Senate, Once Again, Looks To Bring Back CISA: Surveillance Expansion Bill Pretending It's A Cybersecurity Bill
from the information-sharing-with-whom dept
We’ve discussed the “cybersecurity” bill, CISA, that’s been making its way through Congress a few times, noting that it is nothing more than a surveillance expansion bill hidden in “cybersecurity” clothing. As recent revelations concerning NSA’s surveillance authorities have made quite clear, CISA would really serve to massively expand the ability of the NSA (and other intelligence agencies) to do “backdoor searches” on its “upstream” collection. In short, rather than protecting any sort of security threat, this bill would actually serve to give the NSA more details on the kind of “cyber signatures” it wants to sniff through pretty much all internet traffic (that it taps into at the backbone) to collect anything it deems suspicious. It then keeps the results of this, considering it “incidental” collections of information.
In an incredibly cynical move, supporters of the surveillance state have seen OPM hacks as a ridiculous excuse to push to pass this bill. Senator Mitch McConnell tried to include it in the defense appropriations bill by pointing to the OPM hack. That gambit, thankfully, failed.
But that’s not stopping the supporters of the surveillance state. During recent Congressional hearings, surveillance state supporter Senator John Cornyn claimed that CISA would be back for a vote before the end of the month, despite having failed multiple times in previous attempts. And, earlier this week, McConnell similarly announced plans to bring it up for a vote soon — and, again in the context of the OPM hack. Here’s McConnell being interviewed on Fox News by Bret Baier:
BAIER: Senator, you mentioned cybersecurity. Hackers broke into the U.S. Office of Personnel Management, stealing background investigation forms, fingerprint records, Social Security numbers for more than 22 million people….
[….]
MCCONNELL: This is a total mess. It’s no wonder they had a hard time with the Web site which they launched Obamacare. These cybersecurity issues are enormously significant. What we’re going to do is before August, take a step in the direction of dealing with the problem with information sharing bill that I think will be broadly supported. This is an administrative disaster that the president needs to get a hold of and get straightened out soon.
What no one asks McConnell (of course) is how CISA would have had any impact on the OPM hack. Or, hell, how it would help stop a single online attack anywhere. Because that’s a question no one seems willing to answer. Because the answer was already made abundantly clear by Senator Ron Wyden in opposing this bill. It’s not about cybersecurity at all. It’s about surveillance.
Filed Under: cisa, cybersecurity, information sharing, john cornyn, mitch mcconnell, opm, opm hack, surveillance
Comments on “Senate, Once Again, Looks To Bring Back CISA: Surveillance Expansion Bill Pretending It's A Cybersecurity Bill”
Reality Check
Passing or not passing a bill has no relevance on the agencies version of “reality”.
The agencies have already demonstrated that whatever law is written can be “interpreted” to mean what ever they want it to mean, and therefore let them do whatever it is they want to do.
A targeted law just means having to use the “not under this program” excuse.
They are going to monitor everything on everyone all the time. Let’s check on where they are now:
Cell Location? Check.
Who you call and who calls you? Check.
Auto Location? – ALPRs everywhere. Check
Friends? – facebook et. al. scraped and analyzed? Check
email? all intercepted, stored, key-word analyzed. Check.
Packages? Intercepted and “modified”. Check
Software Security? Weakened at the very source. Check.
Software Vulnerability? #1 purchaser of day 0 exploits. Check.
Where you work? IRS knows, they all know. Check
How much you make? IRS knows, they all know. Check
Whether or not you are a “valued citizen” ? (i.e. contribute the right amounts to the right candidates) Check.
One more law to work around? Check.
Time for us to secure everything we have and do. VPNs for all – free SSL certs are coming – use ’em. Phone encryption – get it.
They are forcing us to lock down and make them “go dark”.
Call it Check and Mate.
Of course the bill would have made a difference.
It would have meant the identity of the person leaking the fact the hack had happened, available to the powers that be, so they could make their lives in a 4x6ft cell as miserable as possible.
I mean, how irresponsible of them to worry the Proles like that? Flogging is too good for them.
No matter how hard we push back, they have the luxury of trying and trying again until they get their way. And they always do, in the end…
Re: Re:
because you like most other American citizens are too stupid to know how to properly fight back against government corruption.
http://fija.org/
The next time you are asked to serve on a Jury, this time do in the right way! The Original American Way!
Re: Re:
Umm, vote maybe?
Re: Re: Re:
I thought that voting “maybe” was not allowed!!
What we’re going to do is before August, take a step in the direction of dealing with the problem with information sharing bill that I think will be broadly supported.
We’ve had enough “information sharing” with (presumably) the Chinese, due to the incompetence of those charged with protecting information they collect “voluntarily.”
Surely the information we involuntarily provide will be afforded the same set of protections as the OPM data – is that really what he’s arguing for?
/smh
Re: Re:
They did outsource parts of the IT to Brazil and China.
Expanding your spying powers doesn’t prevent people hacking your networks. Old people need to retire they are fucking up the world.
Re: Re:
Hey, do not tar all old people with the same brush. Also young fascists are just as bad as old fascists, and the problem is fascists in power, rather than old people in power.
Re: Re: Re:
It tends to be old people that cause problems because they have more time to gain influence and cause real long lasting problems. Also with age comes the problem of taking in new information and breaking from previous thought patterns. They also tend to not be around to experience the downside of their actions.
Did he just blurt out Obamacare randomly? Is a subliminal mind game or a reflex that causes this?
Hoarding Zero-Day Exploits
Well, it would be rather ironic, if the breach at OPM had happened through a vulnerability which was known to the NSA or CIA, but which hadn’t been disclosed because they had wanted it to use for attacks/surveillance purposes.
Anyway, it will only be a question of time until exactly this scenario will happen.
Because you can either have security, or surveillance.
From my Senatrix (Dianne Feinstein)
Thank you for contacting me to share your concerns about the “Cybersecurity Information Sharing Act” (S. 752). I appreciate hearing your feedback, and welcome the opportunity to provide additional information about this bill.
As you know, the threat of cybersecurity attacks is among the greatest threats our nation faces. American financial institutions have incurred multi-million dollar losses due to cyber thefts. Even computer security companies and national security agencies like the FBI and Department of Defense have fallen victim to cyber attacks. Cyber attackers also hack into our personal computers, access our private information, and use our computers to launch other cyber attacks. These cyber intrusions affect the United States in substantial and real ways, and the threat is only growing. Unfortunately, experts agree that cybersecurity practices will not improve, allowing this vulnerability to remain, without legislation designed to strengthen the cyber defenses of critical infrastructure and to enhance the sharing of cyber threat information between and among the private sector and the government.
To help both our government and private businesses deal with threats from the constantly advancing cyber threats, on March 12, 2015, the Senate Intelligence Committee—of which I am currently Vice Chairman—passed the “Cybersecurity Information Sharing Act” (S. 752) by a strong bi-partisan vote of 14-1. This bill calls for voluntary information sharing of cyber threat information between U.S. Intelligence and law enforcement agencies and private companies. I believe this legislation, should it be enacted into law, will improve the ability of the federal government and private companies to identify malicious code or cyber attack signatures more rapidly.
It is important to note that the “Cybersecurity Information Sharing Act” contains robust privacy measures to ensure that information shared with the federal government is protected. For example, it would require companies to remove personal information from any cybersecurity information provided to the government that is not necessary for the purpose of addressing a cybersecurity threat. It would not provide any new authorities for conducting surveillance, nor would it address intellectual property rights on the Internet. Participation in information sharing under this bill would be voluntary, and the bill would limit the government’s ability to use private sector cyber information for approved cyber security purposes. The authority provided by the bill for companies to share information is limited to the sharing of cyber threat indicators and cyber defensive measures.
After reviewing intelligence on cyber threats for many years, it is clear to me that cyber attackers are causing major damage to Americans, our national security, and our economy. Please know that as Vice Chairman of the Senate Intelligence Committee, I am dedicated to fighting the threats we face and I believe this bill will help us in our fight against cyber attacks.
Again, thank you for your letter. I appreciate knowing your views and hope you will continue to inform me of issues that matter to you. If you have any additional questions or concerns, please do not hesitate to contact my office in Washington D.C. at (202) 224-3841.
…
All the ughs. All of them.