Online: | |
Visits: | |
Stories: |
Story Views | |
Now: | |
Last Hour: | |
Last 24 Hours: | |
Total: |
Lodged toward the bottom of the 2000-plus page, $1.1 trillion omnibus spending bill is the Cybersecurity Act of 2015 (it starts on page 1,728 here if you’re feeling like a masochist). This is what has come of the Cybersecurity Information Sharing Act (CISA), the controversial (in tech quarters where people are paying attention anyway) legislation that encourages private businesses to share customer data with the federal government in exchange for liability from lawsuits in the case of data breaches, all under the guise of fighting cybercrime.
The controversy is that this alleged cybersecurity legislation actually appears to be a new form of authorization for surveillance. Experts say it won’t actually improve cybersecurity at all (partly because the federal government has a poor reputation for handling such data), and major tech companies like Apple, Google, and Twitter oppose it.
But here it is, being shoved into a “must pass” bill, escorted in by new Majority Leader Paul Ryan (R-Wisc.). Evan Greer, campaign director of Fight for the Future, an activist group fighting the passage of CISA-style privacy-threatening Internet regulations, has a dim view of the legislation.
“There’s been a bunch of negative changes to the bill over the last couple of weeks,” Greer says. “It went from something that was supposed to be a cybersecurity bill and has become a surveillance bill. It has even become a mass incarceration bill. … They’ll be able to investigate, prosecute and jail people for a wide variety of offenses that having nothing to do with cybersecurity and terrorism.”
I noted last week the problems with some of the privacy components being stripped out. What privacy advocates want is for the Department of Homeland Security (DHS) to handle making sure identifiable information gets redacted from information before it gets disseminated to organizations like the NSA. Why does it matter? Greer explained that the DHS, as a “civilian” organization has stricter rules about protecting private information than the NSA. Here’s how TechDirt describes the weakening of the already weak CISA privacy protections:
A handful of privacy-oriented legislators from both parties, Rep. Justin Amash (R-Mich.), Rep. Zoe Lofgren (D-Calif.), Rep. Jared Polis (D-Colo.) and Rep. Ted Poe (R-Texas), sent a letter to other legislators expressing concerns about privacy protections being stripped out.
In response, Rep. Adam Schiff (D-Calif.) a supporter of CISA, sent out a letter decrying some of the privacy fears as myths. Of course, since the 2,000-page Omnibus just dropped late last night, legislators and lawyers are going to have to go through the bill with a fine-tooth comb and try to figure out what actual privacy protections are real and what is simply smoke and mirrors.
Despite the White House’s threats of vetoing predecessors to CISA, new information seems to show the Obama administration wanting to use CISA for other forms of law enforcement besides cybersecurity and wants to make sure the NSA and Department of Defense may still have access to the information from private companies through other agreements outside CISA. The memo (read here, courtesy of Dustin Volz of Reuters) says at one point, “The final bill should track the Administration’s proposal and allow for limited, specific law enforcement use of cyber threat information for non-cybersecurity purposes.”
That concept did indeed make it into the final draft of the bill included in the omnibus. Here’s a list of the non-cybersecurity, non-terrorism-related purposes the government would be able to use the information they gather from the Cybersecurity Act of 2015:
Those are some pretty big loopholes in using the information domestically to track Americans for reasons that have absolutely nothing to do with fighting terrorism.
Stay tuned to see what happens as the omnibus bill gets more attention for the rest of the week.