As Predicted, Congress Turned CISA Into A Clear Surveillance Bill... And Put It Into The 'Must Pass' Gov't Funding Bill
from the but-of-course dept
Yesterday we warned that Congress was quietly looking to do two horrible things: (1) strip all pretense from the "cybersecurity" information sharing bills and turn them into full-on surveillance bills and (2) then shove it into the "must pass" omnibus bill which is supposed to be about funding the government and nothing more. And... it looks like our warning was almost entirely accurate, as the bill has been released and within its over 2000 pages, it includes CISA and has been stripped of many of the key privacy protections (if you want to find it, it's buried on page 1728), while expanding how the information can be shared and used. In part, due to concerns raised yesterday, a few of the absolutely worst ideas didn't make it into the final bill, but it's still bad (and clearly worse than what had previously been voted on, which was already bad!).The bill is due for a vote tomorrow and so right now would be the time to call your elected officials and let them know that this is a serious problem. The EFF has spoken out about how problematic this is, as have a group of free market think tanks.
There is some opposition within Congress to this. We've seen a "Dear Colleague" letter sent around by a set of four members of Congress (two from each party) -- Reps. Zoe Lofgren, Justin Amash, Jared Polis and Ted Poe -- opposing this move, but chances are that most members of Congress actually have no idea that this is happening, which is why you should be calling today to let them know how problematic this is.
The House Intelligence Community counters that the claims being made against CISA are inaccurate, but they're being incredibly misleading. While the reports yesterday indicated that the bill would directly allow its use in "surveillance," the list of approved uses was changed slightly to effectively hide this fact. Specifically it says that the information via CISA can be used to investigate a variety of crimes -- and doesn't say "surveillance." But, obviously, surveillance isn't a "crime" that the government will be investigating. It's just the method that the government will use to investigate crimes... which is now allowed under CISA. In earlier versions, the information was only to be used for "cybersecurity." But now that list has been expanded to cover a wide variety of crimes: "a specific threat of death, a specific threat of serious bodily harm, or a specific threat of serious economic harm, including a terrorist act or a use of a weapon of mass destruction."
And how are those things going to be stopped? By ramping up surveillance, of course.
Also, yesterday we noted that the proposed change would "remove" the privacy scrub requirements. The final bill didn't completely do that, but basically changed the standard to pretend that it's in there. Rather than demanding a full privacy scrub, the bill lets the Attorney General determine if DHS is doing a reasonable job with its privacy scrub. The same Attorney General who will now be using this same information to investigate all sorts of "criminal" activity. Guess what incentive the Attorney General has to make sure that privacy scrub is legit?
Finally, the revised bill tries to hide the fact that the NSA will get access to this data with some super crafty language. Section 105(c) of the bill notes that the President can designate any other agency to set up a portal to receive information, but explicitly says that cannot be the Defense Department or the NSA. That sounds good, but is there as a total red herring. This is only about who runs the portal, not about who gets the information. So, DHS can still share the info with others and the President could still designate, say, the FBI to get a portal... or the Director of National Intelligence (which oversees the NSA). However, CISA's supporters are pointing to this sections as "proof" that it won't be used by the NSA.
Considering how much debate and concern there was over this bill, and the fact that basically all the major companies in Silicon Valley have come out against it -- and I still can't find a single computer security expert who thinks that this is needed for increasing our security, it's pretty obvious that this is not a cybersecurity bill. It's a surveillance bill that has no business being added to the omnibus bill.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cisa, cybersecurity, dhs, nsa, omnibus, omnibus bill, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Sleazy politics at their finest
As the AC above notes, it should absolutely be forbidden to add extras to a bill like this, and there should be hefty penalties for those that try. A bill should either be passed or rejected on it's own merits, it shouldn't be able to be hidden or slipped in with something completely unrelated.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Not only that...
[ link to this | view in thread ]
How many Republicans support it?
[ link to this | view in thread ]
brinkmanship
I say let's have another government shutdown, only this time without the massive police presence enforcing a total blockade on highways, bridges, bicycle trails and footpaths that cross federal property.
[ link to this | view in thread ]
Re: How many Republicans support it?
Both parties support Big Government, Big Business, and Big Spending and removal of your liberty. They merely disagree on how to go about codifying these all into law!
[ link to this | view in thread ]
Re: How many Republicans support it?
They only engage in all the other arguments over other topics as a means to pit the various public groups against each other to distract from their treachery in an insatiable pursuit of ever more money and power.
They are truly the enemy of the people.
[ link to this | view in thread ]
[ link to this | view in thread ]
Delusional Thought #47
This omnibus spending crap is the refuge of cowards.
--
[ link to this | view in thread ]
[ link to this | view in thread ]
So removed from reality
Hey idiots in congress, you're creating reasons why people don't want to work or spend money. Why feed the pigs who are devouring everything? Starve and slaughter them all...
[ link to this | view in thread ]
I don't care anymore. Privacy has been dead for a long time now, people just don't give a shit.
And until they do, nothing's going to change.
[ link to this | view in thread ]
anarchy
[ link to this | view in thread ]
Re: Re: How many Republicans support it?
All about that fat corporate cash rolling in, and protecting the entrenched bureaucracy/system.
I don't agree with all of his views, but I'll be damned if Amash doesn't seem to be principled and explain every vote. Plus, the Republican party here in Michigan loathes him, which is probably worth something. ;)
[ link to this | view in thread ]
Re: brinkmanship
[ link to this | view in thread ]
Re: anarchy
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Another Eternal September is on the horizon
They've given up on targeting single individuals, so ISPs are the only available target. The government wants to make encryption illegal, but banks rely on encryption (and pay nice big campaign contributions), so they can't just say "ISPs, don't allow any encrypted packets through". They could go back to busting random people, but they know that'd hit 90-year-old war veterans, 12-year-old little girls, and any number of other martyrs that would result in an unsafe level of public outrage.
Even if they do figure out some way to successfully block darknets at the ISP level, by the time they implement it people will probably have worked out a meshnet system that will eliminate even ISPs.
[ link to this | view in thread ]
Re: How many Republicans support it?
[ link to this | view in thread ]
Who needs id cards when their building themselves the ability to check on whomever they deem to suspect of their own defined criminal behaviour......which will eventually trickle down to the police, where then everyone will get to enjoy the freedom of doing what they THINK they should be doing, less the not so proverbial big brother over your shoulder decides to harass you, over the tenth billion law, introduced not but a minute ago
[ link to this | view in thread ]
Re: Sleazy politics at their finest
[ link to this | view in thread ]
Re: Re: How many Republicans support it?
[Sad but True]
[ link to this | view in thread ]
Re: Re: How many Republicans support it?
[ link to this | view in thread ]
Re: Re: Sleazy politics at their finest
The New World Order will tax them and give no representation.
The colonists will revolt kicking the New World Orders ass all the way back to earth. The newly populated star systems will then form a representative democracy with three branches of government and the United Starsystems Alliance ( USA ) will be born!
[ link to this | view in thread ]