Surveillance Bill Slipped Into Federal Spending Budget - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government
Commentary
12/18/2015
08:06 AM
Larry Loeb
Larry Loeb
Commentary
50%
50%

Surveillance Bill Slipped Into Federal Spending Budget

The controversial Cybersecurity Information Sharing Act (CISA) has been wrapped in crucial legislation handling much of the federal government's funding.

9 Ways To Bulletproof Your Privacy Policy
9 Ways To Bulletproof Your Privacy Policy
(Click image for larger view and slideshow.)

In a late-night session of Congress this week, Speaker of the House Paul Ryan (R-WI) announced an omnibus spending bill needed to prevent a government shutdown. However, buried in the 2,000 page document is the full text of the controversial Cybersecurity Information Sharing Act of 2015, which passed the Senate in October.

CISA has been widely criticized since it was first proposed in 2014. Senator Ron Wyden (D-OR) has called it "a surveillance bill by another name."

While the bill makes it easier for private sector companies to share user information with the government and other companies, it also removes privacy and liability protections in the name of better cybersecurity.

Critics like Wyden, along with other privacy advocates and many major tech companies, say removing those protections would turn Internet backbone companies into de facto surveillance organs. These companies would have no reason or incentive to preserve user privacy.

(Image: nikauforest/iStockphoto)

(Image: nikauforest/iStockphoto)

The omnibus version of the bill is even more invasive than previous versions. It removes the prohibition on information-sharing with the NSA, which means that information can be shared directly with the NSA (and US Department of Defense) without having to first go through the Department of Homeland Security, according to a report on TechDirt. 

The report also notes that the new version removes the restrictions on using information for surveillance activities, gets rid of the limitations that required the government to use only information for cybersecurity purposes, and ditches the requirement to scrub personal information unrelated to a cybersecurity threat before sharing that information.

[Read Tech Companies Get Poor Marks for Data Privacy.]

The Electronic Frontier Foundation issued a statement on the cybersecurity bill added to the Congressional year-end budget package, saying that it is "a combination of three bad cybersecurity bills passed by Congress this year: two pieces of legislation in the House," and CISA.

The EFF added:

The bills are also opposed by other privacy advocates, civil society organizations, computer security experts, and many Silicon Valley companies as the bills ignore the fact that companies and security experts can already share the much-needed technical information to stop computer security threats. Maybe more importantly, the bills do not address problems from the recent highly publicized computer data breaches that were caused by unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.

In short, the EFF says that CISA will do nothing to ameliorate the true causes of cyberattacks, and that it merely serves as a way for the government to monitor the activities of users.

The House Intelligence Community has said that the claims being made against CISA are inaccurate. While surveillance is not directly listed as a use of the bill, the information gathered through CISA can be used to investigate a variety of crimes, such as "a specific threat of death, a specific threat of serious bodily harm, or a specific threat of serious economic harm, including a terrorist act or a use of a weapon of mass destruction."

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 18, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 18, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
larryloeb
100%
0%
larryloeb,
User Rank: Author
12/20/2015 | 7:23:06 PM
RE: Yeah, here we go again.
Your name intrigues me.

Where do you ge the raw materials?

[g]
organ donors, inc.
0%
100%
organ donors, inc.,
User Rank: Guru
12/19/2015 | 10:04:41 PM
RE: Yeah, here we go again.
... oh, and God forbid we should allow anyone to abridge anyone's right to arm themselves with ridiculously overpowered assault weapons.

I personally think that will kill more people than encryption. But that's just me...
organ donors, inc.
50%
50%
organ donors, inc.,
User Rank: Guru
12/19/2015 | 10:01:34 PM
Yeah, here we go again.
It has reached the point where I just automatically assume that the government is listening to me all the time.

You just have to think this way. When you send an email, talk on the phone (either cell or landline), use cloud services of any sort, navigate via GPS... any of these things that use internet or network-based services - you have to believe that there may be someone else listening.

I'm just waiting for the first test-case if they try to pass a law restricting or weakening encryption. Hoo boy. That will be interesting.

Then you'll have constitutionality tests (freedom of speech, freedom to assemble). You'll have all kinds of interesting arguments come up.

Frankly, I can't wait. Hope I'm not too old when it happens; I want to be there.
larryloeb
100%
0%
larryloeb,
User Rank: Author
12/19/2015 | 2:06:46 PM
Re: Unconstitutional
Gee, tell us what you really think.  [g]

Mainstream mediateers aren't even mentioning this, btw. Joe Sixpack doesn't even know it's there. Just the way they want it.

It's coming down, gang. big time.
Banacek
100%
0%
Banacek,
User Rank: Ninja
12/19/2015 | 1:59:42 PM
Unconstitutional
Basically this 'act' was converted from a cybersecurity issue and turned into the "How to bypass the restrictions now put upon us by the FREEDOM Act and other restrictions some in the government dared decide to block our ability to gather information on anyone we want". And don't to me about safety, security, or terrorism. Like we're supposed to just trust the government when they tell us "No, we need this to stop bad people!" It didn't stop Paris. Didn't stop San Bernadino. Didn't stop Colorado (or did they know about the guy in colorado, but because he wasn't muslim, they ignored it?). Didn't stop Charleston. Doesn't stop any of the violence that goes on in the USA.

Apparently if Americans kill Americans out of hatred, racism, bigotry, greed, etc., that's OK. 14,000 murdered in the US yearly, that's fine. Just as long as it doesn't involve Muslims, we don't need to worry about it. 

And I just can't stand the republicans who yell and scream about the sanctity of the constitution of the United States (and how Obama is flaunting it) and yet seem to think stuff like this is perfectly OK. They pretend to be better than your average politician (you know, those democrats) but they talk out of both sides of their mouth just like everyone else in government.
larryloeb
100%
0%
larryloeb,
User Rank: Author
12/18/2015 | 5:41:24 PM
Re: Suveillance
If they were just worried about "criminals" they wouldn't have made it a raw surveillance bill.

They can now legally watch everything. Everything.

Time for true end-to-end encryption on everything you do.
danielcawrey
100%
0%
danielcawrey,
User Rank: Ninja
12/18/2015 | 5:04:52 PM
Suveillance
I understand the need for keeping tabs on criminal activity on the internet. That problem is only growing. But I think the American people also should be concerned that there is too much snooping into the regular lives of people. It's a balance I know is tough for lawmakers, and it only takes massive media scruitny for Americans to get fed up with these types of programs. 
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll