CISPA Sponsor Warns Bill Is Needed Because China's Chinese Hackers From China Are Stealing All-American Secrets (China!)
from the give-them-to-us-instead dept
While the focus on the cybersecurity debate shifts to the Senate, the supporters of CISPA are still loudly trumpeting that bill's supposed merits. Though the final legislation that will go before the President is undecided, and may not even be based on CISPA in the end, the details of the bill are still very important, as they contribute to the overall shape of the discussion about cybersecurity. As part of the ongoing media campaign, CISPA author Mike Rogers took to the pages of The Detroit News last week to drum up support with a screed that reeks of nationalist fearmongering and utterly misrepresents the scope and purpose of the language in the bill.
The United States, over time, became a global superpower with its hard work and know-how leading to innovations in new manufacturing, health care and information technologies. Now China is trying to use cyber espionage and theft to take a short cut to achieving superpower status.
It began with China stealing hard-copy business plans and sensitive research-and-development information from U.S. and other Western companies when their executives traveled to China. U.S. companies soon began noticing a surge in counterfeit products as their innovations were being stolen, re-engineered, and sold by Chinese companies on global markets.
With the Internet boom, China turned its focus to cyber espionage and began stealing the hard work and innovations of U.S. companies on a far larger scale.
Rogers should be careful—if he says 'China' any more times, Fu Manchu might appear in the mirror and drain his 401(k). Once he's got the reader good and scared of the Yellow Menace (having thrown in a few emotional appeals to hardworking Michigan autoworkers for good measure), he explains how CISPA is needed to take care of all those annoying regulations that limit government power and protect people's privacy:
Unfortunately, American companies are not getting the best protection available.Today, the U.S. government has intelligence information about the threat posed by nation-state actors that could help the American private sector better protect itself. However, we don't currently have a mechanism for allowing the government to share intelligence about cyber threats with the private sector, nor do we have the ability for private sector companies to share information with others in the private sector, and with the government on a voluntary basis, so that the private sector can better protect itself.
And you know what? That's fine. Even though there is a lot of debate about the true scope of foreign cyber threats, if there is a way for the government and the private sector to share anonymous network analysis data in order to improve technological defenses against hacking and malware attacks, it makes sense to legislate a mechanism for them to do so. Unfortunately, CISPA goes way beyond that—now explicitly so.
This goes back to my opinion when CISPA was amended and passed in the House: my initial reaction that it had gotten much worse was partially incorrect, but even though the amendments did technically limit the government's power under the bill, I still had (and have) a problem with the way they expanded the stated intent and purpose. From the very start, CISPA supporters have insisted (as Rogers does in this column) that it's basically all about technical considerations in fighting off foreign cyber attacks. Initially, privacy and civil liberties groups objected that it would allow the government to do much more, including accessing the private data of American citizens without a warrant—and the response was basically "no, no, it has nothing to do with that".
Right up to the last minute of debate before the House vote, CISPA's backers held to the talking points and expounded on the threat from China and the need to share technical network data. But, to appease privacy groups, they supported an amendment to limit the ways the government could use shared data under the bill to a set of explicit purposes. And what were those purposes? Far from just foreign threats, they include investigating domestic cybercrime, investigating domestic violent crime, protecting children from exploitation, and of course the catch-all "national security" that was already in the language.
It feels trite to add the obligatory preventing violence and protecting children is a good thing here, because d'uh, but when exactly did CISPA become a bill about these things? If the government wants new exceptions to privacy laws for the purposes of fighting crime, that's a major discussion with obvious constitutional implications—a discussion that privacy groups have been trying to start all along, but have been brushed off with claims that CISPA is just about rebuffing those devious foreigners. Now CISPA explicitly includes provisions for collecting evidence on domestic crime, but Rogers is still writing editorials like this one that don't mention anything to do with child exploitation, violent crime, or anything else that doesn't have the word China attached to it.
Rogers finishes the piece with a rather astonishing little rallying call:
It took Michigan's auto industry decades to achieve its prominence and the United States centuries to become a global superpower. We cannot let China steal it all away in a few short years.
I'm not sure how long it's been since Rogers visited Flint, but I think it's changed a little since he was last there. Nonetheless, the point is clear: if the government can't snoop your data for child porn and affiliations with Anonymous, the Chinese are going to start manufacturing American cars and destroy the Michigan auto industry, in turn toppling the U.S. as an economic superpower. Wait, did I say "clear"?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: china, cispa, cybersecurity, michigan, mike rogers, nationalism
Reader Comments
Subscribe: RSS
View by: Time | Thread
the same stuff they bash for is the reason they are here today.
[ link to this | view in chronology ]
Re:
Scapegoat. If I were Chinese, I'd be firing up the ICBMs. "How dare the US blame this !@#$ on us?!?"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Fast forward to today. The USSR spent itself into oblivion. The US is currently still in the middle of a major recession with an increasingly corrupt government that is unwilling to do anything to truly fix it. As before, the old superpowers have blown/are blowing themselves up, economically, and China is filling the gap. If the US doesn't want this to happen, then they can actually spend money to fix this recession.
[ link to this | view in chronology ]
Re:
No they can't. They spent it all on bailouts to The Too Big To Fail, wars, and sold the rest to China.
[ link to this | view in chronology ]
Bite the hand that throws you silk ropes.
I wanna see this one play out.
[ link to this | view in chronology ]
Re:
ftfy
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Target Drift
[ link to this | view in chronology ]
Re: Target Drift
[ link to this | view in chronology ]
[ link to this | view in chronology ]
CISPA: A First Amendment issue
They can seize assets without due process and a warrant. Then they can continue to bully others for no reason other than they want to. Such is the way of the prosecutor after so many laws created that give them more power while limiting judges from making good choices of judgement in regards to sentencing or discretion.
[ link to this | view in chronology ]
Re: CISPA: A First Amendment issue
Patriot Act,NDAA,CISPA, ETC are all slowly and surely taking away Rights and leading us straight into the real world of 1984.
Many Libs and Cons will not want to see that one happen.I smell Violence in the Air !
[ link to this | view in chronology ]
Re: Re: CISPA: A First Amendment issue
But what Karl Marx actually surmised is that you only need 15% of the population to revolutionize everything. The same can be said for understanding how we reject all of these bad laws.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Public Service Announcement
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The Chinese apparently are incapable of reverse engineering.
The world knows that the US excels in putting its most sensitive data online. Hell, the streets of every major city are littered with thumb drives. Loose data is a bigger problem than crack.
Pfft. If China wanted good cars, it would steal from Sweden.
This clowns fails at fearmongering. Honestly, the trolls put more effort into their ramblings.
[ link to this | view in chronology ]
Re:
Perhaps these business people should have checked local laws before producing their lines overseas.
[ link to this | view in chronology ]
Mechanisms
However, we don't currently have a mechanism for allowing the government to share intelligence about cyber threats with the private sector, nor do we have the ability for private sector companies to share information with others in the private sector, and with the government on a voluntary basis, so that the private sector can better protect itself.
Don't have a mechanism to share data? Seriously?
How about the Internet? How about email?
I am personally a member of certain mailing lists and listservs that do exactly what is being asked for. All the ones I'm a part of are public, but there are private/invite-only ones, too, if the data being shared is of more sensitive matters. Maybe the lobbyists are just feeling left out of the cool kids (professional security experts) groups?
I regularly read certain websites that do exactly what is asked for. Some are non-profits, some are run by companies, and there are ones run by the government.
Wait, the government, you say? Yeahsureyoubetcha! Take a look over at http://nvd.nist.gov/ - it is governmenmt run, on a .gov domain, site about software vulnerabilities. Let me quote... "comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources" ... my, doesn't that sound familiar?
[ link to this | view in chronology ]
Re: Mechanisms
[ link to this | view in chronology ]
Re: Mechanisms
It's a compound word
poly, meaning many
tick, meaning bloodsucker.
They have to keep reinventing this stuff to keep their feeding program up.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
One of the best ways to copy information...
It's to get someone else to copy it, and then copy it from them.
This becomes even better if they don't need to be convinced, but willingly do so of their own volition. And better still if they pay for it.
More directly: if I were working for foreign government X or foreign corporation Y, and my job was to acquire the secrets of American government and business, I would be all over this bill, doing everything I possibly could to get it passed. I'd probably leak some worthless "secrets" just to fan the flames of hysteria higher. I'd throw some money into fake grassroots efforts to support it. And so on.
Because this (along the FBI push for backdoors, which I'd also whole-heartedly support) will help make my life much easier because it means more copies, and more copies means more opportunities. It also means more people with access, which increases the target surface for compromises, bribes, blackmail, etc.
Perhaps this has already happened.
[ link to this | view in chronology ]
U.S.gov = Corporate Parasites
Don't put secrets, on internet connected computers, Problem solved
They are making their own problems, but to accommodate that, we the PEOPLE must pay?
C'MON U.S.gov, you don't think we are that stupid ?
I give some credit for not using terrorism as an excuse this time. You cried wolf on that too many times. Even created your own terrorist plots to foil. I forgot to say thanks for that...
Thanks for protecting the world from terror attacks you created
Back to this new reason....
China? We need to lose our freedoms and privacy for China?
What a great excuse to brainwash the uninformed with!
Thank fuck the 99% in this world are rising up against you corporate parasites !
You have already taken too much from this society of PEOPLE.
[ link to this | view in chronology ]
Re: U.S.gov = Corporate Parasites
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This doesn't make any sense, so the US spying on other countries is somehow going to help our automotive companies? What are they going to do with this info? Insider trading? Steal trade secrets?
Who seriously gets up in the morning and decides this is what they are going to say to the US Government?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
That is 100% false. We have the DoD Collaborative Information Sharing Environment (DCISE). It allows JUST THIS THING that he says doesn't exist. And it's been around for YEARS! That doesn't even include the mailing lists and forums run by US-CERT for JUST THIS THING.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
really
[ link to this | view in chronology ]
Hollywood Producer: "Here's a brand new, never before seen movie. I want you to burn 500,000 DVDs."
Chinese Factory Owner: "Sure thing! Just send me the masters and we'll get right on that."
Chinese Worker: "Hey, it's that new American movie everyone wants to see. Get a copy of these masters and upload them to Baidu!"
[ link to this | view in chronology ]
At first, I lol'd. But then I serioused.
The US isn't the leader in anything. The "super-power" status is just from it's military.
US healthcare is sub-par, its manufacturing plants are IN China in the first place (and the tech for them comes from everywhere else), and heaven forbid someone else might reverse engineer something OR have the same idea as someone in the US.
Seriously, where the hell does the US get people like these idiots that support CISPA?
Your Government is a joke.
[ link to this | view in chronology ]
Self Interest
If this bill was only used for counterintelligence, I could begrudgingly understand it.
However, this just seems like another bill that's worded just broadly enough to have no real limits.
Maybe we should appeal to the politicians self interest. Hey Republicans, when the Dems are in power, they will likely use this to spy on you and defeat you in elections. Hey Democrats, the Republicans are going to do the exact same thing to you when they are in power. By not putting in adequate privacy safeguards, you are likely giving ammunition for your opponents to use against you.
[ link to this | view in chronology ]
what if?
[ link to this | view in chronology ]
Michigan....o_O
I've never worked for the auto industry, and while I appreciate that there were some boom times here, I see lots of lazy idiots sitting on their ass waiting for their beloved union jobs to come back. And then you have these political yahoos pandering to exactly those same lazy idiots. And they get voted for on the promise that we'll start making cars again, and everything will go back to the way it was in 1975. Meanwhile said politician is getting rich off of pork and laughing at his district - which he'll never visit again until re-election time.
So, thanks for the shout-out, but I think I'll start packing for warmer climes now...But do keep an eye on that Detroit News. It's full of amazing bullshit.
[ link to this | view in chronology ]
If the government really cared about cybersecurity...
That's something I would use.
[ link to this | view in chronology ]
[ link to this | view in chronology ]