HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.
HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

How The NSA's 'Cybersecurity' Surveillance Should Completely Change The Debate On Cybersecurity Bills

from the they're-about-surveillance dept

For quite some time now, we've been warning about the government's questionable attempts to pass "cybersecurity" bills that focus on "information sharing" with names like CISA and CISPA. Defenders of these bills insist that they're "just voluntary" and are necessary because it would enable private companies to share threat information with the US government, so that the US government could help stop attacks. Of course, we've been asking for years (1) why, if this is so useful, companies can't already share this information and (2) what attacks these bills would have actually stopped? No one ever seems to have any answers.

Defenders of the bill also insist that there really shouldn't be any privacy concerns because companies can just hand over the limited information on the attacks, not any personal user info. However, with the recent revelations from Pro Publica and the NY Times (via Snowden documents) about how the NSA uses "cyber signatures" in sniffing through the upstream collection (i.e., sniffing through all internet traffic by tapping into fiber backbones) computer security expert Jonathan Mayer notes that this completely changes the equation on just how bad these "information sharing" cybersecurity bills really are.

Before it was known that the NSA could do this, the argument was that sharing details of a cybersecurity threat would just lead to DHS and NSA taking that "threat" information, and then seeing if it can help figure out ways to prevent the threat. But, now that we know the NSA can sniff the entire upstream collection using such "cyber signatures" and then is allowed to collect and keep whatever it finds as an incidental collection, this becomes very clearly a surveillance bill -- just as Senator Ron Wyden warned.

That's because the new documents make it clear that the NSA not only wants to search based on these broad "cyber signatures" but then claims it gets to keep that data and can search through whatever it collects. These are the infamous "backdoor searches" that Senator Wyden has been warning about for ages.

So, these "information sharing" bills don't just give the NSA access to private information from companies, but really give the NSA the "cyber signatures" it needs to then snarf up a ton of other private information that it has long wanted access to. This is why closing the "backdoor search" loophole is so important as well -- and not letting any of these "information sharing" bills pass is also of utmost importance.

Oh, and one other sneaky thing in all of this that Mayer highlights: defenders of these information sharing bills insist that they're not surveillance bills because, as Rep. Adam Schiff noted: "this bill makes clear in black and white legislative text that nothing authorizes government surveillance in this act." But, as Mayer points out that's incredibly misleading because the government already has the authorization it needs, under the secret program that was just revealed. What the information sharing does is make that authorization much more powerful by making it easier for the NSA to collect the information it then can slide into the program in order to snarf up much more important private information.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Anonymous Coward, 5 Jun 2015 @ 1:54pm

    with the UK GCHQ eagerly jumping in to take the place of the NSA, the USA will still get all of the information on everyone anyway. what is needed is a much wider and stronger portrayal to the UK citizens of exactly what is going to take place unless there is some push back against Cameron and May. they both want a country and a world that is under constant surveillance, with no privacy and no freedom but one that can still turn round and condemn other countries that are already doing the self-same things! it's hypocrisy at it's worst and must be stopped! the problem being the UK government hasn't yet taken any notice of the EUCJ ruling that the data retention act is illegal and must be stopped. that being the case, what are the chances of it taking any notice of stopping this? they already know it's doomed to failure and the USA is the most prime example. if it worked, regardless of what was ordered, the NSA and others would continue to collect this never ending stream of data. as it is, if it did continue out of sight so to speak, i think there would be some serious charges laid at certain peoples feet if it was again discovered that the security forces had continued to go down the spying road!

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 5 Jun 2015 @ 2:18pm

    Red flag words

    "this bill makes clear in black and white legislative text that nothing authorizes government surveillance in this act."

    Whenever you see words like "in this act" or "under this authority", that needs to be taken as big red flag that what is being discussed is authorized under a different act/authority, and the person speaking is probably trying to trick you.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Jun 2015 @ 2:47pm

      Re: Red flag words

      True. "this bill" means legislation enacted by Congress; in other words statutes and/or 'public laws'. (Assuming said bill gets signed by the President and not vetoed.)

      What about the Code of Federal Regulations? You know: the other set of laws that doesn't require an act of Congress or a Presidential signature.

      reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 5 Jun 2015 @ 2:50pm

    The Beginning Of Wisdom Is To Call Things By Their Proper Name - Confucius

    If we called things by their true name the bill would be called:

    You Will Collaborate With The US Government Or Else Cyberpurgatory Act

    reply to this | link to this | view in chronology ]

  • identicon
    alan turing, 7 Jun 2015 @ 4:01am

    There are way more than Five Eyes

    Five comments. Really? This is huge , I guess people are either numbed by all this crap or just don't give a rats ass. I, for one, am disgusted and quite saddened by where we are today in terms of trampled rights and constitutional dismissal.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories


Email This

This feature is only available to registered users. Register or sign in to use it.