Senate, Once Again, Looks To Bring Back CISA: Surveillance Expansion Bill Pretending It's A Cybersecurity Bill

from the information-sharing-with-whom dept

We’ve discussed the “cybersecurity” bill, CISA, that’s been making its way through Congress a few times, noting that it is nothing more than a surveillance expansion bill hidden in “cybersecurity” clothing. As recent revelations concerning NSA’s surveillance authorities have made quite clear, CISA would really serve to massively expand the ability of the NSA (and other intelligence agencies) to do “backdoor searches” on its “upstream” collection. In short, rather than protecting any sort of security threat, this bill would actually serve to give the NSA more details on the kind of “cyber signatures” it wants to sniff through pretty much all internet traffic (that it taps into at the backbone) to collect anything it deems suspicious. It then keeps the results of this, considering it “incidental” collections of information.

In an incredibly cynical move, supporters of the surveillance state have seen OPM hacks as a ridiculous excuse to push to pass this bill. Senator Mitch McConnell tried to include it in the defense appropriations bill by pointing to the OPM hack. That gambit, thankfully, failed.

But that’s not stopping the supporters of the surveillance state. During recent Congressional hearings, surveillance state supporter Senator John Cornyn claimed that CISA would be back for a vote before the end of the month, despite having failed multiple times in previous attempts. And, earlier this week, McConnell similarly announced plans to bring it up for a vote soon — and, again in the context of the OPM hack. Here’s McConnell being interviewed on Fox News by Bret Baier:

BAIER: Senator, you mentioned cybersecurity. Hackers broke into the U.S. Office of Personnel Management, stealing background investigation forms, fingerprint records, Social Security numbers for more than 22 million people….

[….]

MCCONNELL: This is a total mess. It’s no wonder they had a hard time with the Web site which they launched Obamacare. These cybersecurity issues are enormously significant. What we’re going to do is before August, take a step in the direction of dealing with the problem with information sharing bill that I think will be broadly supported. This is an administrative disaster that the president needs to get a hold of and get straightened out soon.

What no one asks McConnell (of course) is how CISA would have had any impact on the OPM hack. Or, hell, how it would help stop a single online attack anywhere. Because that’s a question no one seems willing to answer. Because the answer was already made abundantly clear by Senator Ron Wyden in opposing this bill. It’s not about cybersecurity at all. It’s about surveillance.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Senate, Once Again, Looks To Bring Back CISA: Surveillance Expansion Bill Pretending It's A Cybersecurity Bill”

Subscribe: RSS Leave a comment
14 Comments
TheResidentSkeptic says:

Reality Check

Passing or not passing a bill has no relevance on the agencies version of “reality”.

The agencies have already demonstrated that whatever law is written can be “interpreted” to mean what ever they want it to mean, and therefore let them do whatever it is they want to do.

A targeted law just means having to use the “not under this program” excuse.

They are going to monitor everything on everyone all the time. Let’s check on where they are now:

Cell Location? Check.
Who you call and who calls you? Check.
Auto Location? – ALPRs everywhere. Check
Friends? – facebook et. al. scraped and analyzed? Check
email? all intercepted, stored, key-word analyzed. Check.
Packages? Intercepted and “modified”. Check
Software Security? Weakened at the very source. Check.
Software Vulnerability? #1 purchaser of day 0 exploits. Check.
Where you work? IRS knows, they all know. Check
How much you make? IRS knows, they all know. Check
Whether or not you are a “valued citizen” ? (i.e. contribute the right amounts to the right candidates) Check.

One more law to work around? Check.

Time for us to secure everything we have and do. VPNs for all – free SSL certs are coming – use ’em. Phone encryption – get it.

They are forcing us to lock down and make them “go dark”.

Call it Check and Mate.

Anonymous Coward says:

What we’re going to do is before August, take a step in the direction of dealing with the problem with information sharing bill that I think will be broadly supported.

We’ve had enough “information sharing” with (presumably) the Chinese, due to the incompetence of those charged with protecting information they collect “voluntarily.”

Surely the information we involuntarily provide will be afforded the same set of protections as the OPM data – is that really what he’s arguing for?

/smh

Seegras (profile) says:

Hoarding Zero-Day Exploits

Well, it would be rather ironic, if the breach at OPM had happened through a vulnerability which was known to the NSA or CIA, but which hadn’t been disclosed because they had wanted it to use for attacks/surveillance purposes.

Anyway, it will only be a question of time until exactly this scenario will happen.

Because you can either have security, or surveillance.

Uriel-238 (profile) says:

From my Senatrix (Dianne Feinstein)

Thank you for contacting me to share your concerns about the “Cybersecurity Information Sharing Act” (S. 752). I appreciate hearing your feedback, and welcome the opportunity to provide additional information about this bill.

As you know, the threat of cybersecurity attacks is among the greatest threats our nation faces. American financial institutions have incurred multi-million dollar losses due to cyber thefts. Even computer security companies and national security agencies like the FBI and Department of Defense have fallen victim to cyber attacks. Cyber attackers also hack into our personal computers, access our private information, and use our computers to launch other cyber attacks. These cyber intrusions affect the United States in substantial and real ways, and the threat is only growing. Unfortunately, experts agree that cybersecurity practices will not improve, allowing this vulnerability to remain, without legislation designed to strengthen the cyber defenses of critical infrastructure and to enhance the sharing of cyber threat information between and among the private sector and the government.

To help both our government and private businesses deal with threats from the constantly advancing cyber threats, on March 12, 2015, the Senate Intelligence Committee—of which I am currently Vice Chairman—passed the “Cybersecurity Information Sharing Act” (S. 752) by a strong bi-partisan vote of 14-1. This bill calls for voluntary information sharing of cyber threat information between U.S. Intelligence and law enforcement agencies and private companies. I believe this legislation, should it be enacted into law, will improve the ability of the federal government and private companies to identify malicious code or cyber attack signatures more rapidly.

It is important to note that the “Cybersecurity Information Sharing Act” contains robust privacy measures to ensure that information shared with the federal government is protected. For example, it would require companies to remove personal information from any cybersecurity information provided to the government that is not necessary for the purpose of addressing a cybersecurity threat. It would not provide any new authorities for conducting surveillance, nor would it address intellectual property rights on the Internet. Participation in information sharing under this bill would be voluntary, and the bill would limit the government’s ability to use private sector cyber information for approved cyber security purposes. The authority provided by the bill for companies to share information is limited to the sharing of cyber threat indicators and cyber defensive measures.

After reviewing intelligence on cyber threats for many years, it is clear to me that cyber attackers are causing major damage to Americans, our national security, and our economy. Please know that as Vice Chairman of the Senate Intelligence Committee, I am dedicated to fighting the threats we face and I believe this bill will help us in our fight against cyber attacks.

Again, thank you for your letter. I appreciate knowing your views and hope you will continue to inform me of issues that matter to you. If you have any additional questions or concerns, please do not hesitate to contact my office in Washington D.C. at (202) 224-3841.

All the ughs. All of them.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...