US plan calls for more scanning of private Web traffic, email

[Wilikon]

It is for our own good.

http://www.nbcnews.com/technology/technolog/us-plan-calls-more-scanning-private-web-traffic-email-1C9001922

The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure.

As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks.

Under last month's White House executive order on cybersecurity, the scans will be driven by classified information provided by U.S. intelligence agencies — including data from the National Security Agency (NSA) — on new or especially serious espionage threats and other hacking attempts. U.S. spy chiefs said on March 12 that cyber attacks have supplanted terrorism as the top threat to the country.

The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cyber security providers that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program.

DHS as the middleman
By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency's eavesdropping.

The telecom companies will not report back to the government on what they see, except in aggregate statistics, a senior DHS official said in an interview granted on condition he not be identified.

"That allows us to provide more sensitive information," the official said. "We will provide the information to the security service providers that they need to perform this function." Procedures are to be established within six months of the order.

[1714908560]

1714908560

[1714908560]

1714908560

[1714908560]

1714908560

[1714908560]

1714908560

[1714908560]

1714908560

[Lethn]

These people really do live in their own world, I can't help but smile when I read this kind of stuff because it shows just how fucking clueless they are when it comes to technology.

[coinuser4000]

It is for our own good.

http://www.nbcnews.com/technology/technolog/us-plan-calls-more-scanning-private-web-traffic-email-1C9001922

The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure.

As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks.

Under last month's White House executive order on cybersecurity, the scans will be driven by classified information provided by U.S. intelligence agencies — including data from the National Security Agency (NSA) — on new or especially serious espionage threats and other hacking attempts. U.S. spy chiefs said on March 12 that cyber attacks have supplanted terrorism as the top threat to the country.

The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cyber security providers that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program.

DHS as the middleman
By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency's eavesdropping.

The telecom companies will not report back to the government on what they see, except in aggregate statistics, a senior DHS official said in an interview granted on condition he not be identified.

"That allows us to provide more sensitive information," the official said. "We will provide the information to the security service providers that they need to perform this function." Procedures are to be established within six months of the order.

If they're looking for spies, wouldn't it be best if the information reported back to them was SPECIFIC? (Who, What, Where, Why, When)

Aggregate data only makes sense if they're trying to keep track of everything everyone is doing.

I swear sometimes I wonder if everyone around me is unconscious. How is this ok with so many Americans? Social Security doesn't pay THAT well.

[Mike Christ]

If they didn't know about potential security threats before now, how do they come to the conclusion that invading more privacy will reveal more information?  You can't know what you don't know, so you have to know what you don't know.  With this logic, they can take away any privacy they please.

This is another attack on the American people, and an attack on anyone who interacts with them.  This has nothing to do with security and everything to do with an out of control government.

[2112]

It is for our own good.

Seriously, are you working for a defense contractor?

The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure.

The official said the government had no plans to roll out any such form of government-guided close examination of Internet traffic into the communications companies serving the general public.

Some time ago we've sold some of our software to a middle-size US defense contractor. Our software has an internal self-test for trojaned DNS servers. Our front-line technician troubleshooted this and it turned out that the defense contractor was using OpenDNS.com configured for the "home network/children protection". This caused the intranet traffic inside the defense contractor to flow outside of the secure internal networks to the web-censorship servers run by OpenDNS.com in Europe. What a nice breach of security that was! Some of our US tech support personell got free security clearance renewals out of it.

If they're looking for spies, wouldn't it be best if the information reported back to them was SPECIFIC? (Who, What, Where, Why, When)

More likely they are looking for idiots and incompetents in the IT departments of the defense contractors. I did a cursory look at the list of enterprise clients of OpenDNS. This time I didn't see any obvious defense contractors. At the time of the above incident there was at least one defense contractor different than the our one.

[Wilikon]

I am just a powerless simpleton on the internet being amazed by what is going on right now and not directly concerned by this news. The very wide net approach is beyond troubling, thus concerns everyone, and not only in the USA. Once the machine is on, no matter who comes next it is very tempting not turn it off and keep it running "just in case". Anyone alive and in touch with what is really going on in the past 15 years saw what happened when things "changed" to be the same, or worse.

This is a long con on the citizen and we need to keep our eyes open 24/7 to be on top of their game.

[Dabs]

And if you use Tor, or even just https where available? Or even a VPN? Just encrypt everything. Chat, email, browsing, mining.

[instaBoost]

turn all google services off.

Your welcome

[justusranvier]

turn all google services off.

One thing to do that is less extreme is to sandbox Google sites into their own browser.

I use three browsers - one only for Google, one only for Facebook, and one for everything else. The "everything else" browser blocks all Facebook and Google cookies.

[Dabs]

Let me guess, Chrome for Google. Firefox for FB. And ... uh, not IE for anything.

[myrkul]

Let me guess, Chrome for Google. Firefox for FB. And ... uh, not IE for anything.

Opera.

[Dabs]

Actually, I'm sometimes forced to use IE for internet banking (fiat money bank). They suck, but that's the only option they offer sometimes. I've tried Opera a long time ago. I personally just use Firefox mainly.

[bubblesort]

They are outright lying about the ISPs not sharing specific information.  The 6 strikes rule the ISPs are currently enforcing, combined with Obama's cybersecurity executive order means that the ISPs will give the feds everything and I fully expect them to use this information to go after innocent people like they went after Aaron Swartz.

Stay paranoid.  Get a VPN, run BSD and use encryption.

[Dabs]

I'm not in the US, does this affect me? Also, even if my ISP has my IP address, what can they do? If the police come knocking at my door, they need a warrant. If they find nothing, then there is nothing, just a hassle.

I just read about Aaron Swartz and, that is crazy, you are threatened for doing something which is free. Any time you offer something up, someone will grab it. Which is why I always wonder what they mean by "unlimited". It should mean, the maximum which can flow through a particular service. If you put a cap, then it is not unlimited or unmetered.