Senate Quickly Says 'No Way' To Mitch McConnell's Cynical Ploy To Add Bogus Cybersecurity Bill To NDAA

from the let's-stop-this-game dept

Earlier this week, we noted that Senator Mitch McConnell, hot off of his huge flop in trying to preserve the NSA's surveillance powers, had promised to insert the dangerous "cybersecurity" bill CISA directly into the NDAA (National Defense Authorization Act). As we discussed, while many have long suspected that CISA (and CISPA before it) were surveillance bills draped in "cybersecurity" clothing, the recent Snowden revelations that the NSA is using Section 702 "upstream" collection for "cybersecurity" issues revealed how CISA would massively expand the NSA's ability to warrantlessly wiretap Americans' communications.

Thankfully, like his PATRIOT Act games from a few weeks ago, this latest McConnell move has fallen flat. The Senate rejected the attempt by a 40 to 56 vote. So, for now, it looks like the Senate isn't going to be able to ram CISA through either which is good news.

Still, expect Congress to keep trying. But, each time, it's important to ask some basic questions: what attacks would this bill actually stop (answer: none). And what laws are currently preventing the supposedly necessary "information sharing" from happening today? And, more importantly, why is the NSA getting access to this information and allowed to run backdoor searches on its upstream collections of all internet traffic exiting or entering the US? These all seem like relevant questions and they're all questions that the powers that be are ignoring.

Filed Under: cisa, cybersecurity, mitch mcconnell, ndaa, senate

Mitch McConnell Wants To Dump Bogus 'Cybersecurity' Bill Into Defense Authorization

from the surveillance-mess dept

You knew that Senate Majority Leader Mitch McConnell wasn't going to just leave things alone after his strategy to renew the bulk surveillance provision of the PATRIOT Act failed somewhat miserably. He's now announced that he's going to dump the absolutely terrible CISA bill into the NDAA (National Defense Authorization Act). CISA, as we've discussed, is the latest in a long line of "information sharing" bills, that are really surveillance bills in disguise.

While defenders of these "information sharing" bills insist that they don't open up new surveillance capabilities, as we discussed last week, the latest revelations from the Snowden documents, showing that the NSA uses its Section 702 "upstream" capabilities to monitor for "cybersecurity signatures", reveal that these bills may not grant any new authorities, but would massively expand their ability to do surveillance. That's because it now becomes clear that what the NSA is looking for is more of these "cybersecurity signatures" which it can then use against the "upstream" collection to collect all sorts of information, which is then designated as "incidental" collections that are then free to be searched.

In other words, last week's revelations about the NSA and using upstream for cybersecurity should completely change the debate over cybersecurity bills. But... instead, McConnell is relying on a different story that came out the same day: the hacking of the government's Office of Personnel Management. Of course, even McConnell seems to admit that having the cybersecurity bill in place wouldn't have stopped that (no one has ever shown how these bills would stop a single cybersecurity attack ever), but whatever, "cybersecurity":

“It might or might not deal with every aspect of what apparently happened a few days ago. But Congress is going to act on cybersecurity on this bill in the very near future.”

Actually, it wouldn't have dealt with any aspect of what happened last week. And "acting" on something just because "hacking" seems pretty stupid, but I guess that's how Congress works these days.

There's also some political garbage going on behind the scenes, with McConnell trying to do this in order to get more Democrats to support the NDAA, but it seems like that -- like his PATRIOT Act strategy -- could backfire in a big way.

Filed Under: appropriations, cisa, cybersecurity, defense, mitch mcconnell, ndaa, surveillance

Amendments Offered To NDAA To Try To Stop NSA Surveillance Abuse

from the forcing-hands dept

If you're wondering why the USA Freedom Act finally started moving forward again, a good place to look is tomorrow's vote on re-upping the NDAA (National Defense Authorization Act), with a variety of folks in the House proposing amendments that would lead to defunding certain NSA activities. As you may recall, last year, Rep. Justin Amash proposed defunding the NSA's Section 215 bulk data collection program, which came very close to passing. Fearing a similar effort, the House leadership decided to finally get moving on USA Freedom. Of course, with USA Freedom watered down, attention is turning back to the NDAA Amendments, with the vote on all of this happening tomorrow.

There are a ton of amendments, many of which won't get anywhere at all, but Amash is back with a few amendments, along with Reps. Zoe Lofgren, Rush Holt, Alan Grayson and some others. Amash, Lofgren and Holt have teamed up for a couple of amendments trying to block bulk collection under Section 215. Meanwhile Lofgren and Holt have an amendment to deny funding for the NSA's weakening of encryption and inserting back doors in technology. Lofgren and Amash, along with Rep. Thomas Massie, have an amendment defunding Section 702 "warrantless wiretapping" efforts. Grayson goes for the gold with an amendment that would block funds for any surveillance done on American citizens inside the US without probable cause. While there's no way this amendment will get approved, it's basically just saying "hey, you know what, we should obey the 4th Amendment."

Filed Under: alan grayson, amendments, justin amash, ndaa, rush holt, zoe lofgren

Congress To Amend NDAA To Give DoD & NSA Greater 'Cyberwar' Powers

from the say-what-now dept

Remember the NDAA? Yeah, for a variety of reasons that bill got a lot of attention last year -- mostly focused on the question of detainment of terrorists. But there are some other nuggets in the bill, including one tidbit about "military activities in cyberspace." The existing version of the NDAA does grant the Defense Department the ability to conduct such military activities, but only "upon direction by the President" and if the purpose is to "defend our Nation, Allies and interests," subject to existing laws.

Here's the existing text:

SEC. 954. MILITARY ACTIVITIES IN CYBERSPACE.

Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to—

(1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and

(2) the War Powers Resolution (50 U.S.C. 1541 et seq.).

However, the House Armed Services Committee is getting ready to do a markup on the NDAA that includes a change to that section (section 954), which expands the powers of the Defense Department, and basically gives it broad powers to conduct any military actions online -- with it specifically calling out clandestine operations online. Here's the text they want to substitute:

SEC. 954. MILITARY ACTIVITIES IN CYBERSPACE.

‘‘(a) AFFIRMATION.—Congress affirms that the Secretary of Defense is authorized to conduct military activities in cyberspace.

‘‘(b) AUTHORITY DESCRIBED.—The authority referred to in subsection (a) includes the authority to carry out a clandestine operation in cyberspace—

‘‘(1) in support of a military operation pursuant to the Authorization for Use of Military Force (50 U.S.C. 1541 note; Public Law 107-40) against a target located outside of the United States; or

‘‘(2) to defend against a cyber attack against an asset of the Department of Defense.

‘‘(c) RULE OF CONSTRUCTION.—Nothing in this section shall be construed to limit the authority of the Secretary of Defense to conduct military activities in cyberspace.’"

Note a bunch of slightly sneaky things going on here. First, it gives blanket powers to the DoD, rather than saying it can only take actions on the President's direction. While we may not have much faith that the President wouldn't let the DoD do such things, giving such blanket approval upfront, rather than requiring specific direction is a pretty big change.

Second, and perhaps more important, the new language specifically grants the DOD (and the NSA, which is a part of DOD) the power to conduct "clandestine operations." This is (on purpose) left basically undefined. Combine this with the fact that the "Authorization of Use of Military Force" is so broadly defined in the current government, this then grants the DOD/NSA extremely broad powers to conduct "clandestine" operations with little oversight. Related to this is that it removes the restriction that the DOD must take actions that are "subject to the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflicts." Instead it lets them use such powers, without these restrictions, against anyone declared an enemy under the AUMF (lots and lots of people) or in any effort to stop a cyberattack against the DOD -- which again you can bet would be defined broadly. This is a pretty big expansion of online "war" powers for the Defense Department, with what appears to be less oversight. And all done while people are looking the other way...

Filed Under: congress, cyberwar, dod, ndaa, nsa

Will Politicians' Support For Draconian IP Laws While Ignoring Civil Liberties Issues Come Back To Bite Them?

from the what-happens-next dept

I'm usually not one for the typical "end of year" summaries of what happened over the preceding twelve months, but Dave Kravets at Wired has put together an excellent post, bringing together a series of separate events that showed that politicians were quite eager to pass new draconian intellectual property laws all year, but shied away from anything that involved protecting our civil liberties. Reading through the article, it's a really sad statement over how the past year went from a politics perspective.

Of course, it will be interesting to see the coming backlash over this. We're already seeing the beginning elements of a reaction over SOPA (as well as the massive support for Ron Paul) and 2012 may make for an interesting year. Declan McCullough is wondering if the internet world is ready to "go nuclear" in the effort to stop SOPA/PIPA next year. As with anything, I think that there will be some mistakes made along the way, but as the internet community gets more organized and more vocal, I do wonder if these two trend lines (more draconian IP laws and less civil liberties protections) can really continue to move in the same direction much longer.

Filed Under: civil liberties, ecpa, intellectual property, ndaa, pipa, politicians, protect ip, sopa

Reddit Turns Its Attention To Politics: Seeking Supporters Of SOPA & NDAA To Unseat

from the the-internet-awakens? dept

Following its ability to build up enough grassroots support to get GoDaddy to change its position (if not its mind) on SOPA & PIPA, it appears the Reddit community wants to see if it can do the same thing with some politicians. Earlier this week, we had asked who would be the first politician to be "GoDaddy'd" and it appears that the Reddit community has already jumped onto that challenge. It's been rather fascinating to watch over the past few days as the amorphous crowd self-organized and set up its own rules over who to focus on and why. They've decided to focus on politicians who supported both NDAA (the controversial bill that crystallizes the government's ability to detain Americans without trial) and SOPA/PIPA. They also want to pick one politician from each major party, to keep this from being a partisan thing. Separately, they've been seeking out politicians who may actually be vulnerable... and trying to vet their opponents to make sure who gets elected in their place isn't even worse.

So far, the community has focused in on Senator Bob Corker of Tennessee as its main Republican target (there have been a few others listed as well), but doesn't seem to have settled on a Democratic target yet.

I still think that a lot of this will depend heavily on who is challenging these politicians, and if they're willing to make a campaign issue out of these free speech/civil liberties issues. It'll definitely be tough to unseat incumbents, but even if the internet community can make it into an actual fight, politicians will start to take notice. And, even if it fails this time around, watch out for what comes next. Like many "open" systems, the first version may not be pretty, the second version may be a little buggy, but once you get around to the third version and beyond, they often start being a lot more powerful than anyone expects. Politicians who underestimate the community of folks at Reddit and similar sites may be in for a surprise before too long...

Filed Under: bob corker, community, ndaa, pipa, politics, protect ip, sopa
Companies: reddit