimp for everything. Looking at the US for the past decades, I dare say the whole mess started with Reagan or no later than Bush Sr.

What this country, or any country, could well need is the kind of politicians we had after WW2. Say what you want, I still think Eisenhower was the best since 45.

I can see positives, but

[ALeader71]

I still don't trust the government. If this was to track malware, botnets, or attempts to attack vital parts of our infrastructure, I'd be all for it. However I also know this will be used to clandestinely monitor everyone's communication. While I fall into the "nothing to hide" category, the definition of "nothing to hide" is flexible and ever changing. The truth is, in a way, I do hide. A lot. I don't mouth off on social media sites. I don't put my political opinions into forums. I limit confrontation to in-person or via telephone communication. We already live in an age of online surveillance. This new level of government surveillance is just the next step.

I look forward to the rise of the DarkNets!

Re:I can see positives, but

[Opportunist]

They're already here. They are just not globally announced and touted as the next best thing because "people who know" got wary after what happened to "their" Internet. Once the unwashed masses got in, things went downhill. For reference, see file sharing. You know, in the good ol' days, nobody gave a damn. Sure, the RIAA wasn't too excited about it, but the damage was low, so why bother? More and more people came and once it became trivially easy, the lobbying started and we have the mess we have today.

Can you imagine what an issue blueboxing would have been if it wasn't limited to a handful of phreaking enthusiasts? AT&T would have wanted their heads. And we're certainly not talking about the probation sentence Draper got, this would have reached insane heights akin to what we see today with punishments for copyright infringement. So, it was ... well, basically just a little nuisance.

Can you imagine what happens if Darknets go the way of torrents? Everyone using them, essentially rendering the whole shiny surveillance technology a matter for the recycle bin? If you think then we'd win, think again and ponder who your "enemy" is in this game. Hint: He makes the rules.

Employers

[the+eric+conspiracy]

Employers already have the right to scan everything coming in and leaving, and AFAIK defense contractors count as employers.

I don't particularly see this as a loss of Internet privacy since I don't expect any at a place of employment.

How naive do you have to be?

[russotto]

After the AT&T revelation, why would you believe they aren't ALREADY scanning pretty much everything they can?

Does not make it any better

Dear Mr.Obama,

Just because you move the shady / possibly-abuse-filled surveillance project to another department does not make us "like" the program anymore.

Also if you think the whole issue was the department handling the program, you have no clue why people are upset and outraged. That or you are intenionally ignoring the real reason.

Please take the critical systems off the public internet if you are that worried about a "cyber" attack against public infastructure.

Signed,
- The People of the USA

Cyber attack against utilities?

[PPH]

My power company won't even trim the stinkin' trees. When the lights go out, how will we differentiate between an attack and normal operations?

Don't you feel safer?

[HangingChad]

Finally something progressives and conservatives can team up to fight.

The last briefing I heard there were something like 200 Chinese front companies operating in the U.S. gathering data on Americans, particularly those with security clearances.

Maybe we stop the obvious stuff and the cloud databases being stored all over the world before we go all 1984 on our own citizens.

In the same briefing I found out the French are also spying on our defense related industries. And the Israelis. Some allies we have. The ones not spying on us think we're idiots.

Re:Don't you feel safer?

[TheSeatOfMyPants]

Finally something progressives and conservatives can team up to fight.

I wish... Based on recent years, the political reaction will be more like:
-- Most of the party that's clearly not in charge will condemn the latest overreach, declare that this sort of thing wouldn't happen on their watch, and that if given power again they'll be certain to reverse it.
-- Most of the party in power will either remain silent or make vague supportive comments about doing what we must for security. The rare over-enthusiastic sort will say it's a great step forward blah blah blah.
-- A few from both sides will "reluctantly" support it, saying that they're outnumbered by the majority but that if enough people like *them* are given power, things will change.
-- Once an election takes place, some or most of the individuals involved will swap places.

Translation...

[Macdude]

"By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency's eavesdropping."

Translation: People don't fear the DHS as much as they fear the NSA, this should fix that.

entropy

[wbr1]

Erode away rights, waste away privacy. You will succumb to the second law of thermodynamics like everything else.

Re:You know what?

What the fuck did you just fucking say about me, you little bitch? I'll have you know I graduated top of my class in the Navy Seals, and I've been involved in numerous secret raids on Al-Quaeda, and I have over 300 confirmed kills. I am trained in gorilla warfare and I'm the top sniper in the entire US armed forces. You are nothing to me but just another target. I will wipe you the fuck out with precision the likes of which has never been seen before on this Earth, mark my fucking words. You think you can get away with saying that shit to me over the Internet? Think again, fucker. As we speak I am contacting my secret network of spies across the USA and your IP is being traced right now so you better prepare for the storm, maggot. The storm that wipes out the pathetic little thing you call your life. You're fucking dead, kid. I can be anywhere, anytime, and I can kill you in over seven hundred ways, and that's just with my bare hands. Not only am I extensively trained in unarmed combat, but I have access to the entire arsenal of the United States Marine Corps and I will use it to its full extent to wipe your miserable ass off the face of the continent, you little shit. If only you could have known what unholy retribution your little "clever" comment was about to bring down upon you, maybe you would have held your fucking tongue. But you couldn't, you didn't, and now you're paying the price, you goddamn idiot. I will shit fury all over you and you will drown in it. You're fucking dead, kiddo.

clarifying that shit

The idea is really not to prevent law breaking but instead provide justification after the fact.

Say or do something that offends officialdom? Now your past actions can be used against you.

If you were watching TV and some plot point about exposives happen and you decide to go search on that plot point - now officialdom can claim you are a wannabe terrorist and place you under lock and key and THEN state how wonderful the new system is, because it prevented you from getting the explosives you expressed an interest in.

Officialdom is scared and is adding to the framework to attempt to control challengers to their authority. You may not due the time but you'll ride the ride is the buzzphrase of the day.

(note how Aaron didn't do the time and in the end wanted off the ride the DOJ put him on)

And the reason why?

[XB-70]

The DHS deserves to ... because they've done such a fine job scanning us at airports.