CISPA Take 3: Feinstein & Chambliss Draft Another Cybersecurity Bill, Designed To Wipe Out Your Privacy

from the only-massive-amounts-of-government-can-keep-you-safe dept

Washington DC: where no bad idea ever truly dies. CISPA, the infamous “cybersecurity” bill that has twice failed to cross the President’s desk is back again. This is the Senate’s attempt at a cybersecurity bill, so it doesn’t sport the same gaudy initials (those belong to the House), but it’s still the same set of terrible ideas.

The Senate’s previous attempts to write its own cybersecurity bill were supposedly prompted by privacy concerns, something the House version treated as wholly irrelevant to securing our nation from cyberattacks. This new bill may decide privacy is the only thing irrelevant to national security, seeing as it’s been crafted by Dianne Feinstein and Saxby Chambliss, both largely supportive of the NSA’s (recently exposed) activities.

The new bill sports the following title: Cybersecurity Information Sharing Act of 2014. CISPA without the “p,” apparently. Out with the “protection” (which was nominal) and in with the oversharing of cyberthreat information.

The bill, like others before it, grants broad immunity to participating companies, stripping away one of the few reasons these entities might stick up for their customers (and their data) and consider plugging the security hole before turning that info over to both the military, national security agencies and, well, any number of government agencies or competitors. The text of the bill leaves that almost completely unspecified.

The new, 39-page draft bill, written by Sen. Dianne Feinstein (D-Calif.), chairman of the intelligence committee, and Sen. Saxby Chambliss (Ga.), the ranking Republican, states that no lawsuit may be brought against a company for sharing threat data with “any other entity or the federal government” to prevent, investigate or mitigate a cyberattack.

This immunity screws up incentives and encourages questionable behavior, as it to be expected when accountability is removed.

There’s a small nod to privacy in the bill, but it carries with it some potential weasel words that could completely undermine the protection.

An entity sharing cyber threat indicators pursuant to this Act shall, prior to such sharing, remove any information contained within such indicators that is known to be personal information of or identifying a United States person, not directly related to a cybersecurity threat in order to ensure that such information is protected from unauthorized disclosure to any other entity or the Federal Government.

Considering what the NSA and others have deemed “relevant” to their counterterrorism efforts, lots of personal data could easily be construed as being “directly related” to a potential cybersecurity threat.

Other protections are equally as malleable. Law enforcement agencies are allowed to avail themselves of cyberthreat information, but only if given written consent from the entity(ies) involved. But that “only” isn’t actually a limitation. The paragraph immediately following the “written consent” stipulation creates the same sort of loophole that agencies like the FBI have abused to the point of surreality in the past.

If the need for immediate use prevents obtaining written consent, such consent may be provided orally with subsequent documentation of the consent.


Giving law enforcement or indeed any agency this sort of manual override undercuts anything stipulated previously. This encourages a culture of asking forgiveness, rather than permission. Grab the data and justify it post facto. That’s no protection at all, especially when granted immunity gives companies absolutely no reason to push back on these oral requests.

This may only be the draft version, and there will be several changes made before it goes up for a vote, but this groundwork is far from heartening. It appears as though no one involved has learned anything from CISPA’s two troubled trips through the House, not to mention the new concerns prompted by leaked NSA documents.

Further gestures in the direction of civil liberties and privacy protections are made later in the bill (under a heading “Privacy and Civil Liberties” no less), but those protections are roughly identical to existing policies governing the NSA’s (and FBI’s) mass collection of American metadata — oversight and minimization, both of which have been subverted by these agencies.

The bill also consolidates more power within the DHS, creating an “all roads lead to the DHS” method of managing cyberthreat information. If there’s one entity which has proven time and time again to be both a) mostly useless and b) prone to abusive behavior, it’s the DHS. And yet, the bill calls for the agency to be the central cyberthreat repository.

IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Secretary of Homeland Security, in coordination with the heads of the appropriate Federal entities, shall develop and implement a capability and process within the Department of Homeland Security that—

(A) shall accept from any entity in real time cyber threat indicators and countermeasures in an electronic format, pursuant to this section;

(B) shall, upon submittal of the certification under paragraph (2) that such capability and process fully and effectively operates as described in such paragraph, be the process by which the Federal Government receives cyberthreat indicators and countermeasures in an electronic format that are shared by an entity with the Federal Government…

Unfortunately, as terrible as the DHS is at determining threats and sharing information, there’s probably no way to route around it. The post-9/11 agency is now the government’s national security clearinghouse, and everything flows to it, even if it’s usually the agency least likely to make productive use of the information. While cyberthreats pile up, DHS agents will be chasing down people taking pictures of public structures.

Believe it or not, this bill putting DHS as the central authority is actually one half-step better than the likely alternative, which is making NSA the central player. For many years now, there’s actually been something of a turf war between DHS and NSA over who gets to control the (increasingly massive) cybersecurity budget. And a bill that designates DHS as the “winner” of that turf battle at least gives it a slight preference over the NSA — though, unfortunately, this bill would let DHS share info with NSA freely, which is yet another problem.

CISPA may have seemed at least half-dead, but Feinstein and Chambliss are breathing life into its lumbering carcass. You would think the last several months, combined with CISPA’s earlier struggles, would have resulted in a better cybersecurity bill. Instead, it actually seems worse.

“This is definitely a step back,” said Gabe Rottman, legislative counsel and policy adviser for the American Civil Liberties Union, who was shown a copy of the draft. “The problem is the definitions of what can be shared and who it can be shared with are too broad. In this draft, companies can share data with the military and the NSA. Given the past revelations, I think it’s important to keep this information in civilian hands.”

And that’s just one of several problems. Combine the bill’s wording with the administration’s tacit approval of the NSA’s exploit stockpile and you’ve got something that will generate millions of dollars worth of budget line items while doing very little to make anyone — even the government itself — any safer.

Filed Under: , , , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “CISPA Take 3: Feinstein & Chambliss Draft Another Cybersecurity Bill, Designed To Wipe Out Your Privacy”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Here's hoping for the usual short-sightedness

If the NSA and DHS have been having a little spat over the years over funding, hopefully the NSA will see this as an ‘attack’ against their power and start pressuring their cheerleaders to shoot the bill down.

Mind, the fact that one of their more strident ‘defenders’ is involved in writing the bill doesn’t bode well for that, but hopefully the NSA’s ego will manage to re-assert itself and they’ll be back to attacking any perceived ‘threats’ to their power and authority.

That One Guy (profile) says:

Re: Not much I can do...

Ouch, though even still, might be worth some time to point out that nobody actually believes that this sort of crap has anything to do with protecting the people, and everything to do with protecting the spy agencies/activities she’s so enamored with.

I imagine the response would be the standard ‘Everything is fine citizen, this is all for your protection, so sit back down and be silent’ crap that usually gets sent out in response to any and all criticism on stuff like this, but even so, pointing out that she’s fooling no-one is worth saying.

Anonymous Anonymous Coward says:

Targeted Marshal Law

Why don’t they just come out and admit it? They want marshal law, targeted of course, at anyone that hiccups offensively, plus 3 degrees of separation there of. (Used to be six degrees of separation, but somebody blinked).

What I don’t understand is that when more than half the population is in prison, with another third of the population guarding them, and another third producing what is needed to drive the first two, who’s gonna be left to watch their stupid movies?

Anonymous Coward says:

Retroactive immunity for everyone! Not only for the telephone companies, but now for everyone!

Why don’t the people who write these bills just come out and say what they’re really thinking. Which is, “Screw the US Constitution!”

The worst part is, all the dangerous hackers launching cyber attacks, are smart enough to cover their tracks by purchasing a Virtual Private Server on Amazon Cloud, using a stolen credit card. Plus bouncing their connection through 5 VPN networks located in 5 different countries, plus through TOR.

Meanwhile, average Joe citizen is having all their personal information handed over to DHS, FBI, NSA, CIA, and God knows who else. All the while the real ‘cyber criminals’ are laughing their asses off and sipping martinis on a tropical beach somewhere after hitting Target up for millions of dollars.

But don’t let that stop you from passing a bill that scarifies everyone’s civil rights in return for no security what so ever. Go ahead and do what you do best, Sen. Spystein. Go ahead and grand that retroactive immunity blanket you’re so fond of.

Anonymous Coward says:

I’m not concerned with what some opium farmer overseas might do. I’m more concerned with what the people in our own system are doing.

Between this and the erosion of Net Neutrality, it’s safe to say we’re the next Soviet Union. This is why the likes of Brazil and the Eurozone will be the new paragons of freedom and economic success while the USA will go down in history as yet another repressive regime that eventually collapsed under its own weight.

Anonymous Coward says:

out of curiosity, how long do readers give the USA before it becomes a worse example of the very thing, Fascism, which it helped to defeat 70 years ago? we are sure heading that way and damn fast, when the government is going to either know or want to know every single thing about everybody? i give it less than 5 years, probably nearer 2 years. Lord help us then because we will be in such shit order, we wont be able to help ourselves!

Anonymous Coward says:

Re: Re: Re:

Just with enough opportunities of choice between Coke and Pepsi.

Canada isn’t there yet, if numbers are right, Emperor Harper will be kicked out next year.

I’m gonna have such a boner. No for real. Even if they end up with a thinly in power minority government. I really love the fact he’s being bitchslapped by Obama over the Keystone XL pipeline. Liberals + NDP should form a coalition to prevent them a minority government, but these 2 are hard to re conciliate because the Liberals view the extremely high (and first time official opposition) voting in their favour instead of them in 2011 cos it left a bitter taste in the Libs mouth. But petty politics will lose when it comes against a “majority” government that got barely 38% of the votes.

We live under crypto-fascism when tories are in power because they do not hide they represent a foreign power more than their own country (England) while Liberals have brought in the constitution 30 years ago and ignore the british royal family and that is why Canada always accumulates surplus under Liberals.

Anonymous Coward says:

How many times ate they going to ram this bill through congress? The people didn’t want it the first time, they didn’t want it the second time, now its just insulting. Obama and his cronies are just going to keep pushing his CISPA until he gets it through or they lose their offices.

Please people, if any of these statist cronies serve your area and are up for reelection, dont vote them back in, they’ve proven that they will sell you out to the dogs. Even if you have to bite the bullet and vote the opposite party, the worse that they can do is merely maintain the status quo.

GEMont (profile) says:

Re: Re:

Just a guess, but when the MAFIA took over Wall Street with all the tax-free drug money they made in the previous half century, they did not consider that keeping the Constitution was really worth the effort it would take to constantly circumvent it while pretending publicly to uphold it.

So they got George Bush to suspend it right after 9/11 when he secretly declared war on anyone who gets in the way of their progress.

Now the Corporate Government; otherwise known as a Fascist Business Venture, only allows the constitution to be used in cases where it has no effect on Federal Operations.

In other words, the Constitution no longer applies unless the Fed wants it to apply, because its been secretly suspended for the duration of the secret war effort.

You wouldn’t know this of course, because you are after all, the enemy. 🙂

Loki says:

It appears as though no one involved has learned anything from CISPA’s two troubled trips through the House, not to mention the new concerns prompted by leaked NSA documents.

Wrong. The lesson they learned is the same lesson they’ve gotten for years: that they can do whatever the hell they want, whenever they want.

Oh, sure they meet some resistance from time to time, like with SOPA/PIPA, but what REAL consequences did any of them face? They’ve all still got their jobs, and until that starts happening in signficant numbers, they aren’t going to give a shit about the people (and I can’t say I blame them – if I stood on a balcony and spat on people all day, and people complained but never had me removed from the balcony, why would I stop spitting on them?)

GEMont (profile) says:

Cash Cows not Sheep

“Combine the bill’s wording with the administration’s tacit approval of the NSA’s exploit stockpile and you’ve got something that will generate millions of dollars worth of budget line items while doing very little to make anyone — even the government itself — any safer.”

Hey, no probs!
After all, you, the taxpayer, are good for it.

Besides, safer aint the plan.

Weaker, stupider, busier, drunker, sicker and suggestible, now that’s the plan, cuz then the taxpayer aint just good for it, he won’t even mind being buggered, if he even ever realizes he’s footing the bill for his own destruction.

And with China considering foreclosing on their loan to finance the US war effort abroad, you’d damn well better be good for it cuz the fed is up to its ass in debts and is NOT considering spending less any tine soon.

GEMont (profile) says:

Re: Re: Cash Cows not Sheep

Forgot the most important one: Poorer.

Poorer citizens need to keep their shitty jobs, so they will just tow the line and shut the fuck up like good little wage slaves.

Poorer population means more minions for hire to do the dirty deeds of the rich and powerful.

Poorer people have no voice and will waste their energy in prayer, especially if they fear and hate each other.

Poorer people cannot counteract the diseases that will be introduced to make them sicker and will beg for free vaccinations laced with with even nastier diseases and heavy metals.

Yep, really can’t forget Poorer.

Its probably the most important part of the plan.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...