Dana Liebelson is a reporter in Mother Jones' Washington bureau. She contributes regularly to The Week. Previously, she worked for the Project On Government Oversight (POGO), covering defense and open government issues. Her work has also appeared on TIME's Battleland, Truthout, OtherWords and Yahoo! News. In her free time, she plays electric violin in an Indie rock band.
Josh Ritter The Beast in its Tracks Pytheas Recordings
When one of the best living songwriters gets divorced, it's hard to know what to expect: Josh Ritter isn't one for "angry, over-the-top, knee-jerk breakup songs," as NPR puts it, but The Beast in its Tracks, out this week, is such a clean, joyful trip across the Americana landscape that you'd be forgiven for thinking that Ritter just got hitched to a new bride, wearing tweed. It's a little deceiving—like if your best friend got dumped, showed up to your birthday party insisting that everything was just peachy, God damn it, and then wandered off into the woods with a handle of whiskey.
Don't let that stop you from acquiring the album when it comes out on Tuesday. (NPR is streaming it in full, but don't be lame; artists need to eat, too.) Ritter's album convincingly recalls everyone from Bob Dylan to Bruce Springsteen to Paul Simon, and I already have at least three favorite songs looping on my stereo ("A Certain Light," "New Lover," and "Hopeful").
On Thursday, the House finally reauthorized the Violence Against Women Act—a full year and a half after it expired. VAWA had been held up by House Republicans in the last Congress after the Senate voted to add new provisions aiding Native American, immigrant, and gay victims of violence.
It looked as if the bill might suffer the same fate in the 113th Congress, after the House GOP leadership refused to schedule a vote on the version of the bill passed by the Senate 78 to 22, and instead pushed a stripped down version without protections for LGBT and Native American women. But in the end Republican lawmakers allowed a vote on the Senate's legislation, and it passed on Thursday, 286 to 138. Not one Democrat in either chamber voted against it. (Though one representative abstained.)
One major change to VAWA that drew objections from House Republicans were steps to give tribal courts greater jurisdiction over domestic violence committed by non-native men on Native American lands. The National Congress of American Indians defines congressional districts as having a "high concentration" of Native Americans when the community makes up .3 to 23 percent of the population. (Only a few such districts are in the higher range; most are in the low single digits, according to NCAI.) Here is how members of Congress from those districts voted:
The VAWA reauthorization also provides more access to services for immigrant victims of violence, and also helps them get special visas to stay in the US if they are victims of a serious crime. Here's how representatives from districts where Latinos make up over 25 percent of the population voted (Source: Proximity):
And here's the full breakdown of Republican votes in the House and Senate against reauthorizing VAWA:
And finally, here's a chart detailing how many of the Republican legislators voting against the bill were men, and how many were women:
When the US government tried to regulate the internet in 2011, through the Stop Online Piracy Act and a corresponding Senate bill, Silicon Valley tech giants and civil libertarians went ballistic. The two groups, often at odds, banded together to fight the controversial bills, which would have given the government enormous power to regulate web content and censor sites that appeared to be violating copyright laws. The protesters organized internet blackouts, and squashed the measures before you could type "Free streaming Walking Dead." But now some of the companies that fought SOPA, including Google, Yahoo, Facebook, Amazon, and eBay, are joining with initial SOPA supporters and the Obama administration to thwart the European Union's attempt to protect the personal information of European citizens—and American privacy advocates are back to fighting the tech behemoths.
In January 2012, the European Union proposed overhauling existing privacy laws in its member states. If passed by the European Parliament, the proposal will turn the EU's privacy recommendations into a legal requirement. This is some of the most powerful legislative action the EU can take, because it overrides all the national laws of members. Unlike SOPA, the laws aren't targeting copyright violations; instead, they would require that companies across Europe do more to protect consumers' privacy. That includes potentially giving hundreds of millions of European citizens the ability to opt out of online web tracking—which is exactly the kind of information companies like Facebook use to target advertising and attract revenues.
In the United States, corporations dominate tech policy and privacy is a consumer issue, but the EU considers privacy a civil and human right, explains Jeffrey Chester, executive director for the Center for Digital Democracy. The new EU laws would affect users outside of Europe (including US websites accessed by Europeans), so it's not surprising that US-based companies are swarming Brussels, where the European Parliament is attempting to finalize the proposals by April (see map).
Peter Fleischer, Google's Global Privacy Counsel, argues that the EU is stifling innovation. "I had always thought it was sensible to apply Europe's privacy laws worldwide, in the interests of maintaining one, consistent worldwide standard," he writes on his personal blog. "I'm changing my mind now…Despite all its good intentions, Europe is giving the world hopelessly vague privacy laws." (Google has seven lobbyists in Brussels and spent at least $780,000 there in 2011, and the EU announced this week it plans to take action against Google for violating Europe's existing privacy laws.)
Marc Rotenberg, president and executive director of the Electronic Privacy Information Center, says large internet firms are opposing the privacy bills because they simply don't want to be regulated: "In the US they oppose copyright rules, but the way that plays out in Europe is that these companies are opposing privacy." The Center for Digital Democracy's Chester says his group supports the European proposals because they give individuals, not corporations, the ability to decide how their personal data can be collected and used. "But to [these companies] it threatens to kill off the digital golden goose they have fattened so well, because they have to ask permission and explain what they do," he says. Both groups, along with 15 US NGOs, sent a letter to the Obama administration and US ambassadors earlier this month encouraging Washington to butt out of the EU decision making.
Companies that initially supported SOPA—such as Dell, Intel, and Microsoft—have lobbyists in Brussels, along with companies that vehemently opposed SOPA, including Google, Facebook, Yahoo, and eBay, according to the EU's Transparency Register. The American Chamber of Commerce to the European Union, which speaks for American business in Europe, also has nine lobbyists there. "These are businesses who most certainly do not want to strengthen consumer privacy," Joe McNamee, the EU advocacy coordinator at European Digital Rights, a coalition of European privacy groups, tells Mother Jones. "Of course, some are seeking minor changes, while some are seeking destruction of the whole legal framework. It is not the case that every company lobbying on the proposal are demanding the same thing."
Tech companies—including Google—are particularly concerned about the "Right to Be Forgotten" provision, which gives users (like say, party-happy college students) the right to erase their digital footprint. Google's Fleischer writes that this would force search engines like Google to remove information and is paramount to censorship, "more pernicious than book burning." Privacy experts agree that this part of the proposal should be carefully considered for First Amendment issues, but Chester points out that "the industry is using this issue as a political smokescreen to help kill off the [whole] law."
According to a document put online by LobbyPlag, an open source website which aims to track the influence of European lobbying on the privacy proposals, Facebook has submitted comments that oppose giving users the ability to opt out of targeted advertising, claiming that it "impairs companies' ability to innovate and negatively impacts the users experience." A Yahoo document obtained by Center for Digital Democracy shows that Yahoo is asking for amendments so that users don't have to give "explicit consent" for web companies to take their personal data, because Yahoo maintains that all the data-tracking is anonymous.
Will all this lobbying make a difference? A lobbying firm representing the National Business Coalition on E-Commerce and Privacy has found that the privacy proposal has not been weakened by the efforts, according to Politico. But LobbyPlag maintains that parts of the privacy bill are being amended to match the lobbyists' suggestions word-for-word. "It's too soon to say, but there's a very real possibility they will have a very great effect," says Jay Stanley, senior policy analyst at the American Civil Liberties Union.
The Obama administration has entered the fray on the same side as the tech biggies. The US Commerce Department is opposing the proposals because it "is concerned that sweeping new privacy controls could hurt the United States tech industry in Europe," according to the New York Times. Chester notes that even though Obama issued a progressive Privacy Bill of Rights last year, the administration is "relying too much on [voluntary] self-regulation" and bending to desires of the tech industry.
European privacy advocates, like their stateside comrades, want the United States to stop meddling in this matter: "The US government would never accept lobbying by the EU, if it was seeking to undermine the rights of US citizens," McNamee says. "It is totally inappropriate."
It looks like Charles Darwin can stop turning over in his grave, or at least, slow his roll: Three bills that take aim at widely accepted scientific theories like evolution and climate change died this week, in Indiana, the Oklahoma state Senate, and Arizona, following the earlier demise of similar legislation in Montana and Colorado, the National Center for Science Education reports. But two other anti-evolution bills—one in Missouri and another in Oklahoma's House of Representatives—are still kicking, and they have more explicit pro-creationist language than the bills that have already been scrapped.
As Mother Jones reported last week, the House bill in Oklahoma, introduced by Republican state representative Rep. Gus Blackwell in February, forbids teachers from penalizing kids for writing papers attempting to debunk the theory of evolution or global warming. That bill squeaked through the Oklahoma Common Education committee on February 19, and is still alive. So is a House bill in Missouri, introduced by Republican state representative Rick Brattin in January, that would require that teachers and textbooks devote equal space to the teaching of intelligent design, "destiny" and any other theories of origin. Brattin's bill has been referred to the Missouri Elementary and Secondary Education committee, but a hearing still hasn't been scheduled. Even the Discovery Institute, which supports intelligent design research, is opposing the Missouri bill, saying it goes too far in pushing intelligent design in schools.
In contrast, the dead bills in Indiana and Oklahoma don't even mention evolution. Instead the Indiana bill merely says "some subjects, including, but not limited to, science, history, and health, have produced differing conclusions," and both the Indiana and Oklahoma bills say teachers should be allowed to teach the "strengths and weaknesses" of different theories. This is similar to language used in the now-dead Arizona bill—except that Arizona actually names those controversial theories: "biological evolution, the chemical origins of life, global warming and human cloning." Kathy Trundle, president of the Association for Science Teacher Education, tells Mother Jones that "these types of legislation represent a thinly veiled attack on biological evolution.... Theories are not speculation."
In Indiana, a spokesman for Rep. Robert Behning, House Education Committee chairman, told The Indiana Star on February 3 that the bill wasn't going to get a hearing "due to the volume of bills and limited time." But that doesn't mean that the bill's sponsor is giving up. "It might be one of those things that I may file for several years," Republican state Representative Jeff Thompson told the paper. "My thought process hasn't changed."
Trundle says this kind of thinking is exactly the problem: "Legislation that conflates science, religion and politics is confusing and works against efforts to achieve scientific literacy."
On Monday, an American cybersecurity firm called Mandiant released a report accusing the Chinese government of systematically hacking into American computer networks and targeting state secrets, weapons programs, businesses, and even the nation's gas pipelines. The New York Times vetted the story and concluded that a growing body of evidence "leaves little doubt" that these attacks are originating from a secret Chinese army base. Adam Segal, senior fellow for China studies at the Council on Foreign Relations (an organization that, in the past, has also been targeted by hackers that appeared to be China-based), tells Mother Jones that this "raises the pressure on the increasing drum beat on the US to do something."
So just how freaked out do you need to be? Here's everything you need to know:
How do cyberattacks and cyberwarfare work? A cyberattack is what happens when a hacker penetrates computers or networks for the purpose of maliciously exploiting systems and information. This can lead to identity theft, viruses, theft of intellectual property, or full-on system infiltration (i.e., the hacker can watch your every move). Cyberwarfare is what happens when countries are the ones employing those hackers, often with the goal of stealing state secrets and/or causing damage.
The scheme that Chinese hackers employ to gain footholds on victims' computers is known in computer-speak as spear phishing, according to Mandiant, and it's a scam that's been around for years. The sabotage begins when a victim receives an innocuous work-related email about a meeting or a project from what appears to be a colleague's email address. If the target takes the bait, he or she will click on a hyperlink or download an attachment from the message. In some cases, suspicious recipients have responded to phishing emails with questions about the file's authenticity. The Chinese hackers have responded: "It's legit." When the target downloads the files, they'll be unwittingly installing remote-access software (sometimes referred to as a "backdoor") that allows the hacker to assume control of the victim's computer.
With a few lines of code, the hacker can install other backdoors and programs, upload and download files, capture screenshots of the user’s desktop, record keystrokes and passwords, and shut down the system. The sleuthing can last months or even years, and confidential and top-secret files can be easily transported from the network into the hacker's hands. Here's a video showing an attack in progress:
So what is this mysterious Unit 61398? Unit 61398 (or "61398部队" for the Mandarin speakers among you) is believed to be a top-secret unit of the Chinese government that "engages in harmful 'Computer Network Operations,'" according to the Mandiant report. It's located in a 12-story facility in Shanghai, and could have up to thousands of employees, most of whom are required to speak English, demonstrate computer security skills, and exhibit "team spirit." Richard Bejtlich, the chief security officer at Mandiant, tells Mother Jones that the unit built new headquarters in 2007. Mandiant claims to have known about the unit for seven years, but it's unclear exactly how long it has been around. D.B. Grady, a national security journalist and author, makes the case that "concerns over Unit 61398—a perfectly unnerving name—are no more worrisome than Chinese spies recruiting American agents to steal folders from locked filing cabinets." He adds, "If the US government were really alarmed, we would be threatening to go to war. Instead, we're threatening to give a lot of money to government contractors."
Nevertheless, here are some infographics showing just how effective Unit 61398 is at getting on your computer, and staying there:
Who is the Chinese government hacking?The short answer: Your business, your water supply, your defense, your newspapers, and probably more. The longer answer: Since 2006, China's espionage division has stolen data from at least 115 American businesses—and that's only the hacking that Mandiant directly observed. The company believes that number represents only a small fraction of the China's overall hacking activity. Not surprisingly, Chinese spies were most interested in hacking national-security-related industries such as aerospace, energy, scientific research and information technology. Here's a chart showing the most-targeted industries (it only includes attacks Mandiant witnessed, and includes some that occurred outside the United States):
Mandiant
But even if you work for an alfalfa farm in Wyoming, hacking could still affect you: According to the New York Times, the hackers are interested in US critical infrastructure—electric grids, oil pipelines and water systems—and are attempting to unlock US military secrets by targeting defense contractors and weapons program (more on that later). Chinese hackers are also taking on media giants that produce journalism critical of China: the Times' computers were compromised recently after a high-profile investigation revealed that members of Chinese Prime Minister Wen Jiabao’s family had accumulated massive wealth from state contracts, and the Washington Post, Bloomberg News and the Wall Street Journal have also all been targeted. (Mother Jones liability note: China is great! 我们爱中国!)
Why is China hacking the United States?Segal, the Council on Foreign Relations expert, explains:
The Chinese want to move up the value chain. They want to move from "made in" to "innovated in China." So part of it is stealing industrial secrets and helping Chinese companies. There's [also] political and military espionage—having a better sense of what the US government and US opinion leaders and other people think about China and try to influence that, and wanting to steal US military secrets. It's also a kind of deterrent. [It] sends a message to the US that the US homeland is vulnerable and if there was going to be a regional conflict that escalated, the US should know that the Chinese have a way of reaching out and touching us.
Another explanation? Chinese hackers just really wanted to access their social-media accounts, many of which are blocked on the mainland. Mandiant was able to trace some of the hackers' identities because the "easiest way for them to log into Facebook and Twitter [was] directly from their attack infrastructure." And as our colleague Josh Harkinson noted, at least one hacker appears to be "a fan of American and British pop culture"—he used Harry Potter references for his passwords.
So…just how screwed are we? Both private US companies and government infrastructure are pretty bad at stopping hackers from beating down the door. Most private companies "aren't in a position to defend themselves, and if you devote any length of time to break into one of these guys, you're going to find a way in," says Mandiant's Bejtlich.
When it comes to government, the forecast isn't much better: President Obama says that the "cyberthreat is one of the most serious economic and national security challenges we face as a nation." Between 2007 and 2009, the head of the Pentagon's Cyber Crime Center confirmed 102 instances in which hackers had infiltrated the networks of government agencies, military contractors, or other entities connected to the Department of Defense, according to a 2010 Forbes report. In 2007, the 10 largest defense contractors, including Lockheed Martin, Northrop Grumman, Raytheon, and Boeing, all suffered security breaches that traced back to China. CFR's Segal says that even though cyber attacks aren't new, "on the defense side, we haven't had too much success" defending against them.
But experts don't necessarily say that means the United States is screwed. Segal says that US-China relations would have to "already be very, very bad or very, very close to military conflict anyway for the Chinese to consider a cyberattack." He adds that "there is some vulnerability to the power grid and industrial sector, but it's not a major threat right now. The major threat is espionage and stealing secrets."
"The way cybersecurity works is the way security works in the real world," Bejtlich says. "It's based on fast detection and response. It's hard to stop someone from breaking into your house, but you can call the police and kick them out." He adds that "defense contractors also learn from their experiences, and the ones who are making the news more tend to do the best job of protecting information that I've seen."
Grady makes the case that many of the cybersecurity concerns are overblown, and are instead, simply a good way for the defense industry to squeeze more money out of taxpayers. "This isn't some kind of new horror. Cyberattacks will become worrisome when someone figures out how to use a copy of Linux to blow up something," he tells Mother Jones. "The motives of defense contractors are pretty obvious, aren't they?" he adds. "The war on terror is all but over, but cybersecurity could mean anything and everything. Where there's fear, there's a lot of money to be made."
What is the Obama administration doing? Last week, Obama issued an executive order on cybersecurity with the aim of protecting US critical infrastructure from hackers, despite pushback from conservatives and big business. The order requests that companies participate in a voluntary information-sharing program so the government can help them stop attacks. "It's not clear that the executive order is going to make it better," Segal says. According to Bejtlich, the administration "is doing as much as it can with the order, but now the focus needs to shift to the House and the Senate."
Who else is China attacking? Wait, are we attacking anyone? Check out this amazing chart by Foreign Affairs, showing the number of cyber attacks, and by whom, from 2001 to 2011 (click link for the full chart):
SC Magazine reports that hackers (of unconfirmed origin) are now using phishing emails that claim to include the Mandiant cybersecurity report, in order to gain access to victims. The phishing emails are reportedly targeting Japanese companies and Chinese journalists. Here's a screenshot of one of the fake emails, released by Symantec:
And here's a tweet from Malware Lab claiming that some of the victims may be Chinese journalists:
