CISPA Sponsor Warns Bill Is Needed Because China's Chinese Hackers From China Are Stealing All-American Secrets (China!)
from the give-them-to-us-instead dept
While the focus on the cybersecurity debate shifts to the Senate, the supporters of CISPA are still loudly trumpeting that bill’s supposed merits. Though the final legislation that will go before the President is undecided, and may not even be based on CISPA in the end, the details of the bill are still very important, as they contribute to the overall shape of the discussion about cybersecurity. As part of the ongoing media campaign, CISPA author Mike Rogers took to the pages of The Detroit News last week to drum up support with a screed that reeks of nationalist fearmongering and utterly misrepresents the scope and purpose of the language in the bill.
The United States, over time, became a global superpower with its hard work and know-how leading to innovations in new manufacturing, health care and information technologies. Now China is trying to use cyber espionage and theft to take a short cut to achieving superpower status.
It began with China stealing hard-copy business plans and sensitive research-and-development information from U.S. and other Western companies when their executives traveled to China. U.S. companies soon began noticing a surge in counterfeit products as their innovations were being stolen, re-engineered, and sold by Chinese companies on global markets.
With the Internet boom, China turned its focus to cyber espionage and began stealing the hard work and innovations of U.S. companies on a far larger scale.
Rogers should be careful—if he says ‘China’ any more times, Fu Manchu might appear in the mirror and drain his 401(k). Once he’s got the reader good and scared of the Yellow Menace (having thrown in a few emotional appeals to hardworking Michigan autoworkers for good measure), he explains how CISPA is needed to take care of all those annoying regulations that limit government power and protect people’s privacy:
Unfortunately, American companies are not getting the best protection available.Today, the U.S. government has intelligence information about the threat posed by nation-state actors that could help the American private sector better protect itself. However, we don’t currently have a mechanism for allowing the government to share intelligence about cyber threats with the private sector, nor do we have the ability for private sector companies to share information with others in the private sector, and with the government on a voluntary basis, so that the private sector can better protect itself.
And you know what? That’s fine. Even though there is a lot of debate about the true scope of foreign cyber threats, if there is a way for the government and the private sector to share anonymous network analysis data in order to improve technological defenses against hacking and malware attacks, it makes sense to legislate a mechanism for them to do so. Unfortunately, CISPA goes way beyond that—now explicitly so.
This goes back to my opinion when CISPA was amended and passed in the House: my initial reaction that it had gotten much worse was partially incorrect, but even though the amendments did technically limit the government’s power under the bill, I still had (and have) a problem with the way they expanded the stated intent and purpose. From the very start, CISPA supporters have insisted (as Rogers does in this column) that it’s basically all about technical considerations in fighting off foreign cyber attacks. Initially, privacy and civil liberties groups objected that it would allow the government to do much more, including accessing the private data of American citizens without a warrant—and the response was basically “no, no, it has nothing to do with that”.
Right up to the last minute of debate before the House vote, CISPA’s backers held to the talking points and expounded on the threat from China and the need to share technical network data. But, to appease privacy groups, they supported an amendment to limit the ways the government could use shared data under the bill to a set of explicit purposes. And what were those purposes? Far from just foreign threats, they include investigating domestic cybercrime, investigating domestic violent crime, protecting children from exploitation, and of course the catch-all “national security” that was already in the language.
It feels trite to add the obligatory preventing violence and protecting children is a good thing here, because d’uh, but when exactly did CISPA become a bill about these things? If the government wants new exceptions to privacy laws for the purposes of fighting crime, that’s a major discussion with obvious constitutional implications—a discussion that privacy groups have been trying to start all along, but have been brushed off with claims that CISPA is just about rebuffing those devious foreigners. Now CISPA explicitly includes provisions for collecting evidence on domestic crime, but Rogers is still writing editorials like this one that don’t mention anything to do with child exploitation, violent crime, or anything else that doesn’t have the word China attached to it.
Rogers finishes the piece with a rather astonishing little rallying call:
It took Michigan’s auto industry decades to achieve its prominence and the United States centuries to become a global superpower. We cannot let China steal it all away in a few short years.
I’m not sure how long it’s been since Rogers visited Flint, but I think it’s changed a little since he was last there. Nonetheless, the point is clear: if the government can’t snoop your data for child porn and affiliations with Anonymous, the Chinese are going to start manufacturing American cars and destroy the Michigan auto industry, in turn toppling the U.S. as an economic superpower. Wait, did I say “clear”?
Filed Under: china, cispa, cybersecurity, michigan, mike rogers, nationalism
Comments on “CISPA Sponsor Warns Bill Is Needed Because China's Chinese Hackers From China Are Stealing All-American Secrets (China!)”
offtopic: the US is basically bashing china for taking its stuff that america got years ago by taking from other countries.
the same stuff they bash for is the reason they are here today.
How many Americans would cry foul if the less-expensive OEM foreign-made auto parts weren’t available for their cars? They might be made in China,.you know.
The Cold War 2?
The US became a superpower because Europe (the old superpower) blew itself up with two World Wars and the US filled the gap.
Fast forward to today. The USSR spent itself into oblivion. The US is currently still in the middle of a major recession with an increasingly corrupt government that is unwilling to do anything to truly fix it. As before, the old superpowers have blown/are blowing themselves up, economically, and China is filling the gap. If the US doesn’t want this to happen, then they can actually spend money to fix this recession.
Go ahead, falling US.
Bite the hand that throws you silk ropes.
I wanna see this one play out.
So to fight Chinese hackers, we have to be as oppressive as China? Does this moron try to kill termites in his house by filling it with carpenter ants?
Re: Re:
“…oppresive as China…” Are you daft, or simply given to over the top hyperbole?
Target Drift
I notice how the rhetoric being used to push this abomination has shifted from “cyber-terrorism” to “IP theft”.
That’s “Dr. Fu Manchu”! He didn’t spend all that time going to evil genius school to be called “Fu Manchu” =P
CISPA: A First Amendment issue
I have to wonder who is supporting CISPA here. My problem is that this bill will be utilized so that the FBI or NSA can find out anything they want and bring up charges through prosecutors based on what you write on the internet. Make no mistake, just like the NDAA and Patriot Act, this is a bill meant to subvert 1st Amendment rights as well as the 4th. It’s meant to allow the NSA to spy on people in the US by going through Israel and collect any data they want. And what this ignores is all of the details showing how the prosecutors have become quite powerful in the Totalitarian States of America. Make no mistake, prosecutors have a lot of power to manipulate data with very little in regards to transparency. So who is not to say that CISPA, in conjunction to the NDAA and the Patriot Act can’t destroy the lives of whistleblowers and their allies in a number of ways?
They can seize assets without due process and a warrant. Then they can continue to bully others for no reason other than they want to. Such is the way of the prosecutor after so many laws created that give them more power while limiting judges from making good choices of judgement in regards to sentencing or discretion.
Their logic is like “let us steal all your information first, before China does it! That will show them.”
Public Service Announcement
My friends, I am aware that many of you are concerned about your intellectual property and all the evil invading companies out there stealing how you design your elite coffee cup process. But do not fear your government gaining access to all things that you do. After all, we are much better than the China government, because we live in a democracy.
Huh? China did what?
Because no US company would even think about outsourcing.
The Chinese apparently are incapable of reverse engineering.
The world knows that the US excels in putting its most sensitive data online. Hell, the streets of every major city are littered with thumb drives. Loose data is a bigger problem than crack.
Pfft. If China wanted good cars, it would steal from Sweden.
This clowns fails at fearmongering. Honestly, the trolls put more effort into their ramblings.
Mechanisms
Something I’ve never quite got is this talking point:
However, we don’t currently have a mechanism for allowing the government to share intelligence about cyber threats with the private sector, nor do we have the ability for private sector companies to share information with others in the private sector, and with the government on a voluntary basis, so that the private sector can better protect itself.
Don’t have a mechanism to share data? Seriously?
How about the Internet? How about email?
I am personally a member of certain mailing lists and listservs that do exactly what is being asked for. All the ones I’m a part of are public, but there are private/invite-only ones, too, if the data being shared is of more sensitive matters. Maybe the lobbyists are just feeling left out of the cool kids (professional security experts) groups?
I regularly read certain websites that do exactly what is asked for. Some are non-profits, some are run by companies, and there are ones run by the government.
Wait, the government, you say? Yeahsureyoubetcha! Take a look over at http://nvd.nist.gov/ – it is governmenmt run, on a .gov domain, site about software vulnerabilities. Let me quote… “comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources” … my, doesn’t that sound familiar?
CISPA: A First Amendment issue
There could very well be a Revolution in this Nation within 10 years or so.Things will just keep going downhill through the next Election and within 1 – 3 Elections at the Rate we are going and losing Rights and there will be a lot of bad violence.
Patriot Act,NDAA,CISPA, ETC are all slowly and surely taking away Rights and leading us straight into the real world of 1984.
Many Libs and Cons will not want to see that one happen.I smell Violence in the Air !
The last thing CISPA wants is to protect the country. CISPA will give the same powers to the government that SOPA and PIPA proposed. It’s just a way of saying that the 1st and 4th Amendment do not work on the internet.
Re: Re:
Huh? Please explain.
Target Drift
Yes, It’s time to get back on Target. If we don’t have this then the water treatment plants will be poisoned over the internet, and planes will fall from the sky.
One of the best ways to copy information...
…is not to copy it.
It’s to get someone else to copy it, and then copy it from them.
This becomes even better if they don’t need to be convinced, but willingly do so of their own volition. And better still if they pay for it.
More directly: if I were working for foreign government X or foreign corporation Y, and my job was to acquire the secrets of American government and business, I would be all over this bill, doing everything I possibly could to get it passed. I’d probably leak some worthless “secrets” just to fan the flames of hysteria higher. I’d throw some money into fake grassroots efforts to support it. And so on.
Because this (along the FBI push for backdoors, which I’d also whole-heartedly support) will help make my life much easier because it means more copies, and more copies means more opportunities. It also means more people with access, which increases the target surface for compromises, bribes, blackmail, etc.
Perhaps this has already happened.
U.S.gov = Corporate Parasites
Even if CISPA is “China’s fault” ( hmmm.. wait.. WTF )
Don’t put secrets, on internet connected computers, Problem solved
They are making their own problems, but to accommodate that, we the PEOPLE must pay?
C’MON U.S.gov, you don’t think we are that stupid ?
I give some credit for not using terrorism as an excuse this time. You cried wolf on that too many times. Even created your own terrorist plots to foil. I forgot to say thanks for that…
Thanks for protecting the world from terror attacks you created
Back to this new reason….
China? We need to lose our freedoms and privacy for China?
What a great excuse to brainwash the uninformed with!
Thank fuck the 99% in this world are rising up against you corporate parasites !
You have already taken too much from this society of PEOPLE.
is this guy for real? sounds more like a complete twat to me. what absolute bollocks he’s come out with. i cant believe how these idiots manage to get elected in the first place! he should be careful, keep slagging China off like he does. i would say at a rough guess the USA needs China a damn sight more than China needs the USA. is it classed as ‘cyber espionage and stealing the hard work and innovations of U.S. companies’ because companies like Apple gets it’s products assembled in China?? i dont think so and lying about another country that the USA relies on greatly doesn’t help either. if he wants to do something constructive, try getting those companies to assemble their products at home.
This doesn’t make any sense, so the US spying on other countries is somehow going to help our automotive companies? What are they going to do with this info? Insider trading? Steal trade secrets?
Who seriously gets up in the morning and decides this is what they are going to say to the US Government?
Re:
“Bite the tiny plastic mercury-laden hand that throws you silk ropes”
ftfy
Mechanisms
That is the talking point that always sets off my bullshit meter too. “We need a safe and secret back door to pipe this secret safety information right into their secret tubez safely!”
Re:
Well the FBI has recruited some terrorists and is teaching them how to hack into the private sector. If only there was some channel the FBI could use to tell the corporations what methods it is teaching the hackers it is training to hack into US companies so it can arrest them to make some news stories.
CISPA: A First Amendment issue
I don’t see the revolution that far away. We now have two that are occurring before our eyes. In 2008, Obama used that very style and everyone was on board. But he was faced with a group that blocked him on every turn. Unlike FDR, I doubt Obama has the people in his office that truly want a revolution in changing DC.
But what Karl Marx actually surmised is that you only need 15% of the population to revolutionize everything. The same can be said for understanding how we reject all of these bad laws.
Man, I’d hate to be the US ambassador to China. It can’t be easy to smooth over stuff like this.
Re:
You are so right. What you missed is that the Chinese didn’t have to revers-engineer anything. They simply let the US and Japanese companies give them the plans and molds for their products, and pay them to manufacture the first million or so products. Then, the Chinese companies they simply ran off a few million for themselves.
Perhaps these business people should have checked local laws before producing their lines overseas.
Protip: Don’t store secret and sensitive information where someone from China can gain access to it in the comfort of their own home.
Why bother? US Presidents are busier than anyone on the web, giving away US technology.
“However, we don’t currently have a mechanism for allowing the government to share intelligence about cyber threats with the private sector, nor do we have the ability for private sector companies to share information with others in the private sector, and with the government on a voluntary basis, so that the private sector can better protect itself.”
That is 100% false. We have the DoD Collaborative Information Sharing Environment (DCISE). It allows JUST THIS THING that he says doesn’t exist. And it’s been around for YEARS! That doesn’t even include the mailing lists and forums run by US-CERT for JUST THIS THING.
Re:
Scapegoat. If I were Chinese, I’d be firing up the ICBMs. “How dare the US blame this !@#$ on us?!?”
Re:
meh. thay just phoned it in after the first one, not worth seeing.
Re:
Chinese people are really midget rescue bots?
Re:
No they can’t. They spent it all on bailouts to The Too Big To Fail, wars, and sold the rest to China.
Stealing our secrets, huh? I thought China was just making all our shit to sell cheap here.
really
What a crock of crap… Stealing from the US????? Do we not invade countries when we want to? Should that be a crime against the US? Hackers from china!!!!! Dont we get most of our junk from over there and they are more inovated than us… Please use a batter excuse than china hackers stealing from us it would be much better..
U.S.gov = Corporate Parasites
“…we must defeat China, by becoming just like China…”
Mechanisms
You gotta remember what a politician is:
It’s a compound word
poly, meaning many
tick, meaning bloodsucker.
They have to keep reinventing this stuff to keep their feeding program up.
If US companies don’t want Chinese infringement, perhaps they should stop sending business orders to China with their unpublished software, movies, and music. Or stop using Chinese factories to produce parts and products using schematics of unreleased hardware.
Hollywood Producer: “Here’s a brand new, never before seen movie. I want you to burn 500,000 DVDs.”
Chinese Factory Owner: “Sure thing! Just send me the masters and we’ll get right on that.”
Chinese Worker: “Hey, it’s that new American movie everyone wants to see. Get a copy of these masters and upload them to Baidu!”
At first, I lol'd. But then I serioused.
At first I thought this was a joke…then I realised they are serious.
The US isn’t the leader in anything. The “super-power” status is just from it’s military.
US healthcare is sub-par, its manufacturing plants are IN China in the first place (and the tech for them comes from everywhere else), and heaven forbid someone else might reverse engineer something OR have the same idea as someone in the US.
Seriously, where the hell does the US get people like these idiots that support CISPA?
Your Government is a joke.
Self Interest
Obviously, some steps need to be taken. If this bill only targeted foreign entities, I may support it.
If this bill was only used for counterintelligence, I could begrudgingly understand it.
However, this just seems like another bill that’s worded just broadly enough to have no real limits.
Maybe we should appeal to the politicians self interest. Hey Republicans, when the Dems are in power, they will likely use this to spy on you and defeat you in elections. Hey Democrats, the Republicans are going to do the exact same thing to you when they are in power. By not putting in adequate privacy safeguards, you are likely giving ammunition for your opponents to use against you.
what if?
What would the implication be of a Chinese company acquiring an ISP in the USA? Would they not then be in an ideal position to leverage the provisions of CISPA to achieve exactly what CISPA is claiming to prevent? I.e. the Chinese owner of the USA ISP will be able to collect all the intelligence they ever needed. Not just on companies and their ideas/inventions/IP, but also on every individual. What goes around, comes around.
Michigan....o_O
Thanks for this, Mike. As a resident of Flint (and Michigan!), I find that we are especially treated as the worst kind of idiots, constantly spoon-fed the premise that everything in the world will affect our precious auto industry. Oh, and rape our kids. And now China’s cyber-terrorism will increase our violent crime rate (as if it can get any higher). GTFOH!
I’ve never worked for the auto industry, and while I appreciate that there were some boom times here, I see lots of lazy idiots sitting on their ass waiting for their beloved union jobs to come back. And then you have these political yahoos pandering to exactly those same lazy idiots. And they get voted for on the promise that we’ll start making cars again, and everything will go back to the way it was in 1975. Meanwhile said politician is getting rich off of pork and laughing at his district – which he’ll never visit again until re-election time.
So, thanks for the shout-out, but I think I’ll start packing for warmer climes now…But do keep an eye on that Detroit News. It’s full of amazing bullshit.
If the government really cared about cybersecurity...
What they could do to help with cybersecurity is set up a website to give newbs tips on how to set up https, prevent mysql injection, salting/hashing passwords, and other standard stuff that new developers often screw up on. Hell, maybe even give a free online course with a whole video series (with transcripts).
That’s something I would use.
That?s truly commendable. I am speechless.