Senate Majority Leader Mitch McConnell has always been a friend of the intelligence community, but he's using the attack in San Bernadino to ramp up the anti-encryption insanity to new levels, practically begging President Obama to tell him what law he wants to ban encryption, and McConnell will help make sure Congress delivers. McConnell's statement was laying out what he thought President Obama should do in response to ISIS, and includes this ridiculous line:
He should tell us what legal authorities he needs to defeat encrypted online communications, and what is needed to reestablish our capture, interrogation, and surveillance capabilities.
"Defeat encrypted online communications"? Is he crazy? We need encrypted online communications to better protect us, and yet McConnell is trying to undermine those communications. He's actively proposing to make us all less safe. And, of course, talking about "reestablishing" our "surveillance capabilities" is about giving the NSA more surveillance powers. McConnell was, of course, the key person who tried to block any attempt at rolling back the NSA's unconstitutional phone records collection program.
Now, we know that President Obama didn't go quite as far as McConnell asked, but he did still push for a more "voluntary" solution -- which may morph into Congress doing something if people don't speak out loudly about what an incredibly dumb idea this is.
Congress is once again declaring its willingness to hold everyone in the nation accountable for their actions, present party excepted.
Back in 2011, it was revealed that members of Congress were participating in insider trading. Spending a great deal of time conversing with lobbyists tends to result in the discussion of information that has yet to be made public. Legislators, being the opportunists they are, chose to buy and sell stock based on this insider info. Lobbyists -- also opportunists -- sometimes did the same thing. And it was all perfectly legal... at least for Congress.
This revelation did nothing to increase the public's goodwill towards its so-called "representatives." With its approval percentage (15%) sliding below that of Bernie Madoff's personal loan applications, Congress swiftly acted to close this loophole in the law.
Two years later, with everyone safely re-elected, Congress quietly excised the disclosure requirement in the new law, making it virtually impossible to verify whether or not it was actually playing by the rules it had made for itself. Predictably, it called the disclosure of such information a "national security risk."
Meanwhile, the SEC opened an investigation into Congressional insider trading related to health insurance companies. Congress refused to answer subpoenas or provide documents to the Commission. When ordered to by a federal judge, the House Ways and Means Committee gently explained that it could do whatever the fuck it wanted to.
The U.S. House Ways and Means Committee and a top staff member say the panel and its employees are "absolutely immune" from having to comply with subpoenas from a federal regulator in an insider-trading probe.
Two years later, Congress is still arguing that rules and laws are for people who can't write their own rules and laws. Judge Paul Gardephe didn't buy Congress' arguments that its conversations with lobbyists were so "privileged" they couldn't be examined by another federal agency. He also pointed out that the "immunity" it relied on was carved out by the very law they had passed to address insider trading a steep drop in approval ratings.
On November 13, U.S. District Judge Paul Gardephe agreed with most of the SEC’s claims and ordered Congress to comply with the subpoena within 10 days. “Members of Congress and congressional employees are not exempt from the insider trading prohibitions arising under the securities laws,” he wrote. Gardephe reminded the attorneys that “Congress barred such claims of immunity when it adopted” the STOCK Act.
Congress' top lawyer fought back, claiming certain, very specific words were missing from the STOCK Act and that legislators' immunity was still intact.
Kerry W. Kircher, the House general counsel, requested more time. Then, shortly before Thanksgiving, on November 25, he filed a motion to appeal the subpoena to the 2nd Circuit. Kircher argued that the STOCK Act did not explicitly authorize the SEC to issue subpoenas to Congress, even to investigate insider trading.
This may not result in the investigation being scuttled or the lawsuit being tossed, but it does buy Congress more time to figure out its next accountability-dodging move. Meanwhile, Congress members are doing what they can to ensure the battle the SEC is waging to at least hold them as accountable as their own STOCK Act promised they would, will be long, expensive and hopefully, ultimately fruitless. These efforts are also shady as hell.
Away from the spotlight, however, congressional leaders continue to fight enforcement and to shore up the target of the SEC inquiry. Rep. Pat Tiberi, R-Ohio, and Rep. Diane Black, R-Tenn., two lawmakers who served on the same committee as Sutter, have used PAC money to donate to the legal defense fund set up to defend him.
Campaign funding -- itself a toxic wasteland where morality and ideals go to die -- is being rerouted to keep Bruce Sutter, a former Ways and Means Committee member who allegedly passed on non-public Medicare reimbursement information to a lobbyist for law firm Greenberg Taurig. Not only will Congress members let nothing stand in the way of personally profiting from their time in office, they'll also apparently ensure those who previously got away with it will continue to elude being held accountable.
In the past, we've discussed the idea of "soft corruption" a few times -- which in some ways can be more nefarious than out and out corruption. In soft corruption, it's not what most people normally think of as corruption (i.e., cash for getting something from politicians), but merely something that presents the very strong appearance of influence buying. It involves situations where even if everything being done is legal and done for the right intentions, the mere appearance of the conflict reduces the public's trust in government. Earlier this week, we wrote about how the House Judiciary Committee, which claims to be working on a major copyright reform effort, held "listening tours" in both Silicon Valley and Los Angeles (unfortunately, reinforcing the idea that copyright is a "Hollywood v. Silicon Valley" concept). As we noted, however, we were pleasantly surprised at the Silicon Valley hearing, that the discussion seemed really positive. It was (a) focused on actual ideas that could be implemented and (b) the members of the Judiciary Committee really seemed open to lots of good ideas.
From reports I've heard, the LA listening tour was also pretty good, minus one silly, but expected, flareup involving someone accusing Google of being a criminal pirate enterprise. However, in a move that seems fairly sketchy, following the hearing, the Committee members who were there had dinner with the MPAA. And, in Politico's latest report it notes that the head of the Judiciary Committee, Rep. Bob Goodlatte, hung around an extra day in Southern California to put his name on and attend a fundraiser for his colleague Rep. Kevin McCarthy.... put on by the MPAA:
Rep. Bob Goodlatte didn't just bring lawmakers to Silicon Valley and Los Angeles this week to talk with tech companies and content creators about the future of copyright. The House Judiciary Committee chief also offered his name and support to a fundraiser for House Majority Leader Kevin McCarthy and the National Republican Congressional Committee, hosted last night by the MPAA, according to an invite snagged by MT.
The event, a cocktail reception and dinner at the BOA Steakhouse in West Hollywood, asked for checks to be made out to the McCarthy Victory Fund, a joint fundraising committee with the NRCC, according to a Goodlatte aide. But the Judiciary chairman, who was slated to attend, extended the help a day after he and other lawmakers visited Hollywood to talk tech policy and later dined with the MPAA. A spokeswoman for the congressman added it was Goodlatte's only fundraising event while out in California
And, yes, if he had done a similar thing up in Northern California with tech folks, it would be equally concerning. I know the cynical folks who read this won't accept this, but I actually do believe that Goodlatte is trying to come up with a reasonable plan for copyright reform that actually takes all the issues into account. While I don't always agree with him, I've found him to be a lot more open to understanding these issues than some of his colleagues. But... that said... this is the kind of thing that most people will see and reasonably think that it undermines Goodlatte's trustworthiness on issues like this. It certainly gives off the appearance of a pretty strong conflict of interest, and makes people more cynical and less trustworthy of the government that is supposed to represent them.
Of course, much of the real underlying problem here is the state of money in politics today, and the fact that, for most Congressional Reps. fundraising is nearly 50% of their job responsibilities. So, if you're going to Hollywood, why not tack on a fundraiser? But, again, what that does, in the public's eyes, is make the entire process appear corrupt in some fashion. Thus, even if everyone's goals and intentions are aboveboard, the American public has significantly less trust in the entire system.
On Tuesday, the House Judiciary Committee held a hearing on what sounds like a boring topic: "International Data Flows: Promoting Digital Trade in the 21st Century." However, as we've discussed, this seemingly boring topic can have a profound impact on how the internet functions, and whether it remains a global platform for free expression -- or becomes a fragmented system used for widespread censorship, surveillance and control. In other words this is important.
The hearing was mostly pretty bland (as Congressional hearings tend to be), but at one point, Robert Atkinson, the President of the Information Technology and Innovation Foundation (ITIF) argued that the US should be encouraging global censorship if it's for sites like The Pirate Bay. You can watch the portion of the video below (it should start at the right moment, but if not, jump to 1 hour, 27 minutes and 40 seconds):
It starts with Rep. Jerry Nadler reading a question someone else clearly prepared for him, directed at Atkinson about how to handle situations in which different countries have different laws regarding free speech and content, and what that should mean for "data flows" across borders. In short, this is a question about "what should we do with countries who want to censor the internet -- and should we allow that sort of thing." Atkinson's answer is a bit rambling, but he basically starts off by saying that we'll never agree with some other countries on free speech and such... but then says no matter what, one thing we should all agree on is that it's good to censor sites like the Pirate Bay and the US should encourage such blatant censorship worldwide:
I think it's an untenable project that we would end up with "global harmony" on every single rule with regard to the internet. We're not going to be able to do that. And we're certainly not going to be able to do that with free speech. There are certain countries, particularly more traditional, religious countries that find pornography objectionable. We don't with our... or at least we have free speech, we may find it objectionable, but we allow it. We're not going to agree on that. And for certain things like that, countries are going to do that and I think we just have to be okay with that.
Another example is in Germany, you're not allowed to download a copy of Mein Kampf. In the US, we can. Again, we're not going to change the German view. I don't know if they're right or wrong. It doesn't make any difference.
Where we can and should, though, take action, is there are some things that are clearly illegal under the WTO framework for intellectual property, for example piracy and intellectual property theft can be prosecuted. So when countries engage in steps, for example, to block certain websites that are clear piracy sites -- like, for example, a web or a domain called "the pirate bay" that should be quite... you know we should be encouraging that. That's quite different than blocking, say, Facebook or something like that, or blocking some site just because you don't want competition.
Where to start? Well, how about I let Atkinson debunk Atkinson. In the question immediately preceding this one about blocking websites, Nadler had asked Atkinson about backdooring encryption. And there, Atkinson gave a much better answer, noting that it was a terrible idea (he's right!), but then notes:
If they try to mandate that, they're setting a dangerous precedent, for example, by letting the Chinese government do the exact same thing.
Uh. Yeah. And having the US government "encourage" censoring websites also sets a dangerous precedent by letting the Chinese government (and lots of other governments) point to the US as doing the same thing they do. But, as Atkinson and other copyright system supporters will undoubtedly scream, "that's different -- this is about copyright, not censorship." Yeah, well, you're not paying attention if you don't recognize how copyright is used for political censorship as well. Remember how Russia was using copyright law to intimidate its critics? What you might not remember is that when China first set up its massive online censorship system, known as the Great Firewall of China, one of its key justifications to the outside world was that it would be used to stop piracy online. And, of course, during the big SOPA/PIPA fight, the Chinese were laughing at those of us in America who whined about their Great Firewall, while we were debating a proposal to set up an identical system.
Of course, it's no surprise that Atkinson is making this argument. The organization he runs, ITIF, is frequently credited with first proposing the ideas behind SOPA in a white paper that came out right before the SOPA push. And ITIF famously argued in favor of SOPA by pointing to authoritarian countries who censor the internet as proof that SOPA wasn't that harmful. Yes, Atkinson's own firm suggested that the US should emulate China, Saudi Arabia, Iran, Syria and a number of other countries in censoring the internet. But, you know, "just for copyright."
And this doesn't even get to the issue of Atkinson's assured statement that certain sites are "clear piracy sites." Except, as we've noted over and over again, almost every great innovation around content delivery was decried as a "tool for piracy" originally. Radio, TV, cable TV, the photocopier, the VCR, the DVR, the mp3 player and YouTube and similar sites were all attacked as piracy tools originally. And yet every one of them actually opened up new and important arenas for content creation, distribution and monetization. What looks like a piracy tool in the early days often becomes a massive and legitimate business opportunity soon after (again: it was just four years after the MPAA's Jack Valenti declared VCR's the "Boston Strangler" to the film industry that home video revenues surpassed box office revenues).
Either way, what Atkinson was saying here is both shocking and dangerous. He's outright advocating a censorship regime based on his belief of what is and is not appropriate -- and suggesting that the US should "encourage" other countries to censor the web without legal due process, without consideration for innovation, because he has decided which sites are bad. At the end he says that blocking The Pirate Bay is not like blocking Facebook. Yet, there are many people who argue that Facebook is, similarly, a giant piracy site. Whose definition is right in that context? And the same question can be asked about YouTube. Viacom sued YouTube claiming that it was just as bad as the Pirate Bay. Would Atkinson support countries blocking all access to YouTube "under the WTO"?
There is a rather astounding level of cognitive dissonance that some people, such as Atkinson have, around issues related to copyright and censorship. They assume, incorrectly, that copyright is some magical fairy tale world where it's never used for censorship, and thus it's fine to block "bad sites" where people like Atkinson get to decide what is and what is not bad. But all he's doing is encouraging internet censorship, and giving massive amounts of cover to authoritarian regimes who want to censor the internet for all sorts of reasons. They can easily take Atkinson's claims that we must encourage censorship over copyright and either abuse copyright for that purpose, or even just twist it slightly to note "well, blocking infringement is important to the US, and we feel the same way about political unrest."
Atkinson's ITIF lost its battle for SOPA nearly four years ago. It shouldn't try to reintroduce the idea of a global platform for internet censorship today.
The TSA's inability to live up to the "S" in its acronym is on display again. The agency's Inspector General recently testified before a Congressional oversight committee. Fortunately, no one stepped forward to shoot the messenger -- seeing as the message was more bad news about TSA incompetence. I imagine TSA Administrator Peter Neffenger would have jumped at the chance to be the triggerman, but was fortunately limited to delivering his own prepared remarks in response.
After speaking to the "difficulty" (apparently insurmountable) of the TSA's "mission," Inspector General John Roth referred to the difficult nature (in the parental sense) of the agency itself.
My remarks were described as “unusually blunt testimony from a government witness,” and I will confess that it was. However, those remarks were born of frustration that TSA was assessing risk inappropriately and did not have the ability to perform basic management functions in order to meet the mission the American people expect of it. These issues were exacerbated, in my judgment, by a culture, developed over time, which resisted oversight and was unwilling to accept the need for change in the face of an evolving and serious threat. We have been writing reports highlighting some of these problems for years without an acknowledgment by TSA of the need to correct its deficiencies.
Is the TSA willing to change now? Possibly. But some things haven't changed, like its ability to do its job. Roth's office has performed another round of covert testing. Last time this testing was performed, the IG's fake terrorists nearly aced the test.
“In September 2015, we completed and distributed our report on our most recent round of covert testing.” This is where undercover DHS inspectors do stuff like try to smuggle bomb parts through checkpoints, and succeed … let’s see … 96% of the time. Or at least that’s how it’s gone in the past. How about now?
“While I cannot talk about the specifics in this setting [it’s classified, y’all], I am able to say that … the test results were disappointing and troubling,” and were “consistent across every airport” tested. Roth also noted that the tests were conducted by personnel “without any special knowledge or training,” which might seem odd unless you know that the TSA reacted to the earlier 96-percent-failure-rate findings partly by complaining that the IG had used personnel who were specially trained to defeat TSA’s efforts. (You know, sort of like an actual terrorist might be.) So this time, the IG deliberately chose people with no special knowledge or training to carry out its audits. I interpret this to mean that people who basically had no real idea what they were doing consistently and successfully breached security at every airport tested.
While the nuances of transportation security continue to elude the Transportation Security Agency, one thing has changed: an actual reaction from the TSA's parent agency, the DHS.
The Department’s response to our most recent findings has been swift and definite. For example, within 24 hours of receiving preliminary results of OIG covert penetration testing, the Secretary summoned senior TSA leadership and directed that an immediate plan of action be created to correct deficiencies uncovered by our testing. Moreover, DHS has initiated a program — led by members of Secretary Johnson’s leadership team — to conduct a focused analysis on issues that the OIG has uncovered, as well as other matters. These efforts have already resulted in significant changes to TSA leadership, operations, training, and policy…
You know, the sort of thing the DHS and TSA should have done when similar failings were found in 2014. And 2012. And 2011...
The testimony/rebuttal offered by TSA Administrator Neffenger opens with statements ranging from "factually" to "laughably" false.
We remain deeply committed to ensuring that TSA remains a high-performing, risk-based intelligence-driven counterterrorism organization. We are working diligently to ensure we recruit, train, develop, and lead a mission-ready and highly-capable workforce, placing a premium on professional values and personal accountability.
Or this, which makes the claim that failing nearly 100% of the time proves the system is still effective.
It is important to acknowledge that the OIG covert tests, as a part of their design and execution, focused on only a discrete segment of TSA’s myriad capabilities of detecting and disrupting threats to aviation security. This was not a deliberate test of the entire system and while there were areas for improvement noted by the Inspector General – with which we concurred -- that the system as a whole remains effective and, as a result of this series of tests, has only gotten stronger.
Scoring higher against an opponent of a lower skill level (the Average Joe Bomb Carrier "operatives" deployed by the OIG in 2015, rather than the "covert operatives" who performed the 2014 test) doesn't exactly signal systemic strength. But whatever, it's the system we have -- one we neither want nor deserve.
And then there's this part of the statement, which could easily support a full-fledged buzzword-based drinking game all on its own.
Solutions to the challenges facing TSA will require a renewed focus on the agency’s security mission, a commitment to right-sizing and resourcing TSA to effectively secure the aviation enterprise, and an industry commitment to incentivizing vetting of passengers as well as creating conditions that can decrease the volume and contents of bags presented for screening in airports.
"Incentivizing vetting of passengers?" Isn't that pretty much the only task the TSA performs? (I mean, when not running its Instagram account or helping the DEA walk off with a traveler's money…) After 15 years on the job, you'd think the TSA's vetting incentive program would be humming away like a well-funded machine. Apparently not, though. As the Inspector General points out, the TSA still approaches airport security in a disturbingly haphazard fashion.
[W]e believe that TSA’s use of risk assessment rules, which granted expedited screening to broad categories of individuals unrelated to an individual assessment of risk, but rather on some questionable assumptions about relative risk based on other factors, created an unacceptable risk to aviation security. Additionally, TSA used “managed inclusion” for the general public, allowing random passengers access to Precheck lanes with no assessment of risk. Additional layers of security TSA intended to provide, which were meant to compensate for the lack of risk assessment, were often simply not present.
While I am still of the belief that a majority of the TSA's actions are a perversely expensive and intrusive form of pantomime, the least the agency could do is maintain consistency across its security "offerings." If PreCheck is only "safe" because of the vetting process, then limit it only to those who have been pre-cleared. If 99% of travelers are no threat and can be waved through expeditiously, then do that and ditch the stupid "please throw out your breast milk while your TSA-friendly locks are broken" playacting that keeps lines backed up at security checkpoints.
The TSA has proven it's far better at officiousness and bureaucracy than security. And for years, it's been more interested in making excuses than fixing its problems. IG John Roth hopes this is the beginning of the end of the TSA's abysmal track record. In his comments to the Congressional committee, he expresses his support for the Inspector General Empowerment Act which would, among other things, maintain the office's independence and force agencies to cough up documents and information in a more timely fashion.
But it's hard to believe the culture will change. At the TSA, aviation security is just a job -- something that only deserves a minimal level of attention or competence. And that's all we'll get, for years and years to come: government-mandated harassment that hassles far more travelers than terrorists.
After rejecting all the good privacy amendments to CISA, the Senate has now officially passed the legislation by a 74 to 21 vote. About the only "good" news is that the vote is lower than the 83 Senators who voted for cloture on it last week. Either way, the Senate basically just passed a bill that will almost certainly be used mainly for warrantless domestic surveillance, rather than any actual cybersecurity concern.
If you'd like to know which Senators voted for greater domestic surveillance, here's your list:
Alexander (R-TN)
Ayotte (R-NH)
Barrasso (R-WY)
Bennet (D-CO)
Blumenthal (D-CT)
Blunt (R-MO)
Boozman (R-AR)
Boxer (D-CA)
Burr (R-NC)
Cantwell (D-WA)
Capito (R-WV)
Carper (D-DE)
Casey (D-PA)
Cassidy (R-LA)
Coats (R-IN)
Cochran (R-MS)
Collins (R-ME)
Corker (R-TN)
Cornyn (R-TX)
Cotton (R-AR)
Donnelly (D-IN)
Durbin (D-IL)
Enzi (R-WY)
Ernst (R-IA)
Feinstein (D-CA)
Fischer (R-NE)
Flake (R-AZ)
Gardner (R-CO)
Gillibrand (D-NY)
Grassley (R-IA)
Hatch (R-UT)
Heinrich (D-NM)
Heitkamp (D-ND)
Hirono (D-HI)
Hoeven (R-ND)
Inhofe (R-OK)
Isakson (R-GA)
Johnson (R-WI)
Kaine (D-VA)
King (I-ME)
Kirk (R-IL)
Klobuchar (D-MN)
Lankford (R-OK)
Manchin (D-WV)
McCain (R-AZ)
McCaskill (D-MO)
McConnell (R-KY)
Mikulski (D-MD)
Moran (R-KS)
Murkowski (R-AK)
Murphy (D-CT)
Murray (D-WA)
Nelson (D-FL)
Perdue (R-GA)
Peters (D-MI)
Portman (R-OH)
Reed (D-RI)
Reid (D-NV)
Roberts (R-KS)
Rounds (R-SD)
Sasse (R-NE)
Schatz (D-HI)
Schumer (D-NY)
Scott (R-SC)
Sessions (R-AL)
Shaheen (D-NH)
Shelby (R-AL)
Stabenow (D-MI)
Thune (R-SD)
Tillis (R-NC)
Toomey (R-PA)
Warner (D-VA)
Whitehouse (D-RI)
Wicker (R-MS)
And here's the tragically short list of the 21 who voted against this.
Baldwin (D-WI)
Booker (D-NJ)
Brown (D-OH)
Cardin (D-MD)
Coons (D-DE)
Crapo (R-ID)
Daines (R-MT)
Franken (D-MN)
Heller (R-NV)
Leahy (D-VT)
Lee (R-UT)
Markey (D-MA)
Menendez (D-NJ)
Merkley (D-OR)
Risch (R-ID)
Sanders (I-VT)
Sullivan (R-AK)
Tester (D-MT)
Udall (D-NM)
Warren (D-MA)
Wyden (D-OR)
If you're wondering what happens now: the Senate version and the House version are different, so the differences need to be resolved in conference. There's a chance that could lead to the bill being made better, but it's more likely that the bill will actually be made worse. And then, of course, assuming no substantial changes, it would go to the President's desk for signature. So the bill is pretty far along, but it can still be stopped. Senator Ron Wyden, who has led the fight against it says he's not giving up yet.
Well, that didn't take long. Shortly after Senator Chuck Grassley raised his voice about the FBI's refusal to share information about its investigation of Hillary Clinton's State Department emails, a status update of sorts has been provided.
The FBI is still holding its "ongoing investigation" cards close to its chest, but it apparently authorized an anonymous, unofficial spokesperson to beat back the heat with the leak of a few details.
The FBI has recovered personal and work-related e-mails from the private computer server used by Hillary Clinton during her time as secretary of state, according to a person familiar with the investigation.
The Federal Bureau of Investigation’s success at salvaging personal e-mails that Clinton said had been deleted raises the possibility that the Democratic presidential candidate’s correspondence eventually could become public. The disclosure of such e-mails would likely fan the controversy over Clinton’s use of a private e-mail system for official business.
This obviously won't be good news for the presidential hopeful, but it does indicate the FOIA lawsuit brought against the State Department by Judicial Watch might start moving forward again.
The FBI is also attempting to determine how much classified information was stored on Clinton's personal email server. Once that's sorted out, it will presumably be up to the DOJ to decide how much of a wrist slap Clinton's mixing of business and pleasure warrants.
"Computer specialists" quoted by Bloomberg say the FBI should be able to recover most of the deleted emails. This is likely true and the effort deployed probably won't stretch the agency's technical expertise. Clinton's use of a private server had less to do with opsec than just making it more difficult to obtain these emails through public records requests.
And while the FBI would like to keeps its findings to itself until it wraps up the investigation (if for no other reason than to avoid weakening its "ongoing investigation" auto-denial), Del Quentin Wilber of Bloomberg points out Congressional committees can issue subpoenas to obtain information from the agency while the investigation is still underway.
As we've been discussing, some surveillance hawks in Congress have been trying very hard to push CISA through into law, often using the disastrous OPM hack as evidence for why it's needed. Yet, as we've pointed out multiple times, there's nothing in CISA that would have prevented OPM from being hacked. Instead, the Senators pushing CISA and using the OPM hack as the reason seem to be blindly flailing around assuming that because both are tangentially related to "cybersecurity," people will believe that it all "works."
The reality, of course, is that CISA has nothing to do with the OPM hack, but is really a backdoor surveillance bill, designed to give immunity to companies sharing info with the NSA, that it can feed into its system that it uses to monitor all "upstream" traffic. Senator Ron Wyden has been warning about this for months, without too many people paying attention -- because fear! cybersecurity! hack!
So, Wyden's latest strategy is to look a little more deeply at the OPM hack itself and what the government's National Counterintelligence and Security Center (NCSC) did (if anything) to prevent the hack. In a letter to NCSC, Wyden asks for details of what steps it had taken to protect OPM.
The National Counterintelligence and Security Center (NCSC) is tasked with a very important mission, which includes defending the nation's classified information and assets from exploitation by foreign adversaries. The importance of this mission has recently been underscored by compromises of sensitive US government personnel data.
And thus, the following questions:
Did the NCSC identify OPM's security clearance database as a counterintelligence vulnerability prior to these security incidents?
Did the NCSC provide OPM with any recommendations about how to secure this information?
At least one official has said that the background investigation information compromised in the second OPM hack included information on individuals as far back as 1985. Has the NCSC evaluated whether the retention requirements for background investigation information should be reduced to mitigate the vulnerability of maintaining personal information for a significant period of time? If not, please explain why the existing retention periods are necessary?
There may be a variety of reasons for sending this letter -- but one clear one is to send the following message: before Congress rushes around demanding CISA as a response to the OPM hack, shouldn't we look at how our own processes failed to prevent that attack? And that's especially true given that the point of CISA is to trust the very same government to help private companies with cybersecurity. If the government can't even do the most basic things to protect its own data, why are we rushing to pass a law that is entirely premised on the idea that the government can help others protect their data?
This administration hasn't been big on protecting whistleblowers. It often talks about increasing transparency and accountability, but its actions have been the complete opposite. The same goes for the rest of the government. Agencies institute whistleblower protections, often in response to Inspector Generals' reports detailing violations of existing policies, but still remain much more interested in nabbing "insider threats" than protecting whistleblowers from retaliation.
When Congress passes good governance laws — most notably FOIA — they tend to exempt themselves.
They’ve done the same with a series of Whistleblower Protection laws. While they’ve amended the Whistleblower Protection Act and added protections to employees in the private finance industry, they have not offered the same protections to their employees.
Sadly, this seems to be the case far too often. Lawmakers tend to write laws for other people. But accountability shouldn't just apply to other entities. Congress needs whistleblowers just as much as the rest of the government does. In this case, however, it doesn't appear to be intentional. It appears to be that some of these legislators are simply unaware they're pushing for something they've already exempted themselves from having to follow.
Asked about the [Whistleblower Protection Caucus] report, Sen. Charles E. Grassley, R-Iowa, one of the caucus’s founders, said federal workers are protected. When informed about the OOC report that stated protections did not extend to legislative branch workers, Grassley said, “We’ll take a look at it.”
Sen. Claire McCaskill, D-Mo., another of the caucus’s founding members, was shocked to learn congressional employees are not protected.
“They should [be protected],” McCaskill said. “I’ll go right back to the office and say, ‘Draft that legislation!'”
“Whistleblowers should be allowed to operate and have protections everywhere in our government,” McCaskill added. “Everywhere.”
Hindsight has been adjusted to roughly 20/20, give or take an ongoing blindspot. Now, instead of congratulating themselves on crafting healthier whistleblower protections while their respective staffs look on in concern, they'll be performing the civic duty of "getting right on that." Hopefully, this will result in the institution of the currently-missing protections. But it can just as easily result in this being yet another law Congress doesn't have to follow -- especially if the numerous legislators currently unconcerned with the lack of strong whistleblower protections decide their interests are more important than the public's.
A few legislators were aware of the missing protection, however. Senator Barbara Boxer is already working on legislation that will encompass federal employees not currently covered by existing laws, and Senator Ron Johnson has already set up his own whistleblower "hotline."
“I would say that is news to me,” said Sen. Ron Johnson, R-Wis., when told that legislative workers were not protected. “I think they should be. And certainly we’ve [set up] a website, whistleblower@ronjohnson.senate.gov, and I hope they would take advantage of that.”
“I’ll protect ‘em,” he added.
It's not clear how much protection Johnson can offer anyone not currently covered by whistleblower protections, but a senator's office likely offers a bit more of a shield than going it alone.
If you pay any sort of ongoing attention to Congress, you're probably familiar with GovTrack, the extremely useful online resource created by Joshua Tauberer in 2004, containing robust info on the status of all the bills that hit the floors of the House and the Senate. It's a fantastic tool, and today we're looking at a crowdfunding push to make it even better by hiring a full-time researcher to add additional context and analysis to the bills and votes being tracked.
The Good
Until very recently, GovTrack was fully automated and had no staff — which is why one man's pet project has been going strong for over a decade without much if anything in the way of revenue. But Joshua knows there's lots more the site could be doing, and recently hired an intern to start testing out a big new addition to GovTrack: researchers who can closely follow the most important bills and dig into them deeper than the algorithms can, providing commentary and analysis plus readable summaries of legislation, and reporting on the underlying political context. To that end, they've also launched GovTrack Insider as a Medium page, which already features a bunch of posts on various important bills and votes from the last few months.
The Kickstarter goal is to upgrade from an intern to a full-time researcher on a six-month contract — or two as a stretch goal. This could really take the already-useful GovTrack to a whole new level.
The Bad
While I don't by any means think this is a bad idea, there are still a few potential pitfalls. The first is that it's not clear how this one-time fundraising goal can/will translate into something ongoing. A researcher can do a whole lot in six months, but the ongoing flow of bills through Congress requires ongoing attention with no end in sight. Will we be looking at another Kickstarter for the next congressional session? Or is there some plan to secure new revenue streams with the expanded GovTrack? Either way, if this project is as useful to people as it's likely to be, some will surely be happy to keep paying.
The other, perhaps more critical, pitfall is politicization. Once you move from automatically tracking raw data to actually writing up summaries and analyses, it's almost inevitable that you'll have to start taking political/ideological sides from time-to-time, no matter how committed you might be to neutrality or objectivity. It might prove very difficult to expand GovTrack in this way without beginning to be seen as an at-least-slightly partisan publication rather than a wholly neutral tool for anyone to use — though, that doesn't mean it's impossible.
The Rewarding
There are some very interesting rewards available for backers of this project (and the choice to link the dollar amounts for the various tiers to important Congress-related numbers is a neat one). At lower levels, backers can get in on webinars and group chats that explore Congressional issues and provide advice on political advocacy, while the higher tiers offer the ability to get custom summaries and analyses written of bills that you choose.
But perhaps the most attractive (or at least the most fun) options are those that take advantage of the research intern's other skill: art. At various tiers, he'll draw you a custom caricature of any Representative or Senator that you choose. No word on if you get to dictate how flattering or unflattering said caricature is, though.