Senate, Once Again, Looks To Bring Back CISA: Surveillance Expansion Bill Pretending It's A Cybersecurity Bill

from the information-sharing-with-whom dept

We've discussed the "cybersecurity" bill, CISA, that's been making its way through Congress a few times, noting that it is nothing more than a surveillance expansion bill hidden in "cybersecurity" clothing. As recent revelations concerning NSA's surveillance authorities have made quite clear, CISA would really serve to massively expand the ability of the NSA (and other intelligence agencies) to do "backdoor searches" on its "upstream" collection. In short, rather than protecting any sort of security threat, this bill would actually serve to give the NSA more details on the kind of "cyber signatures" it wants to sniff through pretty much all internet traffic (that it taps into at the backbone) to collect anything it deems suspicious. It then keeps the results of this, considering it "incidental" collections of information.

In an incredibly cynical move, supporters of the surveillance state have seen OPM hacks as a ridiculous excuse to push to pass this bill. Senator Mitch McConnell tried to include it in the defense appropriations bill by pointing to the OPM hack. That gambit, thankfully, failed.

But that's not stopping the supporters of the surveillance state. During recent Congressional hearings, surveillance state supporter Senator John Cornyn claimed that CISA would be back for a vote before the end of the month, despite having failed multiple times in previous attempts. And, earlier this week, McConnell similarly announced plans to bring it up for a vote soon -- and, again in the context of the OPM hack. Here's McConnell being interviewed on Fox News by Bret Baier:
BAIER: Senator, you mentioned cybersecurity. Hackers broke into the U.S. Office of Personnel Management, stealing background investigation forms, fingerprint records, Social Security numbers for more than 22 million people....

[....]

MCCONNELL: This is a total mess. It's no wonder they had a hard time with the Web site which they launched Obamacare. These cybersecurity issues are enormously significant. What we're going to do is before August, take a step in the direction of dealing with the problem with information sharing bill that I think will be broadly supported. This is an administrative disaster that the president needs to get a hold of and get straightened out soon.
What no one asks McConnell (of course) is how CISA would have had any impact on the OPM hack. Or, hell, how it would help stop a single online attack anywhere. Because that's a question no one seems willing to answer. Because the answer was already made abundantly clear by Senator Ron Wyden in opposing this bill. It's not about cybersecurity at all. It's about surveillance.

Filed Under: cisa, cybersecurity, information sharing, john cornyn, mitch mcconnell, opm, opm hack, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    TheResidentSkeptic (profile), 14 Jul 2015 @ 11:19am

    Reality Check

    Passing or not passing a bill has no relevance on the agencies version of "reality".

    The agencies have already demonstrated that whatever law is written can be "interpreted" to mean what ever they want it to mean, and therefore let them do whatever it is they want to do.

    A targeted law just means having to use the "not under this program" excuse.

    They are going to monitor everything on everyone all the time. Let's check on where they are now:

    Cell Location? Check.
    Who you call and who calls you? Check.
    Auto Location? - ALPRs everywhere. Check
    Friends? - facebook et. al. scraped and analyzed? Check
    email? all intercepted, stored, key-word analyzed. Check.
    Packages? Intercepted and "modified". Check
    Software Security? Weakened at the very source. Check.
    Software Vulnerability? #1 purchaser of day 0 exploits. Check.
    Where you work? IRS knows, they all know. Check
    How much you make? IRS knows, they all know. Check
    Whether or not you are a "valued citizen" ? (i.e. contribute the right amounts to the right candidates) Check.

    One more law to work around? Check.

    Time for us to secure everything we have and do. VPNs for all - free SSL certs are coming - use 'em. Phone encryption - get it.

    They are forcing us to lock down and make them "go dark".

    Call it Check and Mate.

    reply to this | link to this | view in chronology ]

  • identicon
    spodula, 14 Jul 2015 @ 12:02pm

    Of course the bill would have made a difference.

    It would have meant the identity of the person leaking the fact the hack had happened, available to the powers that be, so they could make their lives in a 4x6ft cell as miserable as possible.

    I mean, how irresponsible of them to worry the Proles like that? Flogging is too good for them.

    reply to this | link to this | view in chronology ]

  • identicon
    Tom Czerniawski, 14 Jul 2015 @ 12:13pm

    No matter how hard we push back, they have the luxury of trying and trying again until they get their way. And they always do, in the end...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Jul 2015 @ 12:17pm

    What we're going to do is before August, take a step in the direction of dealing with the problem with information sharing bill that I think will be broadly supported.

    We've had enough "information sharing" with (presumably) the Chinese, due to the incompetence of those charged with protecting information they collect "voluntarily."

    Surely the information we involuntarily provide will be afforded the same set of protections as the OPM data - is that really what he's arguing for?

    /smh

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Jul 2015 @ 4:02pm

    Expanding your spying powers doesn't prevent people hacking your networks. Old people need to retire they are fucking up the world.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Jul 2015 @ 4:12pm

      Re:

      Hey, do not tar all old people with the same brush. Also young fascists are just as bad as old fascists, and the problem is fascists in power, rather than old people in power.

      reply to this | link to this | view in chronology ]

      • icon
        toyotabedzrock (profile), 15 Jul 2015 @ 1:08am

        Re: Re:

        It tends to be old people that cause problems because they have more time to gain influence and cause real long lasting problems. Also with age comes the problem of taking in new information and breaking from previous thought patterns. They also tend to not be around to experience the downside of their actions.

        reply to this | link to this | view in chronology ]

  • icon
    toyotabedzrock (profile), 15 Jul 2015 @ 1:03am

    Did he just blurt out Obamacare randomly? Is a subliminal mind game or a reflex that causes this?

    reply to this | link to this | view in chronology ]

  • icon
    Seegras (profile), 15 Jul 2015 @ 2:35am

    Hoarding Zero-Day Exploits

    Well, it would be rather ironic, if the breach at OPM had happened through a vulnerability which was known to the NSA or CIA, but which hadn't been disclosed because they had wanted it to use for attacks/surveillance purposes.

    Anyway, it will only be a question of time until exactly this scenario will happen.

    Because you can either have security, or surveillance.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 14 Aug 2015 @ 2:29pm

    From my Senatrix (Dianne Feinstein)

    Thank you for contacting me to share your concerns about the "Cybersecurity Information Sharing Act" (S. 752). I appreciate hearing your feedback, and welcome the opportunity to provide additional information about this bill.

    As you know, the threat of cybersecurity attacks is among the greatest threats our nation faces. American financial institutions have incurred multi-million dollar losses due to cyber thefts. Even computer security companies and national security agencies like the FBI and Department of Defense have fallen victim to cyber attacks. Cyber attackers also hack into our personal computers, access our private information, and use our computers to launch other cyber attacks. These cyber intrusions affect the United States in substantial and real ways, and the threat is only growing. Unfortunately, experts agree that cybersecurity practices will not improve, allowing this vulnerability to remain, without legislation designed to strengthen the cyber defenses of critical infrastructure and to enhance the sharing of cyber threat information between and among the private sector and the government.

    To help both our government and private businesses deal with threats from the constantly advancing cyber threats, on March 12, 2015, the Senate Intelligence Committee—of which I am currently Vice Chairman—passed the "Cybersecurity Information Sharing Act" (S. 752) by a strong bi-partisan vote of 14-1. This bill calls for voluntary information sharing of cyber threat information between U.S. Intelligence and law enforcement agencies and private companies. I believe this legislation, should it be enacted into law, will improve the ability of the federal government and private companies to identify malicious code or cyber attack signatures more rapidly.

    It is important to note that the "Cybersecurity Information Sharing Act" contains robust privacy measures to ensure that information shared with the federal government is protected. For example, it would require companies to remove personal information from any cybersecurity information provided to the government that is not necessary for the purpose of addressing a cybersecurity threat. It would not provide any new authorities for conducting surveillance, nor would it address intellectual property rights on the Internet. Participation in information sharing under this bill would be voluntary, and the bill would limit the government's ability to use private sector cyber information for approved cyber security purposes. The authority provided by the bill for companies to share information is limited to the sharing of cyber threat indicators and cyber defensive measures.

    After reviewing intelligence on cyber threats for many years, it is clear to me that cyber attackers are causing major damage to Americans, our national security, and our economy. Please know that as Vice Chairman of the Senate Intelligence Committee, I am dedicated to fighting the threats we face and I believe this bill will help us in our fight against cyber attacks.

    Again, thank you for your letter. I appreciate knowing your views and hope you will continue to inform me of issues that matter to you. If you have any additional questions or concerns, please do not hesitate to contact my office in Washington D.C. at (202) 224-3841.


    ...

    All the ughs. All of them.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.