In Defense Of Digital Freedom: It's Time To Get Beyond 'Cyber' Hyperbole

from the speak-up dept

Marietje Schaake, a member of the European Parliament often credited as one of the most tech savvy (and, yes, a regular Techdirt reader) has penned an excellent article, In defense of digital freedom. It's well worth a read, even if it covers many things that regular readers of the site will be familiar with. The key point it makes, however, is that we shouldn't be frightened by all the "cyberwar" FUD out there, which is designed to get us to give up our ideals on internet freedom. It discusses how much hype there is around "cyber" everything, nearly all of it trying to scare people. She admits that there are real threats, but those driving the discussion seem to have little interest in parsing them out from the hype and bluster. She notes that, in this rush for new laws, we seem to ignore that existing infrastructure can actually handle most of the actual problems.

The good news is that we don’t need ‘cyber democracy’ to guarantee ‘cyber security’. In most cases the foundations for resilience are already in our existing laws and regulations. Technologies are an essential part of our daily lives, businesses, education, cultural experiences and political engagement. As a result, resilience and defense need to be integrated and mainstreamed to strengthen both freedom and security.

[....] To prevent fear, hype and incident-driven policies and practices, knowledge, transparency and accountability are needed. Let us not make ‘cyber’ into something completely different, alien or spacy. But rather, let us focus on integrating technological developments in a way that allows us to preserve core (constitutional) principles, democratic oversight, and digital freedoms as essentials in our open societies.

She also notes that much of the hype may be driven by companies and politicians who benefit from such hype, driving new business to companies and passing new laws that give politicians more power. But, she notes, if we make policy based on those two drivers, internet freedom will certainly be put at risk. The unintended consequences are pretty clear:

US government has stated that American made, lawful intercept technologies, have come back as a boomerang when they were used against US interests by actors in third countries.

Other companies, such as Area Spa from Italy designed a monitoring centre, and had people on the ground in Syria helping the Assad government succeed in anti-democratic or even criminal behaviour by helping the crackdown against peaceful dissidents and demonstrators.

One key point she makes is that we need to have a fact-based, careful look at the issues, in which we avoid conflating very, very different things (i.e., random hacking with "war").

To avoid a slippery slope, clear distinctions between various crimes and threats are needed. Economic damage as a result of criminal activity should render a different response than a state-led attack posing national security threats. Yet, at the moment, at least in the public debate, the distinction between various cyber threats is very unclear. Uncertainly can make people feel vulnerable, while it is internet users and citizens that need to be informed and empowered. We need to build resilient and educated societies instead of installing fear.

States also need to prioritise in their partnerships, and look for consistency of actions by different government departments. Recently, the United States chose to sign a bilateral agreement with Russia on combatting Intellectual Property Rights infringements. The agreed cooperation seems in direct contradiction with objectives of the State Department in the field of internet freedom. In Russia, a newly adopted law gives the state the authority to use Deep Packet Inspections in internet traffic.

There's a lot more in the piece as well, and I think many of our readers will find it quite interesting. It's always nice to know that there are some elected officials in the world are trying to base key policy decisions, including those around internet freedom, on reality rather than fear and hype.

Filed Under: cybersecurity, eu parliament, free speech, fud, hacking, internet freedom, marietje schaake

Want To Destroy Any Hope Of Serious Cybersecurity? Give The DOJ Its Desired Backdoor Wiretaps On All Communications

from the stupid-ideas dept

The Obama administration has supposedly been "considering" the latest version of the DOJ's plan to require backdoor wiretapping abilities in any form of digital communication. If you don't recall, the FBI asks for this basically every year. The latest version would lead to fines for any company that doesn't build in a backdoor wiretapping ability. We've been pointing out for quite some time that putting in such backdoors only makes us all less safe, because those with malicious intent will find and use those backdoors.

A new report has been released, put together by some of the best known technologists and security experts out there, saying that the plan, as being considered would effectively undermine any cybersecurity regime. At a time when the administration and Congress keep insisting that we need better cybersecurity, to undermine it all with wiretapping backdoors would be ridiculous. And let's not even begin discussing how this would play out if it passed and number one CISPA backer Mike Rogers then became head of the FBI.

Among the report's authors are names you might recognize, like Ed Felten, Peter Neumann, Bruce Schneier and Phil Zimmerman. You can read the full report (pdf) to see all the details. As Ed Felten told the NY Times:

“It’s a single point in the system through which all of the content can be collected if they can manage to activate it,” said Edward W. Felten, a computer science professor at Princeton and one of the authors of the report... “That’s a security vulnerability waiting to happen, as if we needed more,” he said.

Once again, all of this suggests that the efforts around "cybersecurity" have always been more of a cover story to try to make it easier for law enforcement to access data, rather than any legitimate effort at improving security.

Filed Under: backdoors, bruce schneier, cybersecurity, doj, ed felten, fbi, mike rogers, peter neumann, phil zimmerman, wiretaps

CISPA Sponsor Mike Rogers May Go On To Lead The FBI

from the sure-that-having-cispa-in-place-would-help dept

We've often heard stories of politicians passing legislation soon before they left office, only to have that very same legislation help them in their next job (coincidentally, we're sure). So it does seem interesting that Rep. Mike Rogers, the main champion behind CISPA, the privacy-destroy cybersecurity bill, is apparently a top candidate to head the FBI -- so much so that the FBI Agents Association, representing 12,000 FBI agents, has officially stated that it would like him to take the job. I'm sure it would be much easier to run the FBI if it could have companies violate the privacy of their users without any possible liability (even if they promised to protect that privacy), which is exactly what CISPA would allow. For what it's worth, there are a number of other candidates for the job, though it's somewhat horrifying to see one other top candidate be Neil MacBride. He's the former "anti-piracy" VP for the Business Software Alliance, who is now the US Attorney who has been driving the case against Kim Dotcom. Just imagine what kind of FBI there would be under his watch...

Filed Under: cispa, cybersecurity, fbi, mike rogers

US's 'Cyberwar' Strategy: Making The Public Less Secure In The Name Of 'Security'

from the adding-up-wrongs-to-make-a-right dept

The US government seems to be responding to "cyber Pearl Harbor" by heading out on bombing runs of its own. All the concern for the safety of the American public displayed in Congress during the CISPA push seems to have been nothing more than the empty words we expect from our representatives. Americans and American companies are now being caught in the crossfire -- some of it "friendly."

The US government is waging electronic warfare on a vast scale — so large that it's causing a seismic shift in the unregulated grey markets where hackers and criminals buy and sell security exploits, Reuters reports.

Former White House cybersecurity advisors Howard Schmidt and Richard Clarke say this move to "offensive" cybersecurity has left US companies and average citizens vulnerable, because it relies on the government collecting and exploiting critical vulnerabilities that have not been revealed to software vendors or the public.

"If the US government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell US users," Clarke told Reuters. "There is supposed to be some mechanism for deciding how they use the information, for offense or defense. But there isn't."

I'm not sure how increasing user vulnerability helps win a cyberwar, but no doubt any home team casualties will be written off as sacrifices for the greater good. Even more troubling than the government's willingness to sacrifice security for security (??) is the fact that it's unwilling to share this information. What good are those provisions in CISPA and President Obama's recent cybersecurity executive order about the government sharing cybersecurity info with companies, if the government hoards the information for their own hacking purposes? More details from the Reuters report.

Top U.S. officials told Congress this year that poor Internet security has surpassed terrorism to become the single greatest threat to the country and that better information-sharing on risks is crucial. Yet neither of the two major U.S. initiatives under way - sweeping cybersecurity legislation being weighed by Congress and President Barack Obama's February executive order on the subject - asks defense and intelligence agencies to spread what they know about vulnerabilities to help the private sector defend itself.

When a U.S. agency knows about a vulnerability and does not warn the public, there can be unintended consequences. If malign forces purchase information about or independently discover the same hole, they can use it to cause damage or to launch spying or fraud campaigns before a company like Microsoft has time to develop a patch. Moreover, when the U.S. launches a program containing an exploit, it can be detected and quickly duplicated for use against U.S. interests before any public warning or patch.

Is it any surprise the public distrusts the government? It claims to be fighting a cyberwar in order to make us more secure and yet, when it goes on the attack, it values its own secretive efforts over the security of the public.

As the government purchases more of these exploits to help fight its cyberwar, the lines on the battlefield are continuously redrawn and obscured. Buying exploits from independent hackers leaves them free to sell to other high bidding countries when not using the exploits themselves. This arms race also creates a perverse set of incentives. As the demand for new exploits increases, security companies and contractors that used to release information to those affected are now keeping their discoveries to themselves to preserve "market value."

The Reuters report also notes that this new breed of security contractor is offering up, among other things, keys to criminal botnets. Endgame, a heavily funded tech startup with close ties to the intelligence community, is more than willing to hand over control of thousands of zombie computers for the right price.

Some of Endgame's activities came to light in purloined emails published by hackers acting under the banner Anonymous. In what appear to be marketing slides, the company touted zero-day subscriptions as well as lists of exactly which computers overseas belonged to specific criminal "botnets" - networks of compromised machines that can be mobilized for various purposes, including stealing financial passwords and knocking websites offline with traffic attacks.

The point was not to disinfect the botnet's computers or warn the owners. Instead, Endgame's customers in the intelligence agencies wanted to harvest data from those machines directly or maintain the ability to issue new commands to large segments of the networks, three people close to the company told Reuters.

So, we're engaged in a cyberwar that's going to help us by hurting us, is that it? I understand that no one wants to be outgunned when facing the enemy, but what's being detailed here looks like a whole lot of collateral damage in the pursuit of unattainable goals. The same exploits will be used on both sides of the battle, and with end users and the companies they rely on being cut out of the loop, it will be the civilians who fare the poorest. We'll just be asked to pretend the government's saving us from something even worse.

Filed Under: cybersecurity, cyberwar, hacks, security, us government, zero day

No Good Can Come Of Any Cybersecurity Bill Without A Clear Definition Of The Problem

from the putting-the-cybercart-before-the-horse dept

With CISPA dead (mercifully) from a critical case of Senate disinterest, the conversation has inevitably turned to what the next cybersecurity bill should look like. Over at Wired, Julian Sanchez has laid out some guidelines for a cybersecurity bill that actually works, achieving the stated goals of CISPA without butchering civil liberties. His key point is that, according to CISPA's authors, the bill's sole purpose is to let companies and the government share technical data (or as Dutch Ruppersberger adorably called it last year, "formulas, Xs and Os, the virus code") to help shore up network security and anticipate major attacks — and there's no real reason that has to conflict with privacy at all.

Few object to what technology companies and the government say they want to do in practice: pool data about the activity patterns of hacker-controlled “botnets,” or the digital signatures of new viruses and other malware. This information poses few risks to the privacy of ordinary users. Yet CISPA didn’t authorize only this kind of narrowly limited information sharing. Instead, it gave companies blanket immunity for feeding the government vaguely-defined “threat indicators” — anything from users’ online habits to the contents of private e-mails — creating a broad loophole in all federal and state privacy laws and even in private contracts and user agreements.

...

There’s no need to share [personally identifiable] data for security purposes anyway: Kevin Mandia, head of the cybersecurity firm Mandiant, insisted at a February hearing on CISPA that in 20 years in the industry, he had “never seen a package of threat intelligence that’s actionable” that included personally identifiable information.

Sanchez suggests some straightforward basic requirements for a cybersecurity bill that might actually get consensus from privacy watchdogs and the broader public: the removal of personal information before data reaches the government, a limited lifespan on the data (CISPA's authors have stated that real-time information sharing to deal with immediate threats is the key point of the bill anyway), and the ability for companies to respect their contracts with customers. As written, CISPA would have exonerated service providers from keeping any promise they made to not share user data. Even a service provider that wanted to offer you the contractual certainty that they would protect your data would have been unable to do so.

The reason for that is a key piece of language that's been drifting around CISPA since the beginning: "notwithstanding any other provision of law." There are lots of bits and pieces to the bill, but that line is the exemption granted to companies that wish to share cyber threat information with the government, and it's incredibly broad, allowing companies to ignore even the contracts they have with their customers.

So why is it there? That's the question nobody seems to want to answer, and that's the real issue with the whole push for cybersecurity legislation. Supposedly, according to the message that has accompanied CISPA and similar bills from the beginning, companies and the government are currently prevented from doing some harmless, common-sense information sharing to improve network security, because existing laws block such sharing. But... what laws? That has never been clear. Why does CISPA need to provide immunity "notwithstanding any other provision of law" rather than simply creating specific exceptions to the specific laws that are causing a problem? Why has nobody in Congress even been able to point out these problematic laws?

Perhaps it's not just one or two laws; perhaps it's a whole cluttered legal framework that can't easily be cleaned up and needs some broad, sweeping exceptions. But... nobody has made that case either. They just keep saying, non-specifically, "existing laws prevent it". And yet we know that's not true, at least to some degree: the FBI has had a system for sharing threat information back and forth with companies for 15 years. Why is that model not sufficient? Again, if there are reasons, nobody in Congress is offering them.

I'd like to say Sanchez's guidelines make an excellent starting point for cybersecurity legislation, but a starting point for legislation has to be a definition of the problem it's trying to solve, and we still don't have that. Nevertheless, they do serve as an excellent set of rules to hold Congress to if it is really so intent on barreling forward blindly. Cybersecurity grandstanders are likely to say that such restrictions would gut the legislation. Whether that's ignorance, cognitive dissonance or a tacit admission of dishonesty I'm not sure, but the restrictions suggested by Sanchez, the EFF, the ACLU and others would do nothing to hinder CISPA's stated and largely innocuous purpose — they would only interfere with the other much scarier potential uses that Congress insists aren't going to happen.

The longer Congress offers only the vaguest of vague definitions of the problem it's trying to solve, while at the same time seeming to betray even that vague definition with its response to suggested safeguards and restrictions, the harder it gets to afford them even one iota of trust on the subject of cybersecurity.

Filed Under: cispa, cybersecurity

As Expected, Senate Has No Interest In CISPA; Planning Its Own Cybersecurity Bill Instead

from the cybersecurity,-the-sequel dept

It's really looking like the cybersecurity legislation fight for 2013 is merely a remake of the 2012 edition. First, the House passes CISPA in April, despite widespread privacy concerns (and CISPA's backers pretending they've taken care of them). Then, the Senate goes in a totally different direction with a bigger, more complex cybersecurity bill (last year there were multiple versions before the compromise Cybersecurity Act became the bill of choice) that at least (eventually, with amendments) is a little more conscious of privacy issues, but which then fails to pass the Senate because the Chamber of Commerce freaks out about "something something regulations." And, then cybersecurity regulations, CISPA and all, die out until the following year. At least the first part of that, with CISPA happened both years, and now the Senate has made clear that it's going in its own direction again in part because it feels that CISPA does not do enough to protect privacy (whether or not that's the real reason is left open to speculation). Who knows if the rest of the script will play out the same, or if the sequel will have some plot-defying twists. Either way, it seems pretty clear that CISPA, as written, is officially stalled out. And that's a good thing, though we'll be paying close attention to what comes out of the Senate in the months ahead.

Filed Under: cispa, cybersecurity

Somewhere Everywhere, Big Brother Is Smiling: Congress Sells Your Privacy For A Cool $84 Million

from the $84M-isn't-money;-it's-a-motive-with-a-universal-adapter dept

In case you were wondering why so many Democrats switched sides during the most recent CISPA vote, the answer is exactly what you think it is: $$$. And lots of it. Last year's CISPA vote only managed to secure 40 Democrat supporters. This time around, the number leapt to 92.

[A] new coalition of special interests, which include America's two largest cellular service providers AT&T, Inc. and Verizon Wireless -- jointly owned by Verizon Communications Inc. and Vodafone Group Plc. -- as well as two of the nation's largest software firms Microsoft Corp. and Intel Corp., came together to create a similar data grab bill (Microsoft has since renounced its support). Security firms like Symantec Corp. also backed the bill.

Pushing the bill through was $84M USD in funding from special interest backers.

$84 million is change-of-heart money, although one imagines those contributing checked and double-checked their "sponsored" representatives to make sure they were all on the same page. As DailyTech points out, nearly $86 million went into the SOPA push and most of that turned out to be wasted money.

Last Monday, two hundred IBM executives visited the White House to make a last minute push for CISPA. Whatever they said or did must have been very persuasive. By the end of the day, 36 new sponsors had signed on to the bill, up from a very lonely two previous to IBM's visit. Unsurprisingly, financial motivation was involved, according to numbers gathered by Maplight.

New co-sponsors have received 38 times as much money ($7,626,081) from interests supporting CISPA than from interests opposing ($200,362).

Members of the House in total have received 16 times as much money ($67,665,694) from interests supporting CISPA than from interests opposing ($4,164,596).

Now, it's up to Senate to come up with some sort of cyber-security bill that has a chance to get passed and dodge a Presidential veto. Fortunately, there's no clear favorite at the moment (although Lieberman's bill seems to have the President's blessing) and with the limited number of voters, the Senate is much more prone to be gridlocked by partisan politics. Of course, a daylong visit by a few lobbyists could win over just enough hearts and minds to be dangerous. In the meantime, it would probably do these senators a world of good to hear from their constituents, if only to remind them that there are plenty of actual people out there who have to live with the consequences of bad legislation.

Filed Under: cispa, congress, cybersecurity

CISPA Passes The House, As 288 Representatives Don't Want To Protect Your Privacy

from the all-the-others-are-just-14-year-olds-in-their-basement dept

This is not wholly surprising, but after some debate and some half-hearted attempts at pretending they care about the public's privacy rights, the House has passed CISPA, 288 votes against 127. The vote breakdown did not go fully along party lines, though it was clearly Republican driven. 196 Republicans voted for it, while just 29 voted against it (despite numerous conservative groups coming out against the bill). The Democrats split down the middle. 92 Dems voted for it and 98 against. If you compare this to last year, it looks like a lot more Democrats went from opposing to being in favor of trampling your privacy rights. Last year, 140 Dems voted against CISPA and only 42 for it. Either way, this seems like a pretty bi-partisan decision to shaft the American public on their privacy rights. That said, there is still the threat of a Presidential veto (though, with the vote today, the House is close to being able to override a veto). The bigger question is now the Senate, which couldn't agree on a cybersecurity bill last year, and has shown no signs of improvement this year. If you want to protect your privacy, it's time to focus on the Senate, and make sure they know not to pass a privacy-destroying bill like CISPA.

Filed Under: cispa, cybersecurity, democrats, privacy, republicans, senate, veto

Oh Look, Rep. Mike Rogers Wife Stands To Benefit Greatly From CISPA Passing...

from the no-conflict,-no-interest dept

It would appear that Rep. Mike Rogers, the main person in Congress pushing for CISPA, has kept rather quiet about a very direct conflict of interest that calls into serious question the entire bill. It would appear that Rogers' wife stands to benefit quite a lot from the passage of CISPA, and has helped in the push to get the bill passed. It's somewhat amazing that no one has really covered this part of the story, but it highlights, yet again, the kind of activities by folks in Congress that make the public trust Congress less and less.

It has seemed quite strange to see how strongly Rogers has been fighting for CISPA, refusing to even acknowledge the seriousness of the privacy concerns. At other times, he can't even keep his own story straight about whether or not CISPA is about giving information to the NSA (hint: it is). And then there was the recent ridiculousness with him insisting that the only opposition to CISPA came from 14-year-old kids in their basement. Wrong and insulting.

Of course, as we've noted all along, all attempts at cybersecurity legislation have always been about money. Mainly, money to big defense contractors aiming to provide the government with lots of very expensive "solutions" to the cybersecurity "problem" -- a problem that still has not been adequately defined beyond fake scare stories. Just last month, Rogers accidentally tweeted (and then deleted) a story about how CISPA supporters, like himself, had received 15 times more money from pro-CISPA group that the opposition had received from anti-CISPA groups.

So it seems rather interesting to note that Rogers' wife, Kristi Clemens Rogers, was, until recently, the president and CEO of Aegis LLC a "security" defense contractor company, whom she helped to secure a $10 billion (with a b) contract with the State Department. The company describes itself as "a leading private security company, provides government and corporate clients with a full spectrum of intelligence-led, culturally-sensitive security solutions to operational and development challenges around the world."

Hmm. Sounds like a company like that would benefit greatly to seeing a big ramp up in cybersecurity FUD around the globe, and, with it, big budgets by various government agencies to spend on such things. Indeed, just a few months ago, Rogers penned an article for Washington Life Magazine all about evil hackers trying to "steal information." In it, there's a line that might sound a wee-bit familiar, referring to the impression of hackers as being "the teenager in his or her parent's basement with bunny slippers and a Mountain Dew." Apparently, both of the Rogers really have a thing about teens in basements. The article is typical FUD, making statements with no proof, including repeating the NSA's ridiculous allegation that hackers have led to the "greatest transfer of wealth in American history." It's such a good line, except that it's completely untrue. The top US companies have recently admitted to absolutely no damage from such attacks. The article also lumps in "hacktivists" like Anonymous, as if they're a part of this grand conspiracy that needs new laws.

Tellingly, in the print version of Washington Life that this article appeared in, which you can see embedded below, you'll note that there's a side bar right next to her article about the importance of passing cybersecurity legislation in Congress. Guess what's not mentioned anywhere at all? The fact that Kristi Rogers, author of the fear-mongering article, happens to be married to Rep. Mike Rogers, the guy in charge of pushing through cybersecurity legislation. That sure seems like a rather key point, and a major conflict of interest that neither seemed interested in disclosing. Oh, and Kristi Rogers recently changed jobs as well, such that she's now the "managing director of federal government affairs and public policies" at Manatt a big lobbying firm, where (surprise, surprise) she's apparently focused on "executive-level problem solving in the defense and homeland security sectors." I'm sure having CISPA in place will suddenly create plenty of demand for such problem solving.

A few months ago, on one of his FUD-filled talks about why we need cybersecurity, Rogers claimed that it was all so scary that he literally couldn't sleep at night until CISPA was passed due to an "unusual source" threatening us. The whole statement seemed odd, until you realize that his statement came out at basically the same time as his wife's fear-mongering article about cybersecurity. I guess when your pillow talk is made up boogeyman stories about threats that don't actually exist, it might make it difficult to fall asleep.

Either way, even if we assume that everything here was done aboveboard -- and we're not suggesting it wasn't -- this is exactly the kind of situation that Larry Lessig has referred to as soft corruption. It's not bags of money shifting hands, but it appears highly questionable to the public, leading the public to trust Congress a lot less. At the very least, in discussing all of this stuff, when Mrs. Rogers is writing articles that help the push for CISPA, it seems only fair to disclose that she's married to the guy pushing for the bill. And when Mr. Rogers is pushing for the bill, it seems only right to disclose that his wife almost certainly would benefit from the bill passing. And yet, that doesn't seem to have happened... anywhere.

Filed Under: cispa, conflicts of interest, cybersecurity, kristi rogers, lobbying, mike rogers

Latest CISPA 'Privacy' Amendment Is More Of The Same: Minor Changes Dressed Up As Real Solutions

from the same-old-thing-with-a-new-coat-of-paint dept

Update: It has become a little unclear what the status of this amendment is now. Yesterday we heard that it had passed, but now it seems to have been changed, and it's back up for debate on the floor. We'll get you more updates on whether or not it goes through, and the latest changes, as soon as we can.

In the latest round of changes to CISPA, the House passed a new amendment that supposedly (according to CISPA supporters) addresses the privacy and civil liberty concerns about the bill. The amendment (pdf and embedded below) ostensibly establishes civilian agency control (through Homeland Security) over information shared under CISPA, since many people are reasonably worried about all this data ending up in the hands of the NSA. Unfortunately, as the EFF determined in their initial analysis, it doesn't really change anything—it just lets the DHS go along for the ride:

The amendment in question does not strike or amend the part of CISPA that actually deals with data flowing from companies to other entitities, including the federal government. The bill still says that: “Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes...share such cyber threat information with any other entity, including the Federal Government." The liability immunity provisions also remain.

While this amendment does change a few things about how that information is treated within the government, it does not amend the primary sharing section of the bill and thus would not prevent companies from sharing data directly with military intelligence agencies like the National Security Agency if they so choose.

Indeed, the text of the amendment appears to create a significant role for the DHS in information sharing procedures, but gives it little power in terms of actually protecting privacy or filtering information—the amendment mandates that information still be shared with other agencies in realtime, and it still appears to allow companies and organizations to bypass the DHS entirely.

A portion of the amendment outlines certain privacy guidelines, but they are the same as those we discussed before: filled with enough release valves and escape routes to render them virtually meaningless, closer to a list of "best practices" than actual rules. The fact is that, despite what the bill's supporters and some of the media reporting on it would have you believe, the core problems with CISPA have not been addressed, nor have any of the "efforts" in that direction amounted to much more than a smokescreen. With a final CISPA vote looming at any time, it's never been more important to voice your opposition to the bill.

Filed Under: cispa, cybersecurity, mike rogers