Want To Know Why DHS Is Opposing CISA? Because It's All A Surveillance Turf War

from the it's-not-what-you-think dept

As it appears that the fake "cybersecurity" bill CISA is heading to a vote in the Senate, some were surprised this week to see the Department of Homeland come out against the bill with a letter expressing concerns that the bill "could sweep away important privacy protections" with its open ended definitions and provisions:
The authorization to share cyber threat indicators and defensive measures with “any other entity or the Federal Government,” “notwithstanding any other provision of law” could sweep away important privacy protections, particularly the provisions in the Stored Communications Act limiting the disclosure of the content of electronic communications to the government by certain providers. (This concern is heightened by the expansive definitions of cyber threat indicators and defensive measures in the bill. Unlike the President’s proposal, the Senate bill includes “any other attribute of a cybersecurity threat” within its definition of cyber threat indicator and authorizes entities to employ defensive measures.)
This has led to some surprise among people who don't follow this that closely, that "even Homeland Security" doesn't like the bill. But that's really ignoring history and what this fight has always been about. Going back many, many years we've been highlighting that the truth behind all of these "cybersecurity" bills is that it's little more than a bureaucratic turf war over who gets to control the purse strings for the massive, multi-billion dollar budget that will be lavished on government contractors for "cybersecurity solutions." That the bill might also boost surveillance capabilities is little more than a nice side benefit.

The key players in this turf war? The NSA and Homeland Security (with the Justice Department occasionally waving its hand frantically in the corner shouting "don't forget us!"). From the beginning, one of the key questions people have asked is "who gets the data?" Obviously, "none of the above" is probably the best answer, but of the remaining options, Homeland Security tends to be the least worst option out of a list of three really bad options. And, so far, the White House has repeatedly pushed to put DHS in charge, giving it more power over the budget. However, CISA does not put DHS in charge.

So that is why DHS is complaining. Yes, the "privacy" concerns are there, but DHS's true concern is that it's not DHS running the show (and controlling the budget). Reread the DHS letter with this as background, and it appears a lot more understandable:
The Administration has consistently maintained that a civilian entity, rather than a military or intelligence agency, should lead the sharing of cyber threat indicators and defensive measures with the private sector. The National Cybersecurity Protection Act of 2014 recognized the NCCIC to be responsible for coordinating the sharing of information related to cybersecurity risks and to be the federal civilian interface for multi-directional and cross-sector sharing of information about cybersecurity risks and warnings. The NCCIC has representatives from the private sector and other federal entities involved in cyber information sharing, from those with whom we have an agreement and share consistently, to those that passively receive information from the center.

Equally important, if cyber threat indicators are distributed amongst multiple agencies rather than initially provided through one entity, the complexity–for both government and businesses–and inefficiency of any information sharing program will markedly increase; developing a single, comprehensive picture of the range of cyber threats faced daily will become more difficult. This will limit the ability of DHS to connect the dots and proactively recognize emerging risks and help private and public organizations implement effective mitigations to reduce the likelihood of damaging incidents. DHS recommends limiting the provision in the Cybersecurity Information Sharing Act regarding authorization to share information, notwithstanding any other provision of law, to sharing through the DHS capability housed in the NCCIC. This would not preclude sharing with any federal entity (indeed, DHS maintains an obligation to share rapidly with federal partners independent of any legislation), and it would further incentivize sharing through the NCCIC.
There's a lot more like that in the letter as well.

Don't get me wrong. Having DHS come out against CISA and speaking out about the privacy concerns the bill raises is great. But don't think that DHS is against these kinds of "information sharing" bills at all. It is not. It just wants to make sure that it's the queen bee when it comes to who's in charge of cybersecurity information... and, with it, who gets to control the budget.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 5 Aug 2015 @ 4:28am

    Basically the DHS is arguing they'll give a more humane death to privacy and thus they should get the money, amirite?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Aug 2015 @ 6:16am

    Why does every US government agency desire its own police force/militia/ army and supporting spying capabilities and so become an empire?
    How long before you see fighting on the streets between the armies of these empires to see who get to collect tribute from the citizens?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Aug 2015 @ 6:42am

      Re:

      How long before you hear them say in response:

      - What citizens? They're all in prison! Crap, there goes the budget.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.