SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
'Patriot Act 2.0'? Senate Cybersecurity Bill Seen as Trojan Horse for More Spying
Framed as anti-hacking measure, opponents say CISA threatens both consumers and whistleblowers
Mar 13, 2015
The U.S. Senate Intelligence Committee approved a cybersecurity bill during a secret session on Thursday, marking the next step in a process that critics warn will nefariously expand the government's already substantial surveillance powers.
The Cybersecurity Information Sharing Act (CISA), which passed by 14-1 vote, would ostensibly protect against large-scale data thefts of private consumer information, exemplified by recent hacks of Target, Sony, and Home Depot. But critics--including the lone dissenting voice on the committee Sen. Ron Wyden (D-Or.)--say it would open the door for continued invasive and unlawful government spying operations.
Although Wyden denounced the measure as "a surveillance bill by another name," his opposition was unable to stop the proposal from being approved by the committee. The bill, which reportedly underwent a dozen changes during the meeting, will next go to the full Senate for debate. Its passage in committee, however, means it has already succeeded where other recent cybersecurity proposals have failed.
Committee chairman Sen. Richard Burr (R-N.C.) told reporters after the vote that CISA would allow for private-to-private, private-to-government, and government-to-private information sharing, "in a voluntary capacity."
"This current bill is critically important both for our agencies that keep the country safe, and the institutions that hold millions of Americans' personal information," Burr continued.
However, as ACLU media strategist Rachel Nusbaum noted on Thursday, making information-sharing "voluntary" during criminal proceedings means that the government would be able to obtain private data without a warrant.
That includes any instance in which the government uses the Espionage Act to go after whistleblowers, who, according to Nusbaum, "already face, perhaps, the most hostile environment in U.S. history." The new measure, she continued, "fails to limit what the government can do with the vast amount of data to be shared with it" by the these companies." Nusbaum called the measure "one of those privacy-shredding bills in cybersecurity clothing."
"This bill is arguably much worse than CISPA [Cyber Intelligence Sharing and Protection Act] and, despite its name, shouldn't be seen as anything other than a surveillance bill--think Patriot Act 2.0," Nusbaum said.
Thursday's meeting was closed to the public, but Wyden emerged after the vote and warned the bill "lacks adequate protections for the privacy rights of American consumers, and that it will have a limited impact on U.S. cybersecurity."
Sen. Dianne Feinstein (D-Calif.), the ranking Democrat on the panel, said Thursday that the newest version of the bill would allow companies to defend themselves against cyberattacks but would prohibit them from taking "countermeasures" if a breach occurred.
The Wall Street Journal writes:
The bill would attempt to funnel corporate intelligence about cybersecurity threats and breaches through the Department of Homeland Security, an important distinction for many companies that don't want the data to be housed in a military agency or an intelligence agency. DHS could share the information, if applicable, with other companies or other federal agencies, though it is supposed to be scrubbed to prevent the transfer of personal data about consumers.
Companies could also provide data to the NSA as long as it wasn't in "electronic form," according to Burr. If private customer data "finds its way to the federal government" following a hack, Burr added, "once we distribute it in real time and we realize there's personal information, any company that discovers it has to remove it or minimize it in a way that it can't be shared anywhere else."
A draft (pdf) of the measure released last month was met with resistance from privacy advocates who said its vague language could give license to the government to increase unwarranted surveillance of U.S. citizens. Burr and Feinstein said Thursday the new version of the bill takes those concerns into account--but the privacy community was hesitant to follow such praise without seeing the final version of the measure.
"We are glad that the Senate Intelligence Committee heard the privacy community's concerns, and we're eager to see if the changes to the bill will adequately address the significant threats to privacy and internet security that CISA has raised," Robyn Greene, policy counsel with New America's Open Technology Institute, said in a statement Thursday. "Based on how dangerously broad and vague the last version of the bill was, it would be surprising if the bill agreed to in secret today will garner the support of the privacy community."
Greene called the earlier draft "as much a backdoor for surveillance as it is a cybersecurity information-sharing bill."
In an interview with Wired on Thursday, she criticized the secretive nature of the meeting, stating, "This bill has the potential to seriously harm Americans' privacy rights and it wasn't even debated in public."
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The U.S. Senate Intelligence Committee approved a cybersecurity bill during a secret session on Thursday, marking the next step in a process that critics warn will nefariously expand the government's already substantial surveillance powers.
The Cybersecurity Information Sharing Act (CISA), which passed by 14-1 vote, would ostensibly protect against large-scale data thefts of private consumer information, exemplified by recent hacks of Target, Sony, and Home Depot. But critics--including the lone dissenting voice on the committee Sen. Ron Wyden (D-Or.)--say it would open the door for continued invasive and unlawful government spying operations.
Although Wyden denounced the measure as "a surveillance bill by another name," his opposition was unable to stop the proposal from being approved by the committee. The bill, which reportedly underwent a dozen changes during the meeting, will next go to the full Senate for debate. Its passage in committee, however, means it has already succeeded where other recent cybersecurity proposals have failed.
Committee chairman Sen. Richard Burr (R-N.C.) told reporters after the vote that CISA would allow for private-to-private, private-to-government, and government-to-private information sharing, "in a voluntary capacity."
"This current bill is critically important both for our agencies that keep the country safe, and the institutions that hold millions of Americans' personal information," Burr continued.
However, as ACLU media strategist Rachel Nusbaum noted on Thursday, making information-sharing "voluntary" during criminal proceedings means that the government would be able to obtain private data without a warrant.
That includes any instance in which the government uses the Espionage Act to go after whistleblowers, who, according to Nusbaum, "already face, perhaps, the most hostile environment in U.S. history." The new measure, she continued, "fails to limit what the government can do with the vast amount of data to be shared with it" by the these companies." Nusbaum called the measure "one of those privacy-shredding bills in cybersecurity clothing."
"This bill is arguably much worse than CISPA [Cyber Intelligence Sharing and Protection Act] and, despite its name, shouldn't be seen as anything other than a surveillance bill--think Patriot Act 2.0," Nusbaum said.
Thursday's meeting was closed to the public, but Wyden emerged after the vote and warned the bill "lacks adequate protections for the privacy rights of American consumers, and that it will have a limited impact on U.S. cybersecurity."
Sen. Dianne Feinstein (D-Calif.), the ranking Democrat on the panel, said Thursday that the newest version of the bill would allow companies to defend themselves against cyberattacks but would prohibit them from taking "countermeasures" if a breach occurred.
The Wall Street Journal writes:
The bill would attempt to funnel corporate intelligence about cybersecurity threats and breaches through the Department of Homeland Security, an important distinction for many companies that don't want the data to be housed in a military agency or an intelligence agency. DHS could share the information, if applicable, with other companies or other federal agencies, though it is supposed to be scrubbed to prevent the transfer of personal data about consumers.
Companies could also provide data to the NSA as long as it wasn't in "electronic form," according to Burr. If private customer data "finds its way to the federal government" following a hack, Burr added, "once we distribute it in real time and we realize there's personal information, any company that discovers it has to remove it or minimize it in a way that it can't be shared anywhere else."
A draft (pdf) of the measure released last month was met with resistance from privacy advocates who said its vague language could give license to the government to increase unwarranted surveillance of U.S. citizens. Burr and Feinstein said Thursday the new version of the bill takes those concerns into account--but the privacy community was hesitant to follow such praise without seeing the final version of the measure.
"We are glad that the Senate Intelligence Committee heard the privacy community's concerns, and we're eager to see if the changes to the bill will adequately address the significant threats to privacy and internet security that CISA has raised," Robyn Greene, policy counsel with New America's Open Technology Institute, said in a statement Thursday. "Based on how dangerously broad and vague the last version of the bill was, it would be surprising if the bill agreed to in secret today will garner the support of the privacy community."
Greene called the earlier draft "as much a backdoor for surveillance as it is a cybersecurity information-sharing bill."
In an interview with Wired on Thursday, she criticized the secretive nature of the meeting, stating, "This bill has the potential to seriously harm Americans' privacy rights and it wasn't even debated in public."
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The U.S. Senate Intelligence Committee approved a cybersecurity bill during a secret session on Thursday, marking the next step in a process that critics warn will nefariously expand the government's already substantial surveillance powers.
The Cybersecurity Information Sharing Act (CISA), which passed by 14-1 vote, would ostensibly protect against large-scale data thefts of private consumer information, exemplified by recent hacks of Target, Sony, and Home Depot. But critics--including the lone dissenting voice on the committee Sen. Ron Wyden (D-Or.)--say it would open the door for continued invasive and unlawful government spying operations.
Although Wyden denounced the measure as "a surveillance bill by another name," his opposition was unable to stop the proposal from being approved by the committee. The bill, which reportedly underwent a dozen changes during the meeting, will next go to the full Senate for debate. Its passage in committee, however, means it has already succeeded where other recent cybersecurity proposals have failed.
Committee chairman Sen. Richard Burr (R-N.C.) told reporters after the vote that CISA would allow for private-to-private, private-to-government, and government-to-private information sharing, "in a voluntary capacity."
"This current bill is critically important both for our agencies that keep the country safe, and the institutions that hold millions of Americans' personal information," Burr continued.
However, as ACLU media strategist Rachel Nusbaum noted on Thursday, making information-sharing "voluntary" during criminal proceedings means that the government would be able to obtain private data without a warrant.
That includes any instance in which the government uses the Espionage Act to go after whistleblowers, who, according to Nusbaum, "already face, perhaps, the most hostile environment in U.S. history." The new measure, she continued, "fails to limit what the government can do with the vast amount of data to be shared with it" by the these companies." Nusbaum called the measure "one of those privacy-shredding bills in cybersecurity clothing."
"This bill is arguably much worse than CISPA [Cyber Intelligence Sharing and Protection Act] and, despite its name, shouldn't be seen as anything other than a surveillance bill--think Patriot Act 2.0," Nusbaum said.
Thursday's meeting was closed to the public, but Wyden emerged after the vote and warned the bill "lacks adequate protections for the privacy rights of American consumers, and that it will have a limited impact on U.S. cybersecurity."
Sen. Dianne Feinstein (D-Calif.), the ranking Democrat on the panel, said Thursday that the newest version of the bill would allow companies to defend themselves against cyberattacks but would prohibit them from taking "countermeasures" if a breach occurred.
The Wall Street Journal writes:
The bill would attempt to funnel corporate intelligence about cybersecurity threats and breaches through the Department of Homeland Security, an important distinction for many companies that don't want the data to be housed in a military agency or an intelligence agency. DHS could share the information, if applicable, with other companies or other federal agencies, though it is supposed to be scrubbed to prevent the transfer of personal data about consumers.
Companies could also provide data to the NSA as long as it wasn't in "electronic form," according to Burr. If private customer data "finds its way to the federal government" following a hack, Burr added, "once we distribute it in real time and we realize there's personal information, any company that discovers it has to remove it or minimize it in a way that it can't be shared anywhere else."
A draft (pdf) of the measure released last month was met with resistance from privacy advocates who said its vague language could give license to the government to increase unwarranted surveillance of U.S. citizens. Burr and Feinstein said Thursday the new version of the bill takes those concerns into account--but the privacy community was hesitant to follow such praise without seeing the final version of the measure.
"We are glad that the Senate Intelligence Committee heard the privacy community's concerns, and we're eager to see if the changes to the bill will adequately address the significant threats to privacy and internet security that CISA has raised," Robyn Greene, policy counsel with New America's Open Technology Institute, said in a statement Thursday. "Based on how dangerously broad and vague the last version of the bill was, it would be surprising if the bill agreed to in secret today will garner the support of the privacy community."
Greene called the earlier draft "as much a backdoor for surveillance as it is a cybersecurity information-sharing bill."
In an interview with Wired on Thursday, she criticized the secretive nature of the meeting, stating, "This bill has the potential to seriously harm Americans' privacy rights and it wasn't even debated in public."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.