Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Budget Bill Passes With CISA Surveillance Intact (npr.org)

Posted by Soulskill on from the raise-your-hand-if-you're-surprised dept.

An anonymous reader writes: Early on Friday, the U.S. Senate approved the 2,000 page 'omnibus' budget bill that allocated $1.15 trillion in government funding. Later in the day, President Obama signed it into law. Because the budget bill was so important, many other pieces of unrelated legislation were tacked onto it, including the Cybersecurity Information Sharing Act, a bill notable for giving the government increased internet surveillance powers. Civil rights activists and tech experts largely consider it a "privacy disaster," and several lawmakers voted against the budget bill solely for CISA's inclusion. Senator Ron Wyden (D-OR) said, "Unfortunately, this misguided cyber legislation does little to protect Americans' security, and a great deal more to threaten our privacy than the flawed Senate version. Americans demand real solutions that will protect them from foreign hackers, not knee-jerk responses that allow companies to fork over huge amounts of their customers' private data with only cursory review." Corporations in the U.S. will now have "legal immunity when sharing consumers' private data about hacks and digital breaches." The full omnibus is available online (PDF). The CISA provisions start on page 1,728.

5 of 153 comments (clear)

  1. Re:VPN by KGIII · · Score: 4, Informative

    I contacted them in the past. They log.

    --
    "So long and thanks for all the fish."
  2. Read Uk Spooks admissions by Anonymous Coward · · Score: 2, Informative

    That's like the 'meta data is anonymous' claim, its false. There is no way to strip user info from that data, as AOL found when they released their user searches. But in this case its simply cover. Each record is individual and has an id in it to make it a trivial cross join to pull up the details.

    Read the admission from the UK spooks, on their bulk anonymous surveillance, this is much closer to the truth of the situation:

    http://www.theregister.co.uk/2015/12/16/big_brother_born_ntac_gchq_mi5_mass_surveillance_data_slurpingIntelligence agency staff have stated:

    "These datasets vary in size from hundreds to millions of records. Where possible, Bulk Personal Datasets may be linked together so that analysts can quickly find all the information linked to a selector", such as a telephone number or search query. The information retrieved "may include, but is not limited to, personal information such as an individualâ(TM)s religion, racial or ethnic origin, political views, ... medical condition, sexual orientation, or any legally privileged, journalistic or otherwise confidential information."

  3. Re: War on Privacy by Anonymous Coward · · Score: 4, Informative

    The bill offers immunity to PRISM partners and telcos/ISPs who collaborate with the government to spy on US citizens. Snowden's leaks raised the possibility that citizens would sue the private collaborators for betraying private data to the government without judicial oversight. Now, that can't happen, because in the middle of a 2,000 page amendment to a budget bill the government has promised immunity to those who help the government spy on its citizens without a warrant.

  4. Re:War on Privacy by ClickOnThis · · Score: 4, Informative

    Who (from which party) inserted CISA into the budget bill?

    Apparently, it was House speaker Paul Ryan (R).

    --
    If it weren't for deadlines, nothing would be late.
  5. Re:VPN by Burz · · Score: 3, Informative

    PIA doesn't log IIRC, and they have good deals.

    Here is an email guide to start with (there are no ideally private email providers, but many are better than gmail). Riseup and ProtonMail look interesting.

    A note about using PGP email: This still leaves a trail that is rich in metadata (the who/when/where parts of the messages). Only the what is concealed, leaving much to be desired.

    More interesting are new messaging apps which the EFF has rated. I think Signal, Ostel+Jitsi and RetroShare look the most promising. Ring is a newcomer that uses OpenDHT and promises to be what Skype might have been.

    For just increasing privacy a couple notches while browsing, add the following extensions (Firefox): Privacy Badger, HTTPS Everywhere, Adblock Edge (not sure if AE is really needed with PB). Using a Firefox derivative like IceWeasel or PaleMoon won't likely include ad-based features that might compromise privacy (though Mozilla is said to have removed ads anyway).

    As for browsing with Tor, you cannot beat Qubes OS with the Whonix package. This will help you blend in more and prevent exploits over Tor from accessing any personal data. A system with IOMMU hardware and BIOS is recommended.

    After all these years, I2P is still progressing and growing. It marries technologies like onion routing and DHT and its 'I2P Bote' messenger may be the best in class, IMO. Of course, I2P is meant to route all kinds of traffic and even has bittorrent built-in. I'd also recommend running I2P in a Qubes domain, although it comes with TAILS if you're more comfortable booting with that.