EFF Austin Convenes

EFF Austin is about as ready as we can be to start up monthly meetings again. That’s the kind of frank honesty we’d like to cultivate when it comes to all of our activities. We’re a volunteer-run organization and all of the board members are very busy individually – as are the folks on our discussion email list and those interested in meeting up. After much reflection, the board feels that convening and information sharing is the most important function we can perform at this time. There are unprecedented efforts underway to encroach on hard-earned civil liberties online and disrupt the structure and function of the Internet. So we’re not as concerned about simulating professionalism in event organizing, and more concerned about providing a forum for people to come together and connect.

Towards that end, we want to encourage your participation and solicit your help. This coming Tuesday May 8th, we’ll re-inaugurate our monthly meetups from 6-8pm at the ATX Hackerspace. After the Bruce Sterling event, the good folks at the Hackerspace were kind enough to welcome EFF Austin to host meetings there on 2nd Tuesdays. That works out very well for both organizations as there is natural overlap in our memberships. It’s especially satisfying as ATX Hackerspace opens their doors to potential new members on Tuesdays from 8-11pm. So you can come to the EFF Austin meetup—which will naturally pique your curiosity about the amazing space and community—and then stay afterwards to get a full tour of the facilities and learn how to become a member. Definitely check out their flatbed laser cutter and 3D printers!

After discussion on the board and conversations with the EFFatx community, we’ve come up with the following meeting structure. This is open to revision as we learn what works best for everyone, so consider this a starting point.

1. Welcome – 5 minutes by EFFatx staff.
2. Ignite/Lightning/Pecha Kucha Format Talks – 20 minutes; 3-5 minutes each on any subject of relevance to the group; slides or no slides; here’s your chance to let folks know what you’re interested in and direct attention to the latest events; sign up in advance or on the spot.
3. Legislative Update (Local, State, National, Int’l) – 10 minute survey and discussion of the legislation EFFatx staff is tracking; we’d love to open this up to hear reports but will need to work on the best format – might be better integrated w/ Lightning talks?
4. Speaker 1 – 30 minutes; speaker and subject to be arranged in advance; get in touch with us if you would like to present, we’re always looking for folks interested in talking.
5. Break – 5-10 minutes.
6. Door Prizes – we have swag you want; happy to work with organizations or individuals who have swag to donate.
7. Speaker 2 – 30 minutes; speaker and subject to be arranged in advance.
8. Conclusion – final calls to action and encouragement to explore the ATX Hackerspace.

So you might be wondering what our first meeting will cover? Frankly – so am I! In other words, if you’re ready to go with a subject for one of our talks or ignite sessions, step up. Otherwise, volunteer at the meeting and EFFatx staff will fill in the slots. If called on, we’d probably cover CISPA and the litany of dangerous cybersecurity legislation in one of the talks, and perhaps use the second one for some meta-level reflection on our meeting structure and solicitation for future talks. I’d also like to discuss my desire to integrate remote participants into the meeting format. We live in a connected world and the issues we are confronting are often global in scope. We want to bring remote speakers and participants into the discourse, and consider that fundamental to our process of convening. We think that shift in thinking alone portends good things for the issues that EFF Austin focuses on, and the imperative we feel to get like minds better organized.

So pipe up if you would like to help out, and we hope to see you on Tuesday May 8th at the ATX Hackerspace. Remember: 2nd Tuesdays at ATX Hackerspace.

Guardian UK: “Washington looks set to wave through new cybersecurity legislation next week that opponents fear will wipe out decades of privacy protections at a stroke.”

EFF has an action page here.

EFF’s infographic:

Motherboard TV documentary about Free Network Foundation. More information here.

Austin’s KXAN interviewed EFF-Austin president Jon Lebkowsky for a story on Google’s consolidated privacy policy. They didn’t quite get our point that this is not really a huge change – they’ve just created a consolidated privacy policy that applies to most of their properties, but it’s not new that they track users and aggregate the data, and the way they use the data isn’t changing radically.

Bruce Sterling will give away and sign some of his books Saturday 5pm-7pm at ATX Hackerspace, 1601 Rutherford Lane, Suite A200 in Austin. Sponsored by EFF-Austin. Drop by, hang out, get to know Hackerspace, walk away with a signed volume of sci fi or hacker crackdown journalism.

ATX Hackerspace Link

Soldier at the 9/11 Memorial at the Pentagon.
Photograph by Matt McClain, The Washington Post/Getty Images.
Image credit: National Geographic

Being a sequence of quotations from contemporary articles contextualizing the visit of the rising Vice President of China amidst a conspicuously timed introduction of unprecedented domestic cybersecurity legislation.

National Post Full Comment (Feb 14) – “From bitter gruel, Xi Jinping to ascend to China’s top job” by Peter Goodspeed
http://fullcomment.nationalpost.com/2012/02/14/xi-jinping/

He arrives in Washington Tuesday on the first stop of a week-long tour of the United States in one of the final diplomatic rituals he must undergo before becoming China’s next leader.

Now vice-premier, Mr. Xi is widely expected to replace President Hu Jintao as secretary-general of the Chinese Communist Party in October, when China will change 60% of the members of the party’s Central Committee and replace seven of the nine members on the ruling Standing Committee of the Politburo.

By spring 2013, he should replace Mr. Hu as president, then become chairman of the Central Military Commission.

Meanwhile…

Hillicon Valley (Feb 13) – “Senate cybersecurity bill would let firms appeal Homeland Security regulations” by Gautham Nagesh
http://thehill.com/blogs/hillicon-valley/technology/210349-senate-cybersecurity-bill-would-let-firms-appeal-regulations

The legislation would task the Department of Homeland Security with determining which sectors of the economy would be covered by new cybersecurity regulations, after risk assessments in consultation with the private sector, the intelligence community and others.

But designated sectors would have the right to appeal whether the regulations apply to them. Several groups representing portions of the private sector considered part of the critical infrastructure have expressed concern about the impact of the regulations on both security and the bottom line.

“Passing the bill is crucial for national security, but not if the provisions on critical infrastructure regulation are watered down. This will be a real test for this Congress,” said James Lewis, senior fellow and director at the Center for Strategic and International Studies.

James A. Lewis is one of the star witnesses for the Senate Homeland Security and Governmental Affairs Committee’s hearing this Thursday on what has been termed “comprehensive” cybersecurity legislation being unveiled by Majority Chair Joe Lieberman and co-sponsor Minority Chair Susan Collins. Senator John (Jay) Rockefeller IV is the other primary co-sponsor, and will be the first witness at Thursday’s hearing.

Examples of sectors considered likely to fall under the new regulations are utilities, water treatment plants and transportation providers. Some sectors, such as major financial institutions and telecom providers, may ask for exemptions based on a demonstrated ability to secure their systems.

After determining which firms are critical infrastructure, DHS would then, in consultation with the private sector, determine cybersecurity performance requirements for firms in the covered sectors.

…

“There would be a huge market incentive for designated sectors to meet the security standards. But if they don’t DHS and the AG would decide on penalties,” said the spokesman.

What about international cybersecurity standards and practices?

WSJ (Jan 27) – “China’s Cyber Thievery is National Policy—And Must Be Challenged” by former NSA Director Mike McConnell, former Secretary of DHS Michael Chertoff, and former Deputy Secretary of Defense William Lynn.
http://online.wsj.com/article/SB10001424052970203718504577178832338032176.html
This appears to be a copy liberated from between the lines of Rupert Murdoch’s curious digital divide:
http://defense-technologynews.blogspot.com/2012/02/dtn-news-defense-intelligence-news.html

The bottom line is this: China has a massive, inexpensive work force ravenous for economic growth. It is much more efficient for the Chinese to steal innovations and intellectual property—the source code of advanced economies—than to incur the cost and time of creating their own. They turn those stolen ideas directly into production, creating products faster and cheaper than the U.S. and others.

Cyberspace is an ideal medium for stealing intellectual capital. Hackers can easily penetrate systems that transfer large amounts of data, while corporations and governments have a very hard time identifying specific perpetrators.

Stewart A. Baker, another witness for Thursday’s hearing, on the metaphorical wall isolating domestic and foreign intelligence gathering: “I thought that the civil liberties dangers it was supposed to ward off were probably more theoretical than real.”
http://www.skatingonstilts.com/skating-on-stilts/tired-of-reading-chapters-backwards.html

Continuing with the perspectives expressed in the WSJ:

The report to Congress notes that the U.S. intelligence community has improved its collaboration to better address cyber espionage in the military and national-security areas. Yet today’s legislative framework severely restricts us from fully addressing domestic economic espionage. The intelligence community must gain a stronger role in collecting and analyzing this economic data and making it available to appropriate government and commercial entities.

Congress and the administration must also create the means to actively force more information-sharing. While organizations (both in government and in the private sector) claim to share information, the opposite is usually the case, and this must be actively fixed.

National Journal (Feb 13) – “Feinstein Introduces Information-Sharing Bill Ahead Of Senate Cybersecurity Debate” by Josh Smith
http://techdailydose.nationaljournal.com/2012/02/feinstein-introduces-informati.php

Feinstein’s proposal would require the government to designate an agency as a “cybersecurity exchange” to coordinate information sharing; allow the government to share classified cybersecurity information with certain private-sector organizations; and provide liability protection for companies that share information.

“Alongside terrorism, cybersecurity is perhaps the number one threat facing our nation today, but many obstacles exist that prevent the cooperation and coordination needed to deter this growing threat,” Feinstein said in a statement.

NextGov (Feb 13) – “DHS budget would double cyber spending to $769 million” by Aliya Sternstein
http://www.nextgov.com/nextgov/ng_20120213_7454.php

There is bipartisan support for improving computer network defenses, so the outlook may be positive for obtaining much of the proposed $769 million from Congress. The funding would go toward the National Cyber Security Division for protecting federal networks and coordinating with the private sector on safeguarding critical infrastructure systems such as utility grids.

For perspective:

U.S. Department of Defense (Feb 13) – “DOD Releases Military Intelligence Program Requested Top Line Budget for Fiscal 2013″
http://www.defense.gov/releases/release.aspx?releaseid=15058

The Department of Defense released today the military intelligence program (MIP) requested top line budget for fiscal 2013. The total request, which includes both the base budget and Overseas Contingency Operations appropriations, is $19.2 billion.

The department determined that releasing this top line figure does not jeopardize any classified activities within the MIP. No other MIP budget figures or program details will be released, as they remain classified for national security reasons.

What is the mood of the Senate, and the posture towards the private sector?

United States Senate Democrats (Feb 9) – ‘[Senate Majority Leader Harry] Reid Outlines Process For Cybersecurity Legislation, Including “Fair and Open” Amendment Process [in letter to US Chamber of Commerce CEO Tom Donohue]‘:
http://democrats.senate.gov/2012/02/09/reid-outlines-process-for-cybersecurity-legislation-including-%E2%80%9Cfair-and-open%E2%80%9D-amendment-process/

I was struck by the testimony of the leaders of our Intelligence Community at recent Intelligence Committee hearings. Director of National Intelligence James Clapper called cyber security “a profound threat to this country, to its future, its economy, and its very being.” And Robert Mueller, Director of the Federal Bureau of Investigation (FBI), stated that, “stopping terrorist attacks with the FBI is the present number one priority, but down the road, the cyberthreat, which cuts across all programs, will be the number one threat to the country.” Think about that: in the years to come, malicious cyber activity will pose a threat to our country greater than terrorism. We simply cannot afford to repeat the mistakes of the past by failing to prepare for the leading threats of the future.

Yet, addressing cyber security is not simply a matter of staving off a future threat; it demands that we stop the hemorrhaging of national security secrets, intellectual property, and jobs already underway. In a recent letter to Senate Republican Leader McConnell and myself, eight former high-ranking national security officials led by Secretary of Homeland Security Michael Chertoff and Secretary of Defense William Perry pointed out that, not only are critical infrastructure such as power plants and hospitals at risk; moreover, “foreign states are waging sustained campaigns to gather American intellectual property – the core assets of our innovation economy – through cyber-enabled espionage.” They counseled that the “constant barrage of cyber assaults has inflicted severe damage to our national and economic security, as well as to the privacy of individual citizens. The threat is only going to get worse. Inaction is not an acceptable option.”

At this point, all signs indicate informed consensus for this legislation to pass quickly through Committee into an opportunity for debate culminating in passage through the Senate.

In closing, witness Stewart A. Baker from his text Skating on Stilts: Why We Aren’t Stopping Tomorrow’s Terrorism, (Stanford, California: Hoover Institution Press, 2010), p. 5-6.
http://www.skatingonstilts.com/skating-on-stilts/tired-of-reading-chapters-backwards.html

In the 1990s, after a term as the National Security Agency’s top lawyer, I spoke out in favor of keeping a wall between spies and cops. The idea was simple enough. Agencies like the National Security Agency (NSA) gathered intelligence on a global scale, and they rarely observed the legal constraints that applied to domestic policemen. To protect the civil liberties of Americans, it only made sense to separate intelligence gathered in that way from evidence assembled in a criminal investigation. With a wall between the two, criminal investigators from agencies like the Federal Bureau of Investigation (FBI) would be forced to observe the legal restrictions that went with criminal investigative tools. They wouldn’t be tempted to take the shortcut of using intelligence that had been gathered with less attention to civil liberties.

That was the theory, anyway. In practice, the wall crippled our last, best chance to catch the hijackers before September 11, 2001. In August of that year, the wall kept the FBI from launching a fullscale criminal search for the hijackers—even though all of our security agencies were expecting an imminent al Qaeda attack, and even though both the FBI and the Central Intelligence Agency (CIA) knew that two dangerous al Qaeda operatives had entered the United States. The failure to track those operatives down wasn’t a matter of incompetence or a failure to communicate, at least not in the last weeks. FBI criminal investigators spent the last part of August begging for a chance to track the terrorists. They were shut down cold—by lawyers who told them the wall simply could not be breached.

I wasn’t the most enthusiastic proponent of the wall. I thought that the civil liberties dangers it was supposed to ward off were probably more theoretical than real. But I saw no harm in building in an extra margin of protection for civil liberties. If nothing else, the wall would reassure privacy advocates in the courts, in the newspapers, and on Capitol Hill that intelligence would not be misused. It was insurance, not just for civil liberties, but for the intelligence agencies themselves. For both reasons, I thought, it was best to keep the wall high.

It made eminent sense inside the Beltway.

Until the world outside the Beltway broke through, just a few yards from where I’m standing.

Will the world outside the Beltway be heard in the composition of these new laws and during the creation of these new authorities? Are the new cyber sabers already rattling?

A website called “Frugal Dad” offers this infographic covering various issues of online privacy:

Clay Shirky has the best overview I’ve seen/heard/read of PIPA and SOPA and the context from whence they emerged:

Bottom line: the legilsation’s about wanting us to be passive consumers, not producing and not sharing.