[Infowarrior] - Last-Minute Budget Bill Allows New, Privacy-Invading Surveillance in the Name of Cybersecurity
Richard Forno
rforno at infowarrior.org
Fri Dec 18 08:46:09 CST 2015
Last-Minute Budget Bill Allows New, Privacy-Invading Surveillance in the Name of Cybersecurity
Jenna McLaughlin
Dec. 18 2015, 8:20 a.m.
https://theintercept.com/2015/12/18/last-minute-budget-bill-allows-new-privacy-invading-surveillance-in-the-name-of-cybersecurity/
In the wake of a series of humiliating cyberattacks, the imperative in Congress and the White House to do something – anything — in the name of improving cybersecurity was powerful.
But only the most cynical observers thought the results would be this bad.
The legislation the House will be voting on Friday is a thinly-disguised surveillance bill that would give companies pathways they don’t need to share user data related to cyber threats with the government — while allowing the government to use that information for any purpose, with almost no privacy protections.
And because Speaker of the House Paul Ryan slipped the provision into the massive government omnibus spending bill that has to pass — or else the entire government will shut down — it seems doomed to become law.
The text of the bill — now knowns as the Cybersecurity Act of 2015, formerly known as CISA — wasn’t released until shortly after midnight Wednesday morning, giving members of Congress essentially no time to do anything about it.
The bill would remove a restriction on direct information sharing with the National Security Agency and the Pentagon; would eliminate a restriction on the government’s use of that information for surveillance activities; would allow law enforcement to use the information to prosecute any and all crimes; and would leave it up to the individual agencies to scrub personally identifying information when they feel like it.
“If someone hacks a health insurance company like Blue Cross/Blue Shield, and they get scared and hand over all the medical records that were exposed in the hack, the NSA could share those records with the DEA, who could use them in ongoing investigations that have nothing to do with cyber security or terrorism,” wrote Evan Greer, campaign director for Fight for the Future, a digital rights advocacy group.
The House Homeland Security Committee chaired by Rep. McCaul, R-Tex., had proposed a series of privacy protections from a previous House version of the cyber bill, but they were stricken from the new version that emerged from the Speaker’s office.
“The bill is all the worst parts” of the different cyber security bills negotiated in recent months, Nathan White, senior legislative manager for Access Now, told The Intercept. “It was negotiated in secret…it’s a sneaky process they’ve used.”
Because of the last-minute timing, members of Congress “are not even going to know what they’re passing,” White said. “We don’t have time to get an informed vote, they’re pulling a fast one on the Senate.”
And the White House is reportedly on board. According to a leaked document published by Dustin Volz of Reuters, titled “Summary administration priorities for CISA”, the White House’s priorities line up with the new version of the bill—despite the fact that the administration threatened a veto over very similar legislation in 2013.
According to several technologists, information sharing isn’t a real solution to preventing cyberattacks. The best defense is better cyber hygiene. “When you’ve got an epidemic, the answer is you should be washing your hands every time you use the bathroom. It’s just not a sexy thing to say,” Lee Tien, senior staff attorney at the Electronic Frontier Foundation told The Intercept last January following President Obama’s State of the Union address, which focused heavily on cybersecurity.
Some opposition to the new bill has emerged among digital-rights supporting lawmakers and organizations, both Democratic and Republican. But they face off against the immensely powerful intelligence committees in the House and the Senate, congressional leadership, and the White House.
“Members of Congress are intentionally kept in dark so we don’t have time to rally opposition to particular measures,” Libertarian-leaning Rep. Justin Amash, R-Mich., wrote on Twitter.
Rep. Zoe Lofgren, D-Calif., warned that the bill would “accomplish little more than increased unwarranted surveillance of US persons, sharing private information with prosecutors, and feeding the NSA dragnet.”
“This ‘cybersecurity’ bill was a bad bill when it passed the Senate and it is an even worse bill today,” said Sen. Ron Wyden, D-Ore. “Americans deserve policies that protect both their security and their liberty. This bill fails on both counts. Cybersecurity experts say CISA will do little to prevent major hacks and privacy advocates know that this bill lacks real, meaningful privacy protections,” Wyden wrote in a press release.
Overall, there wasn’t much hope among the conservative groups. “We certainly would have liked more time to bring this issue to the attention of libertarians and conservatives. Unfortunately, the way the final bill was conferenced–keeping Chairman McCaul out of any substantive discussions and disregarding many of his concerns around the reconciliation process–moved it quicker than we anticipated,” wrote Ryan Hagemann of the Niskanen Center in an e-mail to the Intercept.
--
It's better to burn out than fade away.
More information about the Infowarrior
mailing list