Senate, Once Again, Looks To Bring Back CISA: Surveillance Expansion Bill Pretending It's A Cybersecurity Bill
from the information-sharing-with-whom dept
We've discussed the "cybersecurity" bill, CISA, that's been making its way through Congress a few times, noting that it is nothing more than a surveillance expansion bill hidden in "cybersecurity" clothing. As recent revelations concerning NSA's surveillance authorities have made quite clear, CISA would really serve to massively expand the ability of the NSA (and other intelligence agencies) to do "backdoor searches" on its "upstream" collection. In short, rather than protecting any sort of security threat, this bill would actually serve to give the NSA more details on the kind of "cyber signatures" it wants to sniff through pretty much all internet traffic (that it taps into at the backbone) to collect anything it deems suspicious. It then keeps the results of this, considering it "incidental" collections of information.In an incredibly cynical move, supporters of the surveillance state have seen OPM hacks as a ridiculous excuse to push to pass this bill. Senator Mitch McConnell tried to include it in the defense appropriations bill by pointing to the OPM hack. That gambit, thankfully, failed.
But that's not stopping the supporters of the surveillance state. During recent Congressional hearings, surveillance state supporter Senator John Cornyn claimed that CISA would be back for a vote before the end of the month, despite having failed multiple times in previous attempts. And, earlier this week, McConnell similarly announced plans to bring it up for a vote soon -- and, again in the context of the OPM hack. Here's McConnell being interviewed on Fox News by Bret Baier:
BAIER: Senator, you mentioned cybersecurity. Hackers broke into the U.S. Office of Personnel Management, stealing background investigation forms, fingerprint records, Social Security numbers for more than 22 million people....What no one asks McConnell (of course) is how CISA would have had any impact on the OPM hack. Or, hell, how it would help stop a single online attack anywhere. Because that's a question no one seems willing to answer. Because the answer was already made abundantly clear by Senator Ron Wyden in opposing this bill. It's not about cybersecurity at all. It's about surveillance.
[....]
MCCONNELL: This is a total mess. It's no wonder they had a hard time with the Web site which they launched Obamacare. These cybersecurity issues are enormously significant. What we're going to do is before August, take a step in the direction of dealing with the problem with information sharing bill that I think will be broadly supported. This is an administrative disaster that the president needs to get a hold of and get straightened out soon.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cisa, cybersecurity, information sharing, john cornyn, mitch mcconnell, opm, opm hack, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
Reality Check
The agencies have already demonstrated that whatever law is written can be "interpreted" to mean what ever they want it to mean, and therefore let them do whatever it is they want to do.
A targeted law just means having to use the "not under this program" excuse.
They are going to monitor everything on everyone all the time. Let's check on where they are now:
Cell Location? Check.
Who you call and who calls you? Check.
Auto Location? - ALPRs everywhere. Check
Friends? - facebook et. al. scraped and analyzed? Check
email? all intercepted, stored, key-word analyzed. Check.
Packages? Intercepted and "modified". Check
Software Security? Weakened at the very source. Check.
Software Vulnerability? #1 purchaser of day 0 exploits. Check.
Where you work? IRS knows, they all know. Check
How much you make? IRS knows, they all know. Check
Whether or not you are a "valued citizen" ? (i.e. contribute the right amounts to the right candidates) Check.
One more law to work around? Check.
Time for us to secure everything we have and do. VPNs for all - free SSL certs are coming - use 'em. Phone encryption - get it.
They are forcing us to lock down and make them "go dark".
Call it Check and Mate.
[ link to this | view in chronology ]
Of course the bill would have made a difference.
I mean, how irresponsible of them to worry the Proles like that? Flogging is too good for them.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
http://fija.org/
The next time you are asked to serve on a Jury, this time do in the right way! The Original American Way!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
We've had enough "information sharing" with (presumably) the Chinese, due to the incompetence of those charged with protecting information they collect "voluntarily."
Surely the information we involuntarily provide will be afforded the same set of protections as the OPM data - is that really what he's arguing for?
/smh
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Hoarding Zero-Day Exploits
Anyway, it will only be a question of time until exactly this scenario will happen.
Because you can either have security, or surveillance.
[ link to this | view in chronology ]
From my Senatrix (Dianne Feinstein)
As you know, the threat of cybersecurity attacks is among the greatest threats our nation faces. American financial institutions have incurred multi-million dollar losses due to cyber thefts. Even computer security companies and national security agencies like the FBI and Department of Defense have fallen victim to cyber attacks. Cyber attackers also hack into our personal computers, access our private information, and use our computers to launch other cyber attacks. These cyber intrusions affect the United States in substantial and real ways, and the threat is only growing. Unfortunately, experts agree that cybersecurity practices will not improve, allowing this vulnerability to remain, without legislation designed to strengthen the cyber defenses of critical infrastructure and to enhance the sharing of cyber threat information between and among the private sector and the government.
To help both our government and private businesses deal with threats from the constantly advancing cyber threats, on March 12, 2015, the Senate Intelligence Committee—of which I am currently Vice Chairman—passed the "Cybersecurity Information Sharing Act" (S. 752) by a strong bi-partisan vote of 14-1. This bill calls for voluntary information sharing of cyber threat information between U.S. Intelligence and law enforcement agencies and private companies. I believe this legislation, should it be enacted into law, will improve the ability of the federal government and private companies to identify malicious code or cyber attack signatures more rapidly.
It is important to note that the "Cybersecurity Information Sharing Act" contains robust privacy measures to ensure that information shared with the federal government is protected. For example, it would require companies to remove personal information from any cybersecurity information provided to the government that is not necessary for the purpose of addressing a cybersecurity threat. It would not provide any new authorities for conducting surveillance, nor would it address intellectual property rights on the Internet. Participation in information sharing under this bill would be voluntary, and the bill would limit the government's ability to use private sector cyber information for approved cyber security purposes. The authority provided by the bill for companies to share information is limited to the sharing of cyber threat indicators and cyber defensive measures.
After reviewing intelligence on cyber threats for many years, it is clear to me that cyber attackers are causing major damage to Americans, our national security, and our economy. Please know that as Vice Chairman of the Senate Intelligence Committee, I am dedicated to fighting the threats we face and I believe this bill will help us in our fight against cyber attacks.
Again, thank you for your letter. I appreciate knowing your views and hope you will continue to inform me of issues that matter to you. If you have any additional questions or concerns, please do not hesitate to contact my office in Washington D.C. at (202) 224-3841.
...
All the ughs. All of them.
[ link to this | view in chronology ]