US Gov't To Scan More Civilian Infrastructure Traffic 115
helix2301 writes with this snippet from NBC News: "The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure. As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks."
Further on, the story notes that "By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency's eavesdropping."
How naive do you have to be? (Score:5, Insightful)
After the AT&T revelation, why would you believe they aren't ALREADY scanning pretty much everything they can?
Re:I can see positives, but (Score:5, Insightful)
They're already here. They are just not globally announced and touted as the next best thing because "people who know" got wary after what happened to "their" Internet. Once the unwashed masses got in, things went downhill. For reference, see file sharing. You know, in the good ol' days, nobody gave a damn. Sure, the RIAA wasn't too excited about it, but the damage was low, so why bother? More and more people came and once it became trivially easy, the lobbying started and we have the mess we have today.
Can you imagine what an issue blueboxing would have been if it wasn't limited to a handful of phreaking enthusiasts? AT&T would have wanted their heads. And we're certainly not talking about the probation sentence Draper got, this would have reached insane heights akin to what we see today with punishments for copyright infringement. So, it was ... well, basically just a little nuisance.
Can you imagine what happens if Darknets go the way of torrents? Everyone using them, essentially rendering the whole shiny surveillance technology a matter for the recycle bin? If you think then we'd win, think again and ponder who your "enemy" is in this game. Hint: He makes the rules.
Does not make it any better (Score:2, Insightful)
Dear Mr.Obama,
Just because you move the shady / possibly-abuse-filled surveillance project to another department does not make us "like" the program anymore.
Also if you think the whole issue was the department handling the program, you have no clue why people are upset and outraged. That or you are intenionally ignoring the real reason.
Please take the critical systems off the public internet if you are that worried about a "cyber" attack against public infastructure.
Signed,
- The People of the USA
Re:Americans paying for big biz cheapness (Score:5, Insightful)
The run for the bottom started way earlier, you can't blame the chimp for everything. Looking at the US for the past decades, I dare say the whole mess started with Reagan or no later than Bush Sr.
What this country, or any country, could well need is the kind of politicians we had after WW2. Say what you want, I still think Eisenhower was the best since 45.
This is not their job... (Score:1, Insightful)
Re:yeah, makes perfect sense (Score:3, Insightful)
'cause everybody trusts the DHS.
While it would be nice to believe that this is sarcasm, and while most slashdotters don't trust the DHS, most nongeeks do trust the DHS. And there's whole, "If you don't have anything to hide then who cares..." that most people believe in.
Cyber attack against utilities? (Score:5, Insightful)
My power company won't even trim the stinkin' trees. When the lights go out, how will we differentiate between an attack and normal operations?
Re:yeah, makes perfect sense (Score:5, Insightful)
"more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks"
I don't follow the logic of this. Scanning our people's stuff is going to protect us from outside attacks, or attacks by outside agencies done by their people here? How so?
"The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cyber security providers that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program."
So we, that is, our own government agencies, don't have the manpower, equipment, or expertise, or some combination, so the secret info from the various intel folks will be used to determine the scans mentioned in first quote, then the scans' results will pass to a private group that's going to offer to do - what, exactly? - for those who might be affected, if, that is, they join up somehow, somewhere?
All I can make of it is a foot in the door kind of thing, scan hell out of biz/personal e-stuff, pass it through a clearinghouse of interested parties, and use it for something something. Oh, yeah, to protect us from some cyber. This whole thing seems inside-out and backwards. Then it's "you're with us or against us (nice cyber you got there, hate to see some cyber done to it)" all done by selling one thing, calling it another, and actually doing a third thing. I think.
Can someone clarify this shit?
Re:Encrypt everything (Score:2, Insightful)
I mean: nobody is so crazy to waste citizens' money on intercepting and storing everyone's communication, the investment and maintenance cost will be everly increasing.
Wanna bet? They will simply take the money from some 'unimportant' department that actually provides some sort of public service. Sorry guys, you can't have money for cancer research, because we are going to snoop through your e-mails. You had better believe it.
clarifying that shit (Score:5, Insightful)
The idea is really not to prevent law breaking but instead provide justification after the fact.
Say or do something that offends officialdom? Now your past actions can be used against you.
If you were watching TV and some plot point about exposives happen and you decide to go search on that plot point - now officialdom can claim you are a wannabe terrorist and place you under lock and key and THEN state how wonderful the new system is, because it prevented you from getting the explosives you expressed an interest in.
Officialdom is scared and is adding to the framework to attempt to control challengers to their authority. You may not due the time but you'll ride the ride is the buzzphrase of the day.
(note how Aaron didn't do the time and in the end wanted off the ride the DOJ put him on)
Re:yeah, makes perfect sense (Score:2, Insightful)
Can someone clarify this shit?
The cyberwar boogie man is prompting Very Serious People to act. They need to do be seen doing something and they stick to what used to work in the 70's: more surveillance, more spying of your own people for their own benefit. Never mind that wont make any difference whatsoever and certainly leads to a full blown surveillance state. They only have the surveillance hammer and are looking around for nails.
Some alternate suggestions that would make indeed a difference:
1. Make credit card companies liable for fraud, instead of passing the loss to businesses as chargebacks; this will motivate them to secure their infrastructure and cut a major source of funding for the criminal underworld, thus lowering demand on black market vulnerabilities.
2. Make companies liable for the data they leak as a result of failing to properly secure their infrastructure
3. Decriminalize unauthorized penetration testing, as long as no data is stolen and the whole reported to the affected company or the authorities. Imagine that: you are not only liable for any data breach, but there are thousands of skidies all trying to get it for fun and fame. It's like antibodies fighting disease.
3. Hold public vulnerability finding contests in popular software and reward exploit writers. The best and brightest will work for us instead of against us.
4. Demand a high level of security in government acquired software and financially penalize vendor for holes. 'No warranty, no liability' my ass.