CISA: Big Brother Still Wants to Watch You
Have you been watching your back?
Our column for The Clyde Fitch Report in 2013 brought you the headline “Senate Scraps CISPA…But Watch Your Back”. CISPA was the Cyber Intelligence Sharing and Protection Act, the Internet-control bill which neocons in Congress tried to pass after earlier efforts failed to approve CISPA’s iron-fist brothers SOPA and PIPA.
Now in August 2015 we’re confronted with their fourth censoring-surveillance brother: CISA, which stands for the Cybersecurity Information Sharing Act. Congress is trying to fast-track it through to approval before going for vacation at the end of this week. The bill would allow private corporations and the federal government to share information about possible cyber threats — including private information about citizens obtained without a warrant.
CISA is opposed by some major defenders of American civil liberties, i.e. your rights under the Constitution to life, liberty and the pursuit of happiness without being constantly surveilled by Big Brother. They include the American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF), and Center for Democracy and Technology.
But, strange as this seems, CISA even has found an opponent in the surveilling federal agency that is supposed to administer it: the Department of Homeland Security (DHS). We say this is strange because we reported for CFR in May 2012 how DHS was hoping to control the Internet. We said then:
With the blessing of Barack Obama, the federal Department of Homeland Security (DHS) is planning to eventually take control of the Internet, according to a DHS counsel. Such a move by government logically would end citizens’ Constitutional right to freedom of expression, including limiting them to sharing only government-approved information.
Now, two years later, DHS doesn’t seem to care more about the Constitution regarding CISA, but fears it will have to share control with other agencies under the new proposed surveillance law. The information site vice.com reported Aug. 4:
Minnesota senator Al Franken asked the DHS to weigh in on the bill in early July. DHS Deputy Secretary Alejandro Mayorkas replied with a letter on Monday outlining the organization’s concerns, saying the bill as written would “sweep away important privacy protections.”
Why is the DHS suddenly so vocally pro-privacy? For one, it doesn’t want cyber threat information shared with other agencies. It said in the letter the bill’s authorization of sharing cyberthreat data would ”undermine the policy goals that were thoughtfully constructed to maximize privacy and accuracy of information.”
‘This will limit the ability of DHS to connect the dots and proactively recognize emerging risks and help private and public organizations implement effective mitigations to reduce the likelihood of damaging incidents,’ Mayorkas wrote.
As far back as March, the ACLU — the legal organization created to protect citizens’ Constitutional rights — issued a statement whose view of CISA came clear in the headline: “CISA Isn’t About Cybersecurity, It’s About Surveillance”. Written by Rachel Nusbaum, media strategist for the ACLU’s Washington legislative office, the statement noted:
Instead of focusing on ways to make our data (and the devices we store it on) more secure, Washington keeps offering up “cybersecurity” proposals that would poke huge holes in privacy protections and potentially funnel tons of personal information to the government, including the NSA and the military…Unfortunately, by all accounts, CISA is one of those privacy-shredding bills in cybersecurity clothing.
The bill could also pose a particular threat to whistleblowers – who already face, perhaps, the most hostile environment in U.S. history – because it fails to limit what the government can do with the vast amount of data to be shared with it under this proposal. CISA would allow the government to use private information, obtained from companies on a voluntary basis (and so without a warrant) in criminal proceedings – including going after leakers under the Espionage Act.
If you are wondering how giving companies a free pass to share our personal information with the government will make our data more secure, you aren’t alone. We’ve already written about why real cybersecurity doesn’t need to sacrifice our privacy.
EFF, the U.S.-based international nonprofit digital rights group, in late July noted on its website:
CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers. Combined, they make the bill a surveillance bill in disguise. The bill may even make things worse for Internet users in several ways…
…Not only does CISA grant companies more power to obtain “cyber threat indicators” and to disclose that data to the government without a warrant—it requires real time sharing of that information to military and intelligence agencies, including the NSA. In other words, cyber threat indicators shared with any agency would be automatically shared with the NSA—all without requiring companies to strip out personally identifying information.
To make matters worse, CISA grants the government too much discretion in how to use the information for non-cybersecurity purposes. It also contains exemptions to the Freedom of Information Act, which will keep the public in the dark about what information is being collected, shared, or used.
EFF is encouraging opponents of the bill to “Visit the Stop Cyber Spying coalition website where you can email and fax your Senators and tell them to vote no on CISA.”