Remember CISA? The "Cybersecurity Information Sharing Act"? It's getting much, much worse, with Congress and the administration looking to ram it through -- in the process, dropping any pretense that it's not a surveillance bill.
As you may recall, Congress and the White House have been pushing for a "cybersecurity" bill, for a few years now, that has never actually been a cybersecurity bill. Senator Ron Wyden was one of the only people in Congress willing to stand up and directly say what it was: "it's a surveillance bill by another name." And, by now, you should know that when Senator Wyden says that there's a secret interpretation of a bill that will increase surveillance and is at odds with the public's understanding of a bill, you should to listen. He's said so in the past and has been right... multiple times.
Either way, a version of CISA passed the House a while back, with at least some elements of privacy protection included. Then, a few months ago it passed the Senate in a much weaker state. The two different versions need to be reconciled, and it's been worked on. However, as we noted recently, the intelligence community has basically taken over the process and more or less stripped out what few privacy protections there were.
And the latest is that it's getting worse. Not only is Congress looking to include it in the end of year omnibus bill -- basically a "must pass" bill -- to make sure it gets passed, but it's clearly dropping all pretense that CISA isn't about surveillance. Here's what we're hearing from people involved in the latest negotiations. The latest version of CISA that they're looking to put into the omnibus:
Removes the prohibition on information being shared with the NSA, allowing it to be shared directly with NSA (and DOD), rather than first having to go through DHS. While DHS isn't necessarily wonderful, it's a lot better than NSA. And, of course, if this were truly about cybersecurity, not surveillance, DHS makes a lot more sense than NSA.
Directly removes the restrictions on using this information for "surveillance" activities. You can't get much more direct than that, right?
Removes limitations that government can only use this information for cybersecurity purposes and allows it to be used to go after any other criminal activity as well. Obviously, this then creates tremendous incentives to push for greater and greater information collection, which clearly will be abused. We've just seen how the DEA has regularly abused its powers to collect info. You think agencies like the DEA and others won't make use of CISA too?
Removes the requirement to "scrub" personal information unrelated to a cybersecurity threat before sharing that information. This was the key point that everyone kept making about why the information should go to DHS first -- where DHS would be in charge of this "scrub". The "scrub" process was a bit exaggerated in the first place, but it was at least something of a privacy protection. However, it appears that the final version being pushed removes the scrub requirement (along with the requirement to go to DHS) and instead leaves the question of scrubbing to the "discretion" of whichever agency gets the information. Guess how that's going to go?
In short: while before Congress could at least pretend that CISA was about cybersecurity, rather than surveillance, in this mad dash to get it shoved through, they've dropped all pretense and have stripped every last privacy protection, expanded the scope of the bill, and made it quite clear that it's a very broad surveillance bill that can be widely used and abused by all parts of the government.
There is still some hesitation by some as to whether or not this bill belongs in the omnibus bill, or if it should go through the regular process, with a debate and a full vote on this entirely new and different version of CISA. So, now would be a good time to speak out, letting your elected officials and the White House know that (1) CISA should not be in the omnibus and (2) that we don't need another surveillance bill.
In the meantime, if Congress were actually serious about cybersecurity, they'd be ramping up the acceptance and use of encryption, rather than trying to undermine it.
This is hardly a surprise, but after Congress had more or less realized that passing a law to undermine encryption wasn't a good idea, the clueless surveillance state hawks have used the Paris and San Bernardino attacks as a chance to go for it again. In a hearing this morning, FBI Director James Comey -- who has long been leading the charge -- explained that he thought tech companies ought to change their business model to drop end-to-end encryption. Ridiculously, he argued that there's no "technical issue" in undermining encryption, just a business decision:
“It is a business model question,” he said. “The question we have to ask is: Should they change their business model?”
Comey is being misleading to disingenuous here. Yes, anyone can undermine encryption. And, yes, I guess you could argue that undermining encryption and weakening security for all your users is a "business model" issue in that they won't trust you any more and might look for alternative providers. But that's not the real issue. Comey's trying to shift the debate, because he knows that what he's really asked for is impossible. He's asked for backdoors that only law enforcement can use. And basically every computer security expert has explained that the only way to do that would be to expose everyone to more threats. And Comey seems to think that's okay.
Let me repeat that. The head of the FBI, who is supposed to be protecting American citizens, thinks it's okay to make everyone less safe, based on the unproven theory that it'll make his own job a little easier.
And, not surprisingly, Senator Dianne Feinstein, was right there ready to assist. She cited the Paris attacks as evidence for why "the world is really changing"
“I suspect what happened was in the aftermath of Snowden, particularly Europe got very conservative with respect to encryption. The companies back away. Now, that’s changing with Paris and God forbid what might happen in the future. So what I’m trying to say is, I think this world is really changing in terms of people wanting the protection and wanting law enforcement, if there is conspiracy going on over the Internet, that that encryption ought to be able to be pierced.”
Again, this is the same Senator who just a month ago was practically screaming about how important cybersecurity is, and now she says that the single biggest factor in protecting information online -- encryption -- should be done away with.
Sen. Dianne Feinstein (D-Calif.) told the Senate Judiciary Committee on Wednesday that she would seek a bill that would give police armed with a warrant based on probable cause the ability “to look into an encrypted Web."
"I have concern about a PlayStation that my grandchildren might use," she said, "and a predator getting on the other end, and talking to them, and it's all encrypted. I think there really is reason to have the ability, with a court order, to be able to get into that."
A spokesman for Feinstein's office told the Daily Dot in an email that the senator has been working with Judiciary Committee Chairman Richard Burr (R-N.C.) the issue of encryption and that Burr's office is taking the lead on potential legislation.
None of that makes any sense. First of all, the Playstation is not encrypted end-to-end, and if she's concerned about who her grandchildren are talking to on the Playstation maybe she should look into that, rather than having the government undermine the very foundations of basic computer security on the internet?
Hopefully cooler heads prevail in Congress, but we've seen Feinstein and Burr team up to do tremendous damage through fearmongering before, and apparently it's not going to stop any time soon.
Back in October, the Senate voted overwhelmingly to approve CISA, the Cybersecurity Information Sharing Act, which has nothing to with cybersecurity at all, and is almost entirely a surveillance bill in disguise. Want to know the proof: many of the most vocal supporters of CISA, who talked up how important "cybersecurity" is these days are the very same people now looking to undermine encryption.
And it now appears the final language is unlikely to include notable privacy provisions that digital rights and civil liberties groups insist are necessary to reduce the odds the bill enables greater government surveillance.
Basically, it looks like Congressional leadership decided to pull the worst parts from the various bills and mash them together into a super bill of pure terribleness. Not only will it favor the Senate bill, over the House's, but it will also pull ideas from the competing bill that was put forth by the House Intelligence Committee, rather than the one put forth by the Homeland Security Committee.
That, alone, should be rather telling. For all the talk about how this is about "security" and not at all about helping the intelligence community, why is it that the Intelligence Committee's bill whose language is surviving, while the Homeland Security Committee's language is being deleted?
from the begging-to-undermine-american-security dept
Senate Majority Leader Mitch McConnell has always been a friend of the intelligence community, but he's using the attack in San Bernadino to ramp up the anti-encryption insanity to new levels, practically begging President Obama to tell him what law he wants to ban encryption, and McConnell will help make sure Congress delivers. McConnell's statement was laying out what he thought President Obama should do in response to ISIS, and includes this ridiculous line:
He should tell us what legal authorities he needs to defeat encrypted online communications, and what is needed to reestablish our capture, interrogation, and surveillance capabilities.
"Defeat encrypted online communications"? Is he crazy? We need encrypted online communications to better protect us, and yet McConnell is trying to undermine those communications. He's actively proposing to make us all less safe. And, of course, talking about "reestablishing" our "surveillance capabilities" is about giving the NSA more surveillance powers. McConnell was, of course, the key person who tried to block any attempt at rolling back the NSA's unconstitutional phone records collection program.
Now, we know that President Obama didn't go quite as far as McConnell asked, but he did still push for a more "voluntary" solution -- which may morph into Congress doing something if people don't speak out loudly about what an incredibly dumb idea this is.
from the 'pretty-sure-we're-above-the-law,-judge' dept
Congress is once again declaring its willingness to hold everyone in the nation accountable for their actions, present party excepted.
Back in 2011, it was revealed that members of Congress were participating in insider trading. Spending a great deal of time conversing with lobbyists tends to result in the discussion of information that has yet to be made public. Legislators, being the opportunists they are, chose to buy and sell stock based on this insider info. Lobbyists -- also opportunists -- sometimes did the same thing. And it was all perfectly legal... at least for Congress.
This revelation did nothing to increase the public's goodwill towards its so-called "representatives." With its approval percentage (15%) sliding below that of Bernie Madoff's personal loan applications, Congress swiftly acted to close this loophole in the law.
Two years later, with everyone safely re-elected, Congress quietly excised the disclosure requirement in the new law, making it virtually impossible to verify whether or not it was actually playing by the rules it had made for itself. Predictably, it called the disclosure of such information a "national security risk."
Meanwhile, the SEC opened an investigation into Congressional insider trading related to health insurance companies. Congress refused to answer subpoenas or provide documents to the Commission. When ordered to by a federal judge, the House Ways and Means Committee gently explained that it could do whatever the fuck it wanted to.
The U.S. House Ways and Means Committee and a top staff member say the panel and its employees are "absolutely immune" from having to comply with subpoenas from a federal regulator in an insider-trading probe.
On November 13, U.S. District Judge Paul Gardephe agreed with most of the SEC’s claims and ordered Congress to comply with the subpoena within 10 days. “Members of Congress and congressional employees are not exempt from the insider trading prohibitions arising under the securities laws,” he wrote. Gardephe reminded the attorneys that “Congress barred such claims of immunity when it adopted” the STOCK Act.
Congress' top lawyer fought back, claiming certain, very specific words were missing from the STOCK Act and that legislators' immunity was still intact.
Kerry W. Kircher, the House general counsel, requested more time. Then, shortly before Thanksgiving, on November 25, he filed a motion to appeal the subpoena to the 2nd Circuit. Kircher argued that the STOCK Act did not explicitly authorize the SEC to issue subpoenas to Congress, even to investigate insider trading.
This may not result in the investigation being scuttled or the lawsuit being tossed, but it does buy Congress more time to figure out its next accountability-dodging move. Meanwhile, Congress members are doing what they can to ensure the battle the SEC is waging to at least hold them as accountable as their own STOCK Act promised they would, will be long, expensive and hopefully, ultimately fruitless. These efforts are also shady as hell.
Away from the spotlight, however, congressional leaders continue to fight enforcement and to shore up the target of the SEC inquiry. Rep. Pat Tiberi, R-Ohio, and Rep. Diane Black, R-Tenn., two lawmakers who served on the same committee as Sutter, have used PAC money to donate to the legal defense fund set up to defend him.
Campaign funding -- itself a toxic wasteland where morality and ideals go to die -- is being rerouted to keep Bruce Sutter, a former Ways and Means Committee member who allegedly passed on non-public Medicare reimbursement information to a lobbyist for law firm Greenberg Taurig. Not only will Congress members let nothing stand in the way of personally profiting from their time in office, they'll also apparently ensure those who previously got away with it will continue to elude being held accountable.
In the past, we've discussed the idea of "soft corruption" a few times -- which in some ways can be more nefarious than out and out corruption. In soft corruption, it's not what most people normally think of as corruption (i.e., cash for getting something from politicians), but merely something that presents the very strong appearance of influence buying. It involves situations where even if everything being done is legal and done for the right intentions, the mere appearance of the conflict reduces the public's trust in government. Earlier this week, we wrote about how the House Judiciary Committee, which claims to be working on a major copyright reform effort, held "listening tours" in both Silicon Valley and Los Angeles (unfortunately, reinforcing the idea that copyright is a "Hollywood v. Silicon Valley" concept). As we noted, however, we were pleasantly surprised at the Silicon Valley hearing, that the discussion seemed really positive. It was (a) focused on actual ideas that could be implemented and (b) the members of the Judiciary Committee really seemed open to lots of good ideas.
From reports I've heard, the LA listening tour was also pretty good, minus one silly, but expected, flareup involving someone accusing Google of being a criminal pirate enterprise. However, in a move that seems fairly sketchy, following the hearing, the Committee members who were there had dinner with the MPAA. And, in Politico's latest report it notes that the head of the Judiciary Committee, Rep. Bob Goodlatte, hung around an extra day in Southern California to put his name on and attend a fundraiser for his colleague Rep. Kevin McCarthy.... put on by the MPAA:
Rep. Bob Goodlatte didn't just bring lawmakers to Silicon Valley and Los Angeles this week to talk with tech companies and content creators about the future of copyright. The House Judiciary Committee chief also offered his name and support to a fundraiser for House Majority Leader Kevin McCarthy and the National Republican Congressional Committee, hosted last night by the MPAA, according to an invite snagged by MT.
The event, a cocktail reception and dinner at the BOA Steakhouse in West Hollywood, asked for checks to be made out to the McCarthy Victory Fund, a joint fundraising committee with the NRCC, according to a Goodlatte aide. But the Judiciary chairman, who was slated to attend, extended the help a day after he and other lawmakers visited Hollywood to talk tech policy and later dined with the MPAA. A spokeswoman for the congressman added it was Goodlatte's only fundraising event while out in California
And, yes, if he had done a similar thing up in Northern California with tech folks, it would be equally concerning. I know the cynical folks who read this won't accept this, but I actually do believe that Goodlatte is trying to come up with a reasonable plan for copyright reform that actually takes all the issues into account. While I don't always agree with him, I've found him to be a lot more open to understanding these issues than some of his colleagues. But... that said... this is the kind of thing that most people will see and reasonably think that it undermines Goodlatte's trustworthiness on issues like this. It certainly gives off the appearance of a pretty strong conflict of interest, and makes people more cynical and less trustworthy of the government that is supposed to represent them.
Of course, much of the real underlying problem here is the state of money in politics today, and the fact that, for most Congressional Reps. fundraising is nearly 50% of their job responsibilities. So, if you're going to Hollywood, why not tack on a fundraiser? But, again, what that does, in the public's eyes, is make the entire process appear corrupt in some fashion. Thus, even if everyone's goals and intentions are aboveboard, the American public has significantly less trust in the entire system.
On Tuesday, the House Judiciary Committee held a hearing on what sounds like a boring topic: "International Data Flows: Promoting Digital Trade in the 21st Century." However, as we've discussed, this seemingly boring topic can have a profound impact on how the internet functions, and whether it remains a global platform for free expression -- or becomes a fragmented system used for widespread censorship, surveillance and control. In other words this is important.
The hearing was mostly pretty bland (as Congressional hearings tend to be), but at one point, Robert Atkinson, the President of the Information Technology and Innovation Foundation (ITIF) argued that the US should be encouraging global censorship if it's for sites like The Pirate Bay. You can watch the portion of the video below (it should start at the right moment, but if not, jump to 1 hour, 27 minutes and 40 seconds):
It starts with Rep. Jerry Nadler reading a question someone else clearly prepared for him, directed at Atkinson about how to handle situations in which different countries have different laws regarding free speech and content, and what that should mean for "data flows" across borders. In short, this is a question about "what should we do with countries who want to censor the internet -- and should we allow that sort of thing." Atkinson's answer is a bit rambling, but he basically starts off by saying that we'll never agree with some other countries on free speech and such... but then says no matter what, one thing we should all agree on is that it's good to censor sites like the Pirate Bay and the US should encourage such blatant censorship worldwide:
I think it's an untenable project that we would end up with "global harmony" on every single rule with regard to the internet. We're not going to be able to do that. And we're certainly not going to be able to do that with free speech. There are certain countries, particularly more traditional, religious countries that find pornography objectionable. We don't with our... or at least we have free speech, we may find it objectionable, but we allow it. We're not going to agree on that. And for certain things like that, countries are going to do that and I think we just have to be okay with that.
Another example is in Germany, you're not allowed to download a copy of Mein Kampf. In the US, we can. Again, we're not going to change the German view. I don't know if they're right or wrong. It doesn't make any difference.
Where we can and should, though, take action, is there are some things that are clearly illegal under the WTO framework for intellectual property, for example piracy and intellectual property theft can be prosecuted. So when countries engage in steps, for example, to block certain websites that are clear piracy sites -- like, for example, a web or a domain called "the pirate bay" that should be quite... you know we should be encouraging that. That's quite different than blocking, say, Facebook or something like that, or blocking some site just because you don't want competition.
Where to start? Well, how about I let Atkinson debunk Atkinson. In the question immediately preceding this one about blocking websites, Nadler had asked Atkinson about backdooring encryption. And there, Atkinson gave a much better answer, noting that it was a terrible idea (he's right!), but then notes:
If they try to mandate that, they're setting a dangerous precedent, for example, by letting the Chinese government do the exact same thing.
Uh. Yeah. And having the US government "encourage" censoring websites also sets a dangerous precedent by letting the Chinese government (and lots of other governments) point to the US as doing the same thing they do. But, as Atkinson and other copyright system supporters will undoubtedly scream, "that's different -- this is about copyright, not censorship." Yeah, well, you're not paying attention if you don't recognize how copyright is used for political censorship as well. Remember how Russia was using copyright law to intimidate its critics? What you might not remember is that when China first set up its massive online censorship system, known as the Great Firewall of China, one of its key justifications to the outside world was that it would be used to stop piracy online. And, of course, during the big SOPA/PIPA fight, the Chinese were laughing at those of us in America who whined about their Great Firewall, while we were debating a proposal to set up an identical system.
Of course, it's no surprise that Atkinson is making this argument. The organization he runs, ITIF, is frequently credited with first proposing the ideas behind SOPA in a white paper that came out right before the SOPA push. And ITIF famously argued in favor of SOPA by pointing to authoritarian countries who censor the internet as proof that SOPA wasn't that harmful. Yes, Atkinson's own firm suggested that the US should emulate China, Saudi Arabia, Iran, Syria and a number of other countries in censoring the internet. But, you know, "just for copyright."
And this doesn't even get to the issue of Atkinson's assured statement that certain sites are "clear piracy sites." Except, as we've noted over and over again, almost every great innovation around content delivery was decried as a "tool for piracy" originally. Radio, TV, cable TV, the photocopier, the VCR, the DVR, the mp3 player and YouTube and similar sites were all attacked as piracy tools originally. And yet every one of them actually opened up new and important arenas for content creation, distribution and monetization. What looks like a piracy tool in the early days often becomes a massive and legitimate business opportunity soon after (again: it was just four years after the MPAA's Jack Valenti declared VCR's the "Boston Strangler" to the film industry that home video revenues surpassed box office revenues).
Either way, what Atkinson was saying here is both shocking and dangerous. He's outright advocating a censorship regime based on his belief of what is and is not appropriate -- and suggesting that the US should "encourage" other countries to censor the web without legal due process, without consideration for innovation, because he has decided which sites are bad. At the end he says that blocking The Pirate Bay is not like blocking Facebook. Yet, there are many people who argue that Facebook is, similarly, a giant piracy site. Whose definition is right in that context? And the same question can be asked about YouTube. Viacom sued YouTube claiming that it was just as bad as the Pirate Bay. Would Atkinson support countries blocking all access to YouTube "under the WTO"?
There is a rather astounding level of cognitive dissonance that some people, such as Atkinson have, around issues related to copyright and censorship. They assume, incorrectly, that copyright is some magical fairy tale world where it's never used for censorship, and thus it's fine to block "bad sites" where people like Atkinson get to decide what is and what is not bad. But all he's doing is encouraging internet censorship, and giving massive amounts of cover to authoritarian regimes who want to censor the internet for all sorts of reasons. They can easily take Atkinson's claims that we must encourage censorship over copyright and either abuse copyright for that purpose, or even just twist it slightly to note "well, blocking infringement is important to the US, and we feel the same way about political unrest."
Atkinson's ITIF lost its battle for SOPA nearly four years ago. It shouldn't try to reintroduce the idea of a global platform for internet censorship today.
The TSA's inability to live up to the "S" in its acronym is on display again. The agency's Inspector General recently testified before a Congressional oversight committee. Fortunately, no one stepped forward to shoot the messenger -- seeing as the message was more bad news about TSA incompetence. I imagine TSA Administrator Peter Neffenger would have jumped at the chance to be the triggerman, but was fortunately limited to delivering his own prepared remarks in response.
After speaking to the "difficulty" (apparently insurmountable) of the TSA's "mission," Inspector General John Roth referred to the difficult nature (in the parental sense) of the agency itself.
My remarks were described as “unusually blunt testimony from a government witness,” and I will confess that it was. However, those remarks were born of frustration that TSA was assessing risk inappropriately and did not have the ability to perform basic management functions in order to meet the mission the American people expect of it. These issues were exacerbated, in my judgment, by a culture, developed over time, which resisted oversight and was unwilling to accept the need for change in the face of an evolving and serious threat. We have been writing reports highlighting some of these problems for years without an acknowledgment by TSA of the need to correct its deficiencies.
Is the TSA willing to change now? Possibly. But some things haven't changed, like its ability to do its job. Roth's office has performed another round of covert testing. Last time this testing was performed, the IG's fake terrorists nearly aced the test.
“In September 2015, we completed and distributed our report on our most recent round of covert testing.” This is where undercover DHS inspectors do stuff like try to smuggle bomb parts through checkpoints, and succeed … let’s see … 96% of the time. Or at least that’s how it’s gone in the past. How about now?
“While I cannot talk about the specifics in this setting [it’s classified, y’all], I am able to say that … the test results were disappointing and troubling,” and were “consistent across every airport” tested. Roth also noted that the tests were conducted by personnel “without any special knowledge or training,” which might seem odd unless you know that the TSA reacted to the earlier 96-percent-failure-rate findings partly by complaining that the IG had used personnel who were specially trained to defeat TSA’s efforts. (You know, sort of like an actual terrorist might be.) So this time, the IG deliberately chose people with no special knowledge or training to carry out its audits. I interpret this to mean that people who basically had no real idea what they were doing consistently and successfully breached security at every airport tested.
While the nuances of transportation security continue to elude the Transportation Security Agency, one thing has changed: an actual reaction from the TSA's parent agency, the DHS.
The Department’s response to our most recent findings has been swift and definite. For example, within 24 hours of receiving preliminary results of OIG covert penetration testing, the Secretary summoned senior TSA leadership and directed that an immediate plan of action be created to correct deficiencies uncovered by our testing. Moreover, DHS has initiated a program — led by members of Secretary Johnson’s leadership team — to conduct a focused analysis on issues that the OIG has uncovered, as well as other matters. These efforts have already resulted in significant changes to TSA leadership, operations, training, and policy…
You know, the sort of thing the DHS and TSA should have done when similar failings were found in 2014. And 2012. And 2011...
The testimony/rebuttal offered by TSA Administrator Neffenger opens with statements ranging from "factually" to "laughably" false.
We remain deeply committed to ensuring that TSA remains a high-performing, risk-based intelligence-driven counterterrorism organization. We are working diligently to ensure we recruit, train, develop, and lead a mission-ready and highly-capable workforce, placing a premium on professional values and personal accountability.
Or this, which makes the claim that failing nearly 100% of the time proves the system is still effective.
It is important to acknowledge that the OIG covert tests, as a part of their design and execution, focused on only a discrete segment of TSA’s myriad capabilities of detecting and disrupting threats to aviation security. This was not a deliberate test of the entire system and while there were areas for improvement noted by the Inspector General – with which we concurred -- that the system as a whole remains effective and, as a result of this series of tests, has only gotten stronger.
Scoring higher against an opponent of a lower skill level (the Average Joe Bomb Carrier "operatives" deployed by the OIG in 2015, rather than the "covert operatives" who performed the 2014 test) doesn't exactly signal systemic strength. But whatever, it's the system we have -- one we neither want nor deserve.
And then there's this part of the statement, which could easily support a full-fledged buzzword-based drinking game all on its own.
Solutions to the challenges facing TSA will require a renewed focus on the agency’s security mission, a commitment to right-sizing and resourcing TSA to effectively secure the aviation enterprise, and an industry commitment to incentivizing vetting of passengers as well as creating conditions that can decrease the volume and contents of bags presented for screening in airports.
"Incentivizing vetting of passengers?" Isn't that pretty much the only task the TSA performs? (I mean, when not running its Instagram account or helping the DEA walk off with a traveler's money…) After 15 years on the job, you'd think the TSA's vetting incentive program would be humming away like a well-funded machine. Apparently not, though. As the Inspector General points out, the TSA still approaches airport security in a disturbingly haphazard fashion.
[W]e believe that TSA’s use of risk assessment rules, which granted expedited screening to broad categories of individuals unrelated to an individual assessment of risk, but rather on some questionable assumptions about relative risk based on other factors, created an unacceptable risk to aviation security. Additionally, TSA used “managed inclusion” for the general public, allowing random passengers access to Precheck lanes with no assessment of risk. Additional layers of security TSA intended to provide, which were meant to compensate for the lack of risk assessment, were often simply not present.
While I am still of the belief that a majority of the TSA's actions are a perversely expensive and intrusive form of pantomime, the least the agency could do is maintain consistency across its security "offerings." If PreCheck is only "safe" because of the vetting process, then limit it only to those who have been pre-cleared. If 99% of travelers are no threat and can be waved through expeditiously, then do that and ditch the stupid "please throw out your breast milk while your TSA-friendly locks are broken" playacting that keeps lines backed up at security checkpoints.
The TSA has proven it's far better at officiousness and bureaucracy than security. And for years, it's been more interested in making excuses than fixing its problems. IG John Roth hopes this is the beginning of the end of the TSA's abysmal track record. In his comments to the Congressional committee, he expresses his support for the Inspector General Empowerment Act which would, among other things, maintain the office's independence and force agencies to cough up documents and information in a more timely fashion.
But it's hard to believe the culture will change. At the TSA, aviation security is just a job -- something that only deserves a minimal level of attention or competence. And that's all we'll get, for years and years to come: government-mandated harassment that hassles far more travelers than terrorists.
After rejecting all the good privacy amendments to CISA, the Senate has now officially passed the legislation by a 74 to 21 vote. About the only "good" news is that the vote is lower than the 83 Senators who voted for cloture on it last week. Either way, the Senate basically just passed a bill that will almost certainly be used mainly for warrantless domestic surveillance, rather than any actual cybersecurity concern.
If you'd like to know which Senators voted for greater domestic surveillance, here's your list:
And here's the tragically short list of the 21 who voted against this.
If you're wondering what happens now: the Senate version and the House version are different, so the differences need to be resolved in conference. There's a chance that could lead to the bill being made better, but it's more likely that the bill will actually be made worse. And then, of course, assuming no substantial changes, it would go to the President's desk for signature. So the bill is pretty far along, but it can still be stopped. Senator Ron Wyden, who has led the fight against it says he's not giving up yet.
from the unofficially-the-official-word-on-the-investigation-it-can't-talk-about dept
Well, that didn't take long. Shortly after Senator Chuck Grassley raised his voice about the FBI's refusal to share information about its investigation of Hillary Clinton's State Department emails, a status update of sorts has been provided.
The FBI has recovered personal and work-related e-mails from the private computer server used by Hillary Clinton during her time as secretary of state, according to a person familiar with the investigation.
The Federal Bureau of Investigation’s success at salvaging personal e-mails that Clinton said had been deleted raises the possibility that the Democratic presidential candidate’s correspondence eventually could become public. The disclosure of such e-mails would likely fan the controversy over Clinton’s use of a private e-mail system for official business.
This obviously won't be good news for the presidential hopeful, but it does indicate the FOIA lawsuit brought against the State Department by Judicial Watch might start moving forward again.
The FBI is also attempting to determine how much classified information was stored on Clinton's personal email server. Once that's sorted out, it will presumably be up to the DOJ to decide how much of a wrist slap Clinton's mixing of business and pleasure warrants.
"Computer specialists" quoted by Bloomberg say the FBI should be able to recover most of the deleted emails. This is likely true and the effort deployed probably won't stretch the agency's technical expertise. Clinton's use of a private server had less to do with opsec than just making it more difficult to obtain these emails through public records requests.
And while the FBI would like to keeps its findings to itself until it wraps up the investigation (if for no other reason than to avoid weakening its "ongoing investigation" auto-denial), Del Quentin Wilber of Bloomberg points out Congressional committees can issue subpoenas to obtain information from the agency while the investigation is still underway.