Congress Decides To Ignore Privacy Concerns, Refuses To Even Consider Key CISPA Amendments

Senate Defeats Dangerously Vague Cybersecurity Act — Again | Electronic Frontier Foundation

By Mark M. Jaycox and Rainey Reitman

With your help last summer we helped defeat Senator Lieberman's Cybersecurity Act. But for some reason, Senate Majority Leader Reid decided to call for another vote on the bill in the lame duck session today. After an hour's debate, the full Senate voted 51 to 47 against cloture for the Cybersecurity Act, meaning it can't move forward for a vote.

We've spent months going over the various faults in the bill — and ofthe faults in the other proposed Cybersecurity bills. We were particularly concerned because the Cybersecurity Act included overly vague definitions for key terms like "cybersecurity threat," "cybersecurity threat indicator," and even "countermeasures."

Electronic Frontier Foundation believes in strong privacy and security for networked devices — that's why we champion technologies like Tor and HTTPS Everywhere. But we believe that legislation in the arena of cybersecurity should not provide broad, vague powers that allow companies to skirt existing privacy law.

"We're looking forward to having a more informed debate about cybersecurity next session, and hope Congress will bear in mind the serious privacy interests of individual Internet users. We don't need to water down existing privacy law to address the challenges of cybersecurity," said Senior Staff Attorney Lee Tien.

Today, the Senate voted correctly by not proceeding on the Cybersecurity Act. After pushing the same bill on two different occasions, Senator Reid finally declared: "All cybersecurity bills dead for this Congress." That's in large part thanks to the outcry of EFF supporters who spoke out against the bill. Thank you for your support.

From www.eff.org/deeplinks/2012/11/senate-defeats-dangerously-vague-cybersecurity-act-again

Obama cybersecurity order welcomed as step forward by internet activists

Plans outlined in president's state of the union, while broad, are hailed by activists as being 'about best we could hope for'

By Amanda Holpuch

Wednesday 13 February 2013

President Barack Obama introduced a cybersecurity executive order in his state of the union address that offered a broad outline of how the government plans to deal with cyber threats.

The eight-page document outlines a process that allows government agencies to work with private industry to combat cyber threats, while seemingly addressing concerns of citizen privacy. Past legislative attempts at cybersecurity have been criticized by groups who believe bills like Cispa violate privacy by allowing information-sharing between private industry and the government.

Gregg Housh, an internet activist associated with the hacking collective Anonymous, told the Guardian that while the executive order is broad, "of everything we've seen so far, this is about the best we could hope for".

In the next four months, the attorney general, the secretary of homeland security and the director of national intelligence will start looking at specific ways to improve cybersecurity. The government is due to produce a preliminary cybersecurity framework draft later this year and have a final version ready a year from 12 February.

"The biggest and most important thing to me right now is that while we have a basic framework here, and some of it is surprisingly positive looking, we don't know exactly what this is going to end up being," Housh said.

One thing Housh is concerned about is the way the government aims to protect citizen privacy and civil liberties. The order says the Department of Homeland Security is set to provide recommendations for how to minimize and mitigate privacy and civil liberties risks in a public report to be released February of next year.

"The very idea that the DHS will be policing itself is the thing that frightens me the most," Housh said. "The people who were tasked with actually protecting the privacy and civil liberties are the people who work for the DHS. It seems counter-intuitive to me that they are allowed to police themselves."

Housh has been following Anonymous since 2006, and was involved in their campaign against Scientology, though he says he has never taken part in any of their illegal acts. He called the government's tactics for dealing with the hacking collective and other other online hacktivists as "old-school".

"It seems no matter how many people they put behind bars, no matter how many people they arrest and ban from computers, somehow, government websites, the Fed and everything else are perfectly free game for people like Anonymous," Housh said. "So the very idea that you can take down a few people, scare everyone away, and that you've got the only really talented people is ludicrous. It's proven to be ludicrous."

He said that form of dealing with hacking "is only pissing off more people and making more people want to join up".

Housh does think the executive order is an improvement on previous cybersecurity legislation, though.

"Unlike Cispa, this is going to not give these people immunity for sharing tons and tons of information with the government, and I think that is one key difference," Housh said.

His statement echoes those of other open-internet advocates, including the ACLU and Electronic Frontier Foundation, who are happy with the broad order because of how it addresses civilian privacy.

Continued with open comments at
www.guardian.co.uk/technology/2013/feb/13/obama-cybersecurity-executive-order

Our elected officials do their job instead of letting corporations castrate the internet?

para q sepan q no se juega con la libre exprecion
to know q q not play with the free exprecion

Lawmakers Cite Boston Bombing, WikiLeaks "Hacking" as Reasons to Pass CISPA

By Ryan Gallagher

North Korean hackers and the Boston bombings might not appear to have much in common. But not according to some American lawmakers, who are using both to justify passing a controversial cybersecurity bill that civil liberties advocates claim “undermines the privacy of millions of Internet users.”

Yesterday, the Cyber Intelligence Sharing and Protection Act, or CISPA, was approved by the House of Representatives by a vote of 288 to 127. The law was first introduced in 2011 and approved last year by the House, though it died in the Senate after an outpouring of opposition from privacy and civil liberties groups. But it has been resurrected and is heading to the Senate for the second time. Predictably, the storm of criticism has also reappeared. Rights groups have consistently raised concerns over how CISPA would allow corporations to pass unanonymized user data to federal government agencies for vaguely defined “cybersecurity” purposes—and be covered by full legal indemnity when doing so.

Continued at
www.slate.com/blogs/future_tense/2013/04/19/mike_mccaul_cites_boston_bombing_as_a_reason_why_cispa_should_be_passed.html

CISPA Anyone? Exposing Pirates at The U.S. Government | TorrentFreak

Last week the privacy invasive CISPA bill passed the U.S. House of Representatives, taking it one step closer to becoming law. The proposed bill allows warrant-less spying by Internet companies on behalf of Government agencies. Turning the tables, TorrentFreak decided to “spy” on download and browsing habits at the House and other prominent Government institutions, using publicly available data.

Since the SOPA and PIPA uproar last year the Internet has become increasingly aware of the U.S. Government’s attempts at meddling with the web.

One of the bills currently meeting resistance, after it failed to pass last year, is the Cyber Intelligence Sharing and Protection Act (CISPA). Despite public protests the bill passed the House last week, and it’s now on its way to a Senate vote.

As the title suggests the main goal of the bill is to deal with “cybersecurity,” but with a lack of definition as to what that actually entails, this term is also one of its major weaknesses.

In short, CISPA would allow companies to spy on Internet users and collect and share this data with third-party companies or Government agencies. As long as the company states that these privacy violations are needed to protect against “cybersecurity” threats, they are immune from civil and criminal liabilities.

Critics of the bill point out that it would allow companies to spy on Internet users, and with flexible definitions of cybersecurity it could potentially be used to monitor the download habits of Internet subscribers.

A wide variety of citizen rights groups are continuing with anti-CISPA actions to prevent the bill from becoming law. Starting off today, Anonymous is holding a CISPA blackout with a few hundred websites participating. Undoubtedly other protests will make headlines in the weeks to come.

In light of the above, we thought that it would be interesting to turn the tables on some of the pro-CISPA forces. How would they like it if their download habits ended up exposed? And what if everyone could see their Google searches or the websites they visit?

As it turns out, no CISPA is needed to do the above. With help from BitTorrent monitoring company Scaneye and the privacy invasive ExtremeTracking service we found plenty of information to expose.

Continued at
http://torrentfreak.com/cispa-anyone-exposing-pirates-a-the-u-s-government-130422/

ACLU: CISPA Is Dead (For Now) - US News and World Report

The Senate will not take up the controversial cybersecurity bill, is drafting separate legislation

By Jason Koebler

The controversial cybersecurity bill known as the Cyber Information Sharing and Protection Act, which passed the House of Representatives last week, will almost certainly be shelved by the Senate, according to a representative of the U.S. Senate Committee on Commerce, Science and Transportation.

"We're not taking [CISPA] up," the committee representative says. "Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we're going to strengthen cybersecurity. They'll be drafting separate bills."

Sen. Jay Rockefeller, D-W.V., chairman of the committee, said the passage of CISPA was "important," but said the bill's "privacy protections are insufficient."

That, coupled with the fact that President Barack Obama has threatened to veto the bill, has even CISPA's staunchest opponents, such as the American Civil Liberties Union, ready to bury CISPA and focus on future legislation.

"I think it's dead for now," says Michelle Richardson, legislative council with the ACLU. "CISPA is too controversial, it's too expansive, it's just not the same sort of program contemplated by the Senate last year. We're pleased to hear the Senate will probably pick up where it left off last year."

More at www.usnews.com/news/articles/2013/04/25/aclu-cispa-is-dead-for-now

Coming back again even worse in a few months then.

CISPA Goes Down in the Senate



Published by TheYoungTurks on April 26, 2013

Cybersecurity and online privacy are two critical interests that seem destined never to get along. Sure, you want malicious hackers, spammers, and other Internet lowlifes brought to justice—but you also want to protect your online data.

A big part of cybercrime-fighting, however, demands gathering a haystack's worth of aggregated online data and scanning it for an elusive needle of suspicious activity. Your online data could be swept into one of these piles and scanned. What happens to it along the way is anyone's guess.

Concerns for privacy rights hit an all-time high after CISPA passed in Congress, but now it seems to be dead on the Senate floor. Is this a victory for privacy advocates and the internet at large? Hell yes. But is the battle over? Cenk Uygur, Jimmy Dore, and John Iadarola break it down.

Electronic Frontier Foundation to Present Oral Argument in Copyright 'Troll' Case

The Electronic Frontier Foundation (EFF) will ask a federal appeals court at a hearing on Monday, April 14, to prevent a notorious copyright troll from obtaining the identities of more than 1,000 Internet users.

Speaking on behalf of EFF, the American Civil Liberties Union, the ACLU of the Nation's Capital, Public Citizen and Public Knowledge, EFF Intellectual Property Director Corynne McSherry will urge the Court of Appeals for the District of Columbia to reverse a district court decision that allowed the plaintiff to seek identifying information for thousands of "John Does" without complying with basic procedural rules.

The coalition of public interest groups filed an amicus brief in May 2013 in support of several Internet service providers that are resisting subpoenas for user records. Representatives for those providers will offer the principal argument. However, the court took the unusual step of allowing amici to appear and argue as well.

AF Holdings, the plaintiff in the case, is seeking the identities of individuals that it claims may have illegally downloaded a copyrighted adult film. The case is one of hundreds being pursued around the country that follow the same pattern, which judges have described as "essentially an extortion scheme." A copyright troll looks for IP addresses that may have been used to download films (usually adult films) via BitTorrent, files a single lawsuit against thousands of "John Doe" defendants based on those IP addresses, then seeks to subpoena the ISPs for the contact information of the account holders associated with those IP addresses. The troll then uses that information to contact the account holders and threatens expensive litigation if they do not settle promptly. Faced with the prospect of hiring an attorney and litigating the issue, often in a distant court, most subscribers — including those who may have done nothing wrong — will choose to settle rather than fight.

Continued at https://www.eff.org/press/releases/eff-present-oral-argument-copyright-troll-case

Prenda On Appeal: Copyright Troll Tactics Challenged in DC Circuit | Electronic Frontier Foundation

The DC Circuit Court of Appeals heard argument today in AF Holdings v. Does 1-1058, one of the few mass copyright cases to reach an appellate court, and the first to specifically raise the fundamental procedural problems that tilt the playing field firmly against the Doe Defendants. The appeal was brought by several internet service providers (Verizon, Comcast, AT&T and affiliates), with amicus support from EFF, the ACLU, the ACLU of the Nation's Capitol, Public Citizen, and Public Knowledge. On the other side: notorious copyright troll Prenda Law.

Copyright trolls like Prenda want to be able to sue thousands of people at once in the same court – even if those defendants have no connection to the venue or each other. The troll asks the court to let it quickly collect hundreds of customer names from ISPs. It then shakes those people down for settlements. These Doe defendants have a strong incentive to pay nuisance settlements rather than travel to a distant forum to defend themselves. The copyright troll business model relies on this unbalanced playing field.

In this case, Prenda sued 1058 Does (anonymous defendants identified only by an IP address) in federal district court in the District of Columbia. It then issued subpoenas demanding that ISPs identify the names of these customers. The ISPs objected to this request arguing that most of the IP addresses were associated with computers located outside of the court's jurisdiction. The ISPs and EFF also showed that Prenda could have used simple geolocation tools to determine the same thing. And we explained that joining together 1000+ subscribers in one lawsuit was fundamentally unfair and improper under the rules governing when defendants can be sued together (known as ‘joinder’).

Unfortunately, the district court did not agree, holding that any consideration of joinder and jurisdiction was "premature." In other words, the court can't consider whether the process is unfair unless and until a Doe comes to the court to raise the issue. By then, of course, it is too late; the subscribers will have already received threatening letters and, in many cases, be reluctant to take on the burden of defending themselves in a far away location.

We believe this ruling was fundamentally wrong. As we've said many times, plaintiffs have every right to go to court to enforce their rights. But they must play by the same litigation rules that everyone else has to follow. To get early discovery, plaintiffs must have a good-faith belief that jurisdiction and joinder are proper. Given the evidence presented to the district court, there is no way Prenda could have formed this good faith belief. So its demand for customer information should have been denied.

The ISPs appealed the district court’s troubling ruling. At the hearing today, the appellate court was particularly interested in the issue of joinder. The court seemed immediately skeptical of the notion of suing 1000 people at once, but wondered if it might be acceptable join together 20 Bittorrent users who had joined the same swarm to acquire the same work. The ISPs and amici said generally no, because the plaintiff can't know whether a given Doe 1 acquired anything from a given Doe 2 – in other words, they aren't necessarily part of the same "transaction or occurrence." We analogized a bittorrent swarm to a casino poker table: over the course of a weekend, a week, or a month, players may come and go, adding and subtracting from the pot, but the players on day one are unlikely to be related to the players on day 4, or day 30.

The ISPs and amici also stressed the issue of burden. While the ISPs were focused on the burden they faced in responding to the subpoenas, EFF directed the court's attention to the fundamental burden on the IP subscribers, noting that the subscribers identified as a result of a subpoena aren't necessarily going to be responsible for any unauthorized activity. An IP address, we explained, only tells you the name on the bill, not who is using the account. In this context, it is crucial that courts attend to the burden on the Does, as well as the ISPs.

Continued at https://www.eff.org/deeplinks/2014/04/prenda-appeal-copyright-troll-tactics-challenged-dc-circuit

Proposed Privacy Law Would Allow Companies to Disclose User Information in Secret

A proposed law, currently making its way though the Senate, could strip Canadians of many online privacy protections, experts say, opening the door to so-called “copyright trolls.”

While the the Digital Privacy Act, also known as Bill S-4, would strengthen some elements of online privacy protection, requiring companies to tell customers and government privacy commissioners after a data breach where user information may have been stolen, other elements of the proposed law aren’t sitting well with privacy advocates.

The bill would allow companies to disclose user information to other companies and organizations without a court order or even having to tell users that their information has been shared as long as that information is “reasonable for the for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province.” Michael Geist, a privacy advocate and Canada research chair in Internet and E-commerce Law wrote on his blog that this means “organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law."

Geist worries that because "the disclosure occurs in secret without the knowledge of the affected person," those people who are affected won't be able to "challenge the disclosure since they are not aware it is happening."

According to him, that means that it would be a lot easier for rights holders that are trying to track down alleged copyright violators to get their hands on identifying information. He points to a recent case where a federal judge ordered independent ISP TekSavvy to release 2,000 customer names to filmmaker Voltage Pictures, who claims those customers may have illegally downloaded some of its films using BitTorrent.

Continued at http://www.techvibes.com/blog/privacy-law-copyright-trolling-2014-04-15

Here's a press release from today. Quote:

Crushing Blow for Copyright Trolls: Appeals Court Halts AF Holdings' Extortion Scheme

Striking a crushing blow against a legal linchpin of the copyright troll business model, a federal appeals court held today that copyright holders may not abuse the legal process to obtain the identities of thousands of Internet users.

"This decision is a crucial victory," said Electronic Frontier Foundation (EFF) Intellectual Property Director Corynne McSherry. "We are thrilled that a higher court has recognized that it is unfair to sue thousands of people at once, in a court far from home, based on nothing more than an allegation that they joined a BitTorrent swarm."

The plaintiff in this case, AF Holdings, sought the identities of more than 1,000 Internet users that it claims are linked to the illegal downloading of a copyrighted pornographic film. Over the protest of the Internet service providers that received subpoenas for those identities, a lower court approved the disclosure of the names. EFF, joined by the American Civil Liberties Union, the ACLU of the Nation's Capital, Public Citizen, and Public Knowledge, urged the U.S. Court of Appeals for the District of Columbia Circuit to reverse that ruling and help keep the legal process fair and balanced by requiring AF Holdings to show it has a good faith basis for going after these defendants.

This same coalition has fought for years in courts around the country to explain how the trolls were abusing the legal process to extort settlements from unsuspecting John Does. While several district courts have agreed, this is the first time a federal appeals court has weighed in.

The case is one of hundreds around the country that follow the same pattern. A copyright troll looks for IP addresses that may have been used to download films (often adult films) via BitTorrent, files a single lawsuit against thousands of "John Doe" defendants based on those IP addresses, then seeks to subpoena the ISPs for the contact information of the account holders associated with those IP addresses. The troll then uses that information to contact the account holders and threatens expensive litigation if they do not settle promptly. Faced with the prospect of hiring an attorney and litigating the issue, often in a distant court, most subscribers—including those who may have done nothing wrong—will choose to settle rather than fight.

"Once a troll gets the names it's looking for, then it already has what it needs to put its shakedown scheme in motion," EFF Staff Attorney Mitch Stoltz said. "For the defendants, it will come down to risking being named in a lawsuit over a pornographic movie, or settling for less than the cost of hiring an attorney. As a matter of law and basic fairness, a copyright plaintiff needs to show that its case is on solid ground before putting hundreds of Internet users into that kind of bind."

AF Holdings is linked to Prenda Law, a firm that is facing allegations that it used stolen identities and fictitious signatures on key legal documents and made other false statements to the courts.

For the text of the opinion:
https://www.eff.org/document/appeals-court-opinion

Contacts:

Corynne McSherry
Intellectual Property Director
Electronic Frontier Foundation
corynne@eff.org

Mitch Stoltz
Staff Attorney
Electronic Frontier Foundation
mitch@eff.org

https://www.eff.org/press/releases/...eals-court-halts-af-holdings-extortion-scheme

Web browsing is copyright infringement, publishers argue | Ars Technica

Europeans may browse the Internet without fear of infringing copyrights, as the EU Court of Justice ruled Thursday in a decision that ends a four-year legal battle threatening the open Internet.

It was the European top court's second wide-ranging cyber ruling in less than a month. The court ruled May 13 that Europeans had a so-called "right to be forgotten" requiring Google to delete "inadequate" and "irrelevant" data upon requests from the public. That decision is spurring thousands of removal requests.

In this week's case, the court slapped down the Newspaper Licensing Agency's (NLA) claim that the technological underpinnings of Web surfing amounted to infringement.

The court ruled that "on-screen copies and the cached copies made by an end-user in the course of viewing a website satisfy the conditions" of infringement exemptions spelled out in the EU Copyright Directive. The NLA's opponent in the case was the Public Relations Consultants Association (PRCA). The PR group hailed the decision.

"We are utterly delighted that the CJEU has accepted all of our arguments against the NLA, which represents eight national newspapers. The Court of Justice, like the Supreme Court before them, understands that the NLA's attempts to charge for reading online content do not just affect the PR world, but the fundamental rights of all EU citizens to browse the Internet," PRCA Director General Francis Ingham said. "This is a huge step in the right direction for the courts as they seek ways to deal with the thorny issues of Internet use and copyright law."

Continued at http://arstechnica.com/tech-policy/2014/06/web-browsing-is-copyright-infringement-publishers-argue/

https://arstechnica.com/tech-policy...eele-pleads-guilty-to-fraud-money-laundering/

Paul Hansmeier finally cops to being a porn troll, after a years-long saga | Ars Technica

Quote:

Paul Hansmeier, the Minnesota lawyer who was head of the porn trolling operation known as Prenda Law, has finally pleaded guilty to fraud and money laundering charges.

As Ars previously reported, co-defendant and fellow attorney John Steele pled guilty in March 2017 to federal fraud and money laundering charges. Over the course of several years, Steele said he and a co-defendant, Hansmeier, made millions with "sham entities" that threatened Internet users with copyright lawsuits.

Continued at https://arstechnica.com/tech-policy...ally-pleads-guilty-to-fraud-money-laundering/