Does CISA affect USENET? Well, yes. Now that we’ve ruined your day, let us explain the law and offer you some solutions.
CISA passed the US Senate on October 27. The bill is very similar to CISPA, which made it possible for the government to get information from private companies, like Facebook.
That information is supposed to help the government protect against cyberattacks but, like most of the legislation that allows the government to spy as part of the “War on Terror,” CISA is very broad and gives the government vast leeway in harvesting user data from private companies.
According to critics, the provisions of the bill are likely to be next to useless in fighting against cybercrime, given that most of the big attacks were caused by user or agency negligence rather than by sophistication on the part of hackers. As the EFF put it:
“The bill now moves to a conference committee despite its inability to address problems that caused recent highly publicized computer data breaches, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.”
What does it all mean for USENET? It means a lot, actually, and you might want to change the way you use your USENET access to accommodate the invasive powers the government has been granted by CISA.
Encrypted connections are available from most USENET providers and, most certainly, from our preferred providers.
You may, however, want to hook up to a server located outside the US if you’re located in the United States. Most providers have an EU option and the EU, at least in some regards, has better privacy protection than the US does.
While CISA is, ostensibly, designed to prevent cybercrime, remember that the US government has already demonstrated a rather loose definition of what being associated with a cybercriminal means in practice.
In fact, the NSA currently investigates people up to “three hops” away from a target they’re interested in. That means, according to The Guardian, if the NSA were investigating someone with fifty friends on Facebook, their three hops could expand to include looking at over 1.3 million individuals.
So, yes, even if you’re not connected to anyone you know to be a hacker of some sort, you’re probably connected to someone, somewhere, who is, at least by the loose standards of the US government.
In addition to looking for a server connection outside of the US, make sure you always use encrypted connections when you’re connecting to USENET. There’s no reason not to and doing so provides a much higher degree of privacy than connecting unencrypted.
Don’t think for a moment this bill doesn’t affect you. It certainly does and, unfortunately, rather than working to create a more secure Internet by educating people as to how to increase their overall levels of privacy and supporting useful technologies such as strong encryption, the US government seems to be betting on invasive, ineffective methods.
As for their expertise on these matters, the government’s track record on digital security rather speaks for itself.