[Infowarrior] - Anti-Hacking Bill Aiding Verizon Delayed by Snowden Leaks

Richard Forno rforno at infowarrior.org
Sun Jun 30 10:24:00 CDT 2013 

http://www.bloomberg.com/news/print/2013-06-28/anti-hacking-bill-aiding-verizon-delayed-by-snowden-leaks.html

Anti-Hacking Bill Aiding Verizon Delayed by Snowden Leaks
By Chris Strohm - Jun 28, 2013

Legislation to give Verizon Communications Inc. (VZ) and Google Inc. 
(GOOG) legal protection for sharing cyber-attack information with the 
U.S. government has stalled after leaks about spy programs showed the 
companies are already turning over data.

Lawmakers have stopped advancing cybersecurity legislation until at 
least September as they gather more information about the National 
Security Agency surveillance programs and hear from constituents to 
assess the political fallout, Senate and House members from both parties 
said in interviews.

Disclosure of the NSA programs “probably couldn’t have come at a worse 
time” for advancing a cybersecurity bill, said Representative Michael 
McCaul, chairman of the House Homeland Security Committee. The Texas 
Republican said he’s postponed introducing his legislation at least 
until September.

“There’s very little faith in the institutions of government right now,” 
said Representative Tom Cole of Oklahoma, a Republican party leader. “If 
you look like you’re not sufficiently critical and sufficiently vigilant 
in defending people’s liberties I think they’ll express that at the polls.”

Former NSA contract worker Edward Snowden this month exposed classified 
programs, authorized by a secret surveillance court, that collect 
phone-call records of millions of U.S. citizens from New York-based 
Verizon and monitor Internet communications of suspected foreign terrorists.
‘Fallout Zone’

Corporate officials have testified before Congress about the need for 
legislation, while Verizon, Comcast Corp. (CMCSA) and McAfee Inc., now 
part of Intel Corp. (INTC), as well as Google Chief Executive Officer 
Eric Schmidt, have written letters in support of legislation.

Those companies have now become silent in the wake of the leaks on 
whether they still support it. Delaying action leaves the rules unclear 
about what data can be shared and whether the companies can be sued by 
customers for providing data to the government.

Google, based in Mountain View, California, was among the Internet 
companies said to be providing data for the Internet communications 
monitoring effort, known as Prism. The company has asked the 
surveillance court for permission to disclose intelligence agencies’ 
requests for user data.

Prior to Snowden’s leaks, lawmakers and officials from President Barack 
Obama’s administration were calling with increasing urgency for 
legislation to defend banks, utilities and telecommunication networks 
from potentially devastating computer attacks.

“This has become a radioactive fallout zone for a while in terms of new 
legislation,” said Stewart Baker, former general counsel for the NSA, in 
an interview.
House Measure

The House in April passed a bill, H.R. 624, that would shield companies 
from lawsuits for sharing information about hackers with each other and 
the government, and authorize corporations to receive classified data 
from U.S. intelligence agencies about threats.

Companies had been asking the Senate, which hasn’t introduced a bill 
this year, to follow the House.

Sena Fitzmaurice, spokeswoman for Philadelphia-based Comcast, declined 
to comment about whether the company still supports the House bill. 
Verizon spokesman Edward McFadden didn’t respond to phone calls and 
e-mails for comment.

Michigan Democrat Carl Levin, chairman of the Senate Armed Services 
Committee, said passing a cybersecurity measure has become more 
difficult in the Senate.

“People’s demand for transparency has definitely increased,” said Jan 
Schakowsky, of Illinois, the top Democrat on the House Intelligence 
Oversight and Investigations subcommittee.
NSA Role

Senator Dianne Feinstein, a California Democrat and chairwoman of the 
Senate Intelligence Committee, said she plans to introduce similar 
legislation to the House bill, though wouldn’t say when.

Feinstein is reviewing whether companies should be allowed to directly 
share information about online attacks with the NSA or be required to 
interact with a civilian agency, like the Homeland Security Department.

Legislation is needed “to ensure that voluntary information sharing is 
lawful,” Feinstein said an e-mailed statement. She said it should 
include liability for companies and privacy protections for citizens.

McCaul said his bill will require companies to share data with Homeland 
Security. Last year, Senate Republicans blocked cybersecurity 
legislation in part because of objections that the department would be 
the contact point for data sharing and setting the rules.

“People get spooked by the fact that the NSA has housed everybody’s 
phone records,” he said.
Information Sharing

The scope of information companies are sharing with the government under 
the spy programs isn’t clear, said Michelle Richardson, legislative 
counsel for the American Civil Liberties Union in Washington.

The ACLU has opposed cybersecurity legislation on grounds that citizens’ 
personal information might not be protected if turned over to the 
government as part of sharing data on cyber threats. Richardson 
questioned whether a new law is needed given the amount of data already 
being exchanged.

The government can order telecommunications and Internet companies to 
provide data related to national security investigations under sections 
of the Patriot Act and Foreign Intelligence Surveillance Act. The 
companies are given legal protections for doing so.

In some cases, data is used to defend computer networks from hacking 
attacks, according to the Office of the Director of National 
Intelligence. These communications have “provided significant and unique 
intelligence regarding potential cyber threats to the United States 
including specific potential computer network attacks,” the office said 
June 8.
Lumped Together

Frank Shaw, a spokesman for Redmond, Washington-based Microsoft Corp. 
(MSFT), and Michael Fey, McAfee’s worldwide chief technology officer, 
said their companies also voluntarily provide intelligence agencies 
additional data on threats to computer networks.

It’s wrong to lump together the type of information being shared under 
the spy programs with what would fall under a cybersecurity bill, said 
Michael Chertoff, Homeland Security secretary under President George W. 
Bush.

“They’re completely different things and they shouldn’t be confused, 
although inevitably they will be,” Chertoff said in an interview.

“What you’re looking for in cyber is information about what’s in the 
packets moving across the Internet and the malicious code,” said 
Chertoff, who founded a security consulting company in Washington. “The 
collection of phone data doesn’t help you with cyber. The other stuff 
only looks at foreign communications.”

Legislation to defend computer networks would enable automated sharing 
about new hacking attacks and involve more companies than are covered 
under the spy programs, such as utilities, Chertoff said.

To contact the reporter on this story: Chris Strohm in Washington at 
cstrohm1 at bloomberg.net

To contact the editor responsible for this story: Bernard Kohn at 
bkohn2 at bloomberg.net

More information about the Infowarrior mailing list