Hey Everyone, CISPA Is Back… Because Of The Sony Hack, Which It Wouldn't Have Prevented
from the because-bad-ideas-never-die dept
This isn’t a huge surprise, but Rep. Dutch Ruppersberger, the NSA’s personal Rep in Congress (NSA HQ is in his district), has announced that he’s bringing back CISPA, the cybersecurity bill designed to make it easier for the NSA to access data from tech companies (that’s not how the bill’s supporters frame it, but that’s the core issue in the bill). In the past, Ruppersberger had a teammate in this effort, Rep. Mike Rogers, but Rogers has moved onto his new career as a radio and TV pundit (CNN just proudly announced hiring him), so Ruppersberger is going it alone this time around.
Not surprisingly, he’s using the Sony Hack as a reason for why this bill is needed:
?The reason I?m putting bill in now is I want to keep the momentum going on what?s happening out there in the world,? Rep. Dutch Ruppersberger… told The Hill in an interview, referring to the recent Sony hack, which the FBI blamed on North Korea.
Fair enough, then perhaps Ruppersberger could explain how CISPA would have prevented the Sony Hack? Of course, he can’t, because it wouldn’t have helped. CISPA is focused on getting companies to share more information with the government (including the NSA and DHS), but there’s no indication that Sony would have actually opened up its network for the NSA to snoop through and find these hackers (wherever they might have come from). Even if Sony had opened up its system to the government, it seems unlikely that the NSA would have magically spotted this hack and done anything about it.
Instead, using the Sony Hack as a hook is a cynical political ploy for a losing idea that is designed to harm the public and take away their privacy.
Filed Under: cispa, cybersecurity, dutch ruppersberger, sony hack
Comments on “Hey Everyone, CISPA Is Back… Because Of The Sony Hack, Which It Wouldn't Have Prevented”
Well, the ‘physical’ terror front is saturated with money sucking parasites so we need to open a new venue, no?
It would have helped.
Perhaps not the public part of the law, but the secret part, that which the public can’t read, would. I promise.
“Any excuse will serve a tyrant.”
– Aesop
We Need It ALL
you need to understand – if we have EVERY bit of data on EVERYONE and EVERYTHING then whenever anything happens, we can prove that we knew it would. See how wonderful we are?
/s/ the 3-letter agencies
/sarc
Re: We Need It ALL
This level of surveillance has been tested before.
From The Risks:
We in the U.S. have just completed one of the largest case studies of what happens when every individual in an industry has all of its e-mail and financial records available to regulators. The Securities and Exchange Commission (SEC) already requires every person in the financial industry to make every e-mail, cellphone text and financial record available to the SEC in order to enforce insider trading and other financial rules.
The result: NADA! NOTHING! With thousands of bankers involved in fraud on the U.S. taxpayer running into the trillions of dollars, not one has been prosecuted; not one has gone to jail. If this level of surveillance of the financial community has produced zero convictions in the largest ripoff of tax dollars in history, there is no reason to expect that any increased level of surveillance of non-financial citizens will produce any better results.
Re: Re: We Need It ALL
Important difference: No one in the government, and certainly no one involved in investigating and punishing those guilty of crimes, has any interest whatsoever in punishing or even seriously investigating large companies and/or banks, so of course such massive surveillance hasn’t resulted in a single prosecution or trial.
However, as the massively overflowing jails can attest to, they are very interested in prosecuting and jailing normal citizens, so mass surveillance would most certainly result in a whole lot of trials and jail sentences in that case.
Re: Re: Re: We Need It ALL
You’ve got to admire the prescience of the people who managed to get The Drug War up and running. Just look at how effective that’s been, and for so long now. From the start back in the 19th century, through to now, it’s had such an effective run ballooning spending, incarceration, regulatory capture, and military spin-offs, just to mention a few. Truly right up there with The Inquisition and Nazi Germany.
This’s a great read: ‘https://en.wikipedia.org/wiki/War_on_Drugs’
Re: We Need It ALL
Then I guess they should have no problem taking all of the liability if something happens and they didn’t do anything to stop it – after all, with “EVERYTHING” they will have a hard time claiming they “didn’t know” what was going on.
/as if total power has ever worked like that… bleh
Dutch Ruppersberger is a shill, but he’s not the only one.
The White House has been pushing for it:
http://www.zdnet.com/article/white-house-wants-congress-to-revisit-controversial-cispa-style-cybersecurity-laws-after-sony-attack/
They all seem to be playing “Don’t let a good crisis go to waste” rather than focusing on the absolutely shitty security Sony used.
Re: Re:
Their security was not ‘absolutely shitty’. It was the level of security that MOST companies use, which is part of the issue.
These companies forget that they have some very sensitive information such as CC numbers and SS numbers (whatever the latter are called overseas) and therefore they need very restrictive security for some things.
Re: Re: Re:
Granted, most organizations have pretty poor data security practices. In Sony’s case, “the norm” is completely irrelevant.
Most people don’t expect to get punched in the face by a random stranger when walking down the street. However, if that has happened to my family multiple times, caused severe injury at least a couple of times, and I haven’t made radical changes to protect my family, I have sh**ty security practices, full stop.
Notice it isn’t the top executives getting punched in this scenario. They’ll take the corporate jet to DC, stay at a swank hotel, maybe take in a couple of private spas, do damage control “testimony” while spending more time “encouraging” key representatives and lobbying organizations from the “family” savings account. Absolute worst case, they’ll bail with an enormous golden parachute while their “family” is out on the streets.
Re: Re: Re:
Their security was not ‘absolutely shitty’. It was the level of security that MOST companies use, which is part of the issue.
Even if true, that doesn’t make it not shitty.
Re: Re:
This is The Hollywoodification of Network Security, after all. Most regular users haven’t a clue what really happened at SPE or what actually happened in the hack. They’re fed salacious email gossip and nationalistic sabre rattling instead.
The wrong time
No serious, long-lasting decisions should be made during the aftermath of a crisis. Ever.
(I don’t think the Sony attack is anything remotely like a crisis except perhaps for Sony, but the government insists on pretending that it is, so I feel OK with invoking this rule.)
Re: The wrong time
Well, unfortunately, that is the only time that you get a bunch of the conservative lizard-brains (no, that is not a knock against them, that is being honest about their mental faculties) to do anything on a subject.
“Even if Sony had opened up its system to the government, it seems unlikely that the NSA would have magically spotted this hack and done anything about it. “
Apparently Sony did open up itself so DHS and NSA could get in there, sadly someone else got the key too…maybe they need to change the password from 12345 to 54321….
Re: Re:
Login: GUEST
Oh, wait, ISIS would be able to figure that one out.
Re: Re:
Which is exactly why backdoors are a bad idea. There’s no magical property you can give it to ensure that only people you like can get in there. A vulnerability is a vulnerability, end of story.
DARTIUSC
A better name than CISPA is: The Destroy Any Remaining Trust in US Companies act. Not that there is that much left to destroy.
The stated goal of CISPA is ludicrous. Companies can share anything they like with government agencies right now without additional legislation. What CISPA would do is grant companies a shield from being sued by irate customers for doing so (and, perhaps, compel companies to share even when they don’t want to).
The existence of CISPA would mean that it’s even more dangerous to share your data with companies than it already is — and it already is plenty dangerous.
In terms of actually enhancing security, CISPA is worthless. In terms of further eroding trust in both companies and the government, CISPA is a superstar.
Assuming the latest Sony hack used actual software flaws, not just social engineering and poor network configuration, I wonder if any of the exploits made use of flaws that haven’t been fixed because the NSA purchased the knowledge of those flaws with the intent of exploiting them.
Until someone steps forward and proves otherwise, history will record the hack as being from North Korea. Thus, the government will use it to get whatever they want when it comes to cybersecurity.
Re: Re:
Kinda hard when the FBI refuses to release the information other than “Oh The IP’s were from North Korea” ….because you can’t spoof those
You never want a serious crisis to go to waste
Typical politician
https://www.youtube.com/watch?v=1yeA_kHHLow
First it is the law.
Then it gets bent a little.
Then it gets bent a lot
Then it breaks but there is still a little bit attached.
Then the little bit severs bus still is in proximity.
Then it was attached, traditionally.
Now it is enough to get mentioned in the same sentence.
(It looks like the default state of `modern’ politics is mission creep.)
it is just adding more tentacles for the national surveillance agency (NSA)
“It means we end up living in an America where we no longer have a National Security Agency. We have a national surveillance agency.”
http://www.pbs.org/wgbh/nova/next/military/snowden-transcript/
this whole episode has been rigged, i wouldn’t mind betting! and as for N.Korea actually committing the Sony hack rather than just being blamed for it, has been a ploy to get more and more data collecting which needs new bills introduced or old ones reenabled.
we are fast heading for a serious global issue where there is no privacy and no freedom because those that say we need to be protected from losing our privacy and freedom, by terrorist attacks etc, are doing those things instead, removing the need for any terrorist or other organisation to do anything! how can anyone, even for a second, think that having a government or government security forces remove your privacy and freedom is any different from having the same things removed by someone purported to be anti-government?? the result is exactly the same! we have no privacy and no freedom. the government has no respect and no trust. off we go into yet another world war, this time however with the capabilities to destroy everyone and everything!! no going back then! no saying ‘i’m sorry’! no saying ‘i didn’t mean for things to go this far’!! this situation gives no alternatives and no second chances!!
I remember these same people shilling CISPA are the ones warning me not to use Chinese tech out of spying fears.
…I guess I’ll take my chances with the Chinese then.
Re: Re:
If you are American and active in US politics,, the Chinese are not likely to be very interested, while the NSA may be very interested; especially if it involves demonstrations etc.
The sneaky Dutch oven tactic release CISPA undercover.
The Chinese proverb “Three men make a tiger.” comes to mind…also the curse “May you live in interesting times.“
While were talking about CISPA, how about help wikileaks expose the trade deal by donation http://org.salsalabs.com/o/1439/content_item/freetpp
While were talking about CISPA, how about help wikileaks expose the trade deal the TPP by donation http://org.salsalabs.com/o/1439/content_item/freetpp
The reason I’m putting bill in now is I want to keep the momentum going on what’s happening out there in the world,”
Im actually fckin gob smacked that he actually admitted that
So this is a guy that thinks its ok to pass laws during times where the media has mustered up a frenzy in the public, coincedently? Who the fuck knows………and the when the frenzy subsides and emotions normalize people start wondering, mmmm was that really a good idea
Let me ask, in a hypothetical world, should all “terrorist” drop dead tomorow, will our governments stop, give up and revert back to the means that takes our rights back into account……WILL THEY FUCK……their not gonna give up the things they worked so hard to get, the real reason why they “care”……care about the ability to control oposition absolutely, and i think the internet is the biggest reason their doing it, for the, i dont know, maybe the first time in our history has give the public previously un-accesible information they previous had no access to, a medium they cant easilly control unlike the camera…….people are starting to realise their governments are alot worse or not exactly as good as they previously thought……..their scared that their nature will show
There is no such thing as a terrorist, they are, if anything, criminals, irregardless of what a two man “army” says……
Quite frankly, im getting sick and tired of being this angry, ontop of my anger, its infuriating knowing that however much we peacably try to stop this train, its gonna run over us anyway……….governments create terrorists……they also create revolutions, if they go full out tyranical, i pray for that generation
Anyone, anywhere, could suddenly decide to drop everything, pick up that fork knife and take someones life while yelling something deemed “terrorist”
How do you stop that, how invasive would you have to get, to stop THAT
Where are the restrictions to go with these “laws”, where is the accountability, WHERE IS THE DISCUSSION on the bill brought up today passed tomorow, or when no ones looking, or nobodies read but still blindly votes for because leadership says so, or a beneficial promiss is made by said leadership
The whole system is fucked……..how can we do good if ours are so corrupt, how can someone say, yeah i agree, politicians just seem to lie all the time in one breath, and then listen and agree with them in another breath………..this is all so infuriating
in all that has happened, i still fail to see what crime the nsa commited,……..sorry, i mean, hackers commited……..no wait, …hmm, was i right the first time?……no, …mm yeah…..uhhh no….uhhm yeah……fuck, i cant tell the difference
Not to mention..
Not to mention the fact that any opening up of data pipes by a company would result in creating another door for hackers to get in. How exactly is creating an outpouring of information from Sony likely to make it harder for them to get hacked?
Re: Not to mention..
Well you see if the system/networks is already compromised by the NSA, then any potential hackers will just go elsewhere, as it’s rude to mess with someone else’s target, and hackers may be many things, but they’re certainly not rude.
I think these hacks did the people a service
What? I should care a about a multi million corporation being hacked, while not caring about ME being hacked, by those now selectively and hypocritically choosing THIS to “fast track”
Moral of the story
Money = rights
“CISPA is focused on getting companies to share more information with the government (including the NSA and DHS), but there’s no indication that Sony would have actually opened up its network for the NSA to snoop through and find these hackers (wherever they might have come from).”
Why not? Sony certainly opened up its network enough for the hackers to snoop through! /s
Joey Tribiani
Corporate hacking……baaaaaad
People hacking ……….gooooood
Does anyone really believe the NSA and FBI has the resources to defend every single corporate network in the United States? Is the FBI fronting the bill for IT staff wages and intrusion detection systems for all these companies? If not, then what kind of defensive protections are they actually offering?
As Mike said in another post, companies can already share information with the FBI without CISPA. In fact, Sony brought in the FBI in to help analyze their security breach. All with CISPA.
CISPA is another pretext for the Mass Surveillance State, just like Section 215. Another attempt to legalize their unconstitutional warrentless search and seizure programs. It serves no other effective purpose. It’s only effective at mass spying.
In the end, CISPA will end up making us all less safe and secure. By creating more soft spots in corporate systems for hackers to exploit and exfiltrate people’s personal data.
Still,
You gotta love this guy’s name.. I mean, “Dutch Ruppersberger” I love that name!
Re: Still,
Isn’t that a name of a DC Comic character? Sounds like the head of some newspaper in Gothem City! The woman he takes out to lunch must cringe, “Where are we going? Dutch?” Just kidding, Dutch!
Fool me once, and you can fool me forever...
Well now we know why the Feds went to NK and why the phony hack on Sony took place, and why all the hype on TV about Cyber Terrorist Hackers from NK, bombing all your theaters into thermite-laden 9/11 dust…. it was a another False Flag Bogey-Man Story, designed by the US tri-letter agencies, to get the now permanently cowardly US public cringing under their beds once again and demanding the Feds do “something” about the terrifying Hackers From North Korea.
That “something” is of course CISPA.
A legal stunt that will do absolutely nothing to help in the phony fight against terrorism, but will aid and abet the criminals in the Whore House tremendously.
And once again, it all worked perfectly.
What a gullible bunch of pathetic humans. I’m beginning to believe you really do get the government you deserve.
—
Re: Fool me once, and you can fool me forever...
What makes you a hero?
Re: Re: Fool me once, and you can fool me forever...
It should be every law abiding citizen’s duty to legally obtain a concealed carry permit and use it to carry a lawful weapon to stop crime in its track. I feel the sense of urgency.
Re: Re: Re: Fool me once, and you can fool me forever...
I might agree with that scenario if it was also every citizen’s duty to undertake a five year fire arms course, starting at age 13, similar in most ways to that which every soldier goes through, and then take a refresher course and undergo a psychological evaluation every ten years thereafter. A carry permit would then be awarded at the end of the course, at age 18, to every citizen who did not “conscientiously object” to such training.
When the only weapons held by citizens are in the hands of criminals, then democracy really is two wolves and a sheep deciding what’s for dinner.
That is the current situation in the USA today.
On the other hand, when the citizenry of a nation is armed and dangerous and well trained in the use and control of fire arms, then the wolves are kept in check by their own cowardice, and everyone thinks twice about causing anyone else grief.
That is the way the founding fathers planned things to be.
—
Re: Re: Fool me once, and you can fool me forever...
“What makes you a hero?”
Well I suppose its the shiny plastic-coated blue cotton tights, long-sleeve skin-tight red, white and blue kevlar shirt, the velcroed red cape and plastic ski-mask style face covering. Although in truth, my trademark 1957 jet-black T-bird with rocket boosters and rear stabilizing wings might be more readily associated by the public as an avatar itself.
What makes you ask stupid questions?
—
Re: Fool me once, and you can fool me forever...
it was a another False Flag Bogey-Man Story
It seems more likely they took advantage of an opportunity. If this were cooked up from the start, surely they could have come up with something more scary than a movie studio getting hacked. I mean who cares, really? The citizenry is not frightened or motivated by something like that. Plus the feds LOVE Hollywood, and Sony has been quite embarrassed by the whole thing.
Re: Re: Fool me once, and you can fool me forever...
You’re probably right about the hack itself. Although the timing of all the friendly back and forth visits between the USA and NK is suspicious, I don’t think the US or Korea had anything to do with the actual hack.
I think blaming it on NK was purely because the USG believes Americans generally think NK is a nation of assholes, led by assholes, who are perfectly suited to pulling off such a stunt.
There is also the very real possibility that, aware of the plot against Sony by Sony’s ex-employees, the USG has actually asked the leaders of NK if they would be willing to be seen publicly as the powerful and technologically savvy nation who hacked Sony in return for some future under-the-table arms deals or technology transfers from the USG.
The bombing threat itself was, I’m certain, devised as damage control by the USG and Sony as a way to detour public attention away from the emails and their contents and onto “The Scary Terrorist Hackers from NK” scenario, which is the only aspect of the hack I’ve seen on TV news to date. TV has made not a single mention of the emails so far.
The hack was, in my opinion, revenge by ex-employees and while I think that the NSA was probably somewhat aware of the plot through its global surveillance, I’m also pretty sure that the theft of all those emails was something they did not foresee.
That can be blamed on Sony’s continued incompetence in its own data security.
I suspect that some of that communication cache could implicate the USG in some of Sony’s shenanigans eventually – thus the instant assistance of the USG in destroying sites (and yes I think it was the NSA that DOSed those sites), that disclose the info and in flooding the news with the Terrorist Hacker From NK Story.
The USG assistance in covering up Sony’s criminal activity will also put Sony in a position of debt to the USG, and the whole scenario was perfect for the Cyber Security FUD to come.
However, I think the people behind CISPA were informed of the plot to hack Sony right at the start because its exactly what they’ve been trying to set up themselves – a “terrorist hacker gang threatens the west” scenario, upon which they could re-launch their pet legislation with public acceptance.
What I do not believe is that NK hackers did Sony, or that NK hackers threatened US theaters, or that the USG believes any of that.
I think the USG simply twisted all the facts into their newest “False Flag Bogey-Man Story”, because it was exactly made to order for their intended purposes re CISPA and Cyber Security and puts the books on the credit side of Sony’s future favors to the USG.
—