Read

User menu

Search form

Senate Passes Cybersecurity Bill With Huge Privacy Flaws – A Backdoor to Surveillance

Senate Passes Cybersecurity Bill With Huge Privacy Flaws – A Backdoor to Surveillance
Thu, 10/29/2015 - by Andy Greenberg and Yael Grauer
This article originally appeared on Wired

For months, privacy advocates have asked Congress to kill or reform the Cybersecurity Information Sharing Act, a bill that they say hides new government surveillance mechanisms in the guise of security protections. Now the Senate has shot down a series of attempts to change the legislation’s most controversial measures, and then passed it with those privacy-invasive features fully intact.

On Tuesday afternoon, the Senate voted 74 to 21 to pass a version of CISA that roughly mirrors legislation passed in the House earlier this year, paving the way for some combined version of the security bill to become law. CISA is designed to stem the rising tide of corporate data breaches by allowing companies to share cybersecurity threat data with the Department of Homeland Security, who could then pass it on to other agencies like the FBI and NSA, who would in theory use it to defend the target company and others facing similar attacks. That landslide vote was no doubt fueled in part by a year of massive hacks that hit targets including the health insurer Anthem, Sony, and the Office of Personal Management.

But privacy advocates and civil liberties groups see CISA as a free pass that allows companies to monitor users and share their information with the government without a warrant, while offering a backdoor that circumvents any laws that might protect users’ privacy. “The incentive and the framework it creates is for companies to quickly and massively collect user information and ship it to the government,” says Mark Jaycox, a legislative analyst for the civil liberties group the Electronic Frontier Foundation. “As soon as you do, you obtain broad immunity, even if you’ve violated privacy law.”

The version of CISA passed Tuesday, in fact, spells out that any broadly defined “cybersecurity threat” information gathered can be shared “notwithstanding any other provision of law.” Privacy advocates consider that a vague and potentially reckless exemption in the protections of Americans’ personal information. “Every law is struck down for the purposes of this information sharing: financial privacy, electronic communications privacy, health privacy, none of it would matter,” says Robyn Greene, policy counsel for the Open Technology Institute. “That’s a dangerous road to go down.”

Before passing the bill Tuesday afternoon, Senators first voted on a series of amendments that sought to reform the bill’s privacy protections. They ultimately rejected all of them. One of those now-tossed amendments put forward by Senator Al Franken would have narrowed the definition of “cybersecurity threat” and “threat indicators” covered by the bill. Franken’s amendment lost by a vote of 35 to 60. Another amendment from Senator Ron Wyden required companies to remove personal data from those cyber threat “indicators” before sharing them unless that personal information is necessary to describe or identify the threat. It lost by a vote of 41 to 60.

CISA’s supporters argue that critics’ privacy concerns are misunderstandings. Senate Intelligence Committee chair Richard Burr last week released a list of “myths” about CISA, including its enabling of surveillance. The statement points out that CISA’s corporate information sharing is voluntary, and that companies are required to strip out personally identifiable information from any data before sharing.

“I still say today to those folks in this institution and outside this institution that are concerned with privacy, I think [Senator Dianne Feinstein] and I have bent over backwards to accommodate concerns,” Burr said on the Senate floor Tuesday morning. “Some concerns still exist. We don’t believe they’re necessarily accurate, and only by utilizing this system will we understand if we’ve been deficient anywhere.”

But privacy advocates have countered this argument about CISA’s voluntary nature by pointing out that companies could be required to participate in its data collection to receive help from the government, creating strong incentives to share data. “Not to comply might actually harm their corporate interests and put their customers at risk,” wrote Amie Stepanovich of the digital civil liberties group Access Now in an op-ed for WIRED. “A world where a company is forced to betray its users in order to protect them is backward indeed.”

And when it comes to removing users’ personal information from data before sharing it, the latest form of CISA is less privacy-protective than even the version of the bill known as the Protecting Cyber Networks Act that passed the House Intelligence Committee in March. That version of the legislation required that companies not share information that they “reasonably believe” to contain information that personal identifies users. But the same protection in the Senate bill stipulates that companies not give up information that they “know at the time of sharing” to contain that sensitive information. That lower bar means companies who don’t fully examine data they share could nonetheless pass it on to the government and plead ignorance of any users’ personal information it contains.

CISA still faces some hurdles to becoming law. Congressional leaders will need to resolve remaining differences between the bills passed in the Senate and the House. The Open Technology Institute’s Robyn Greene argues that the relatively close votes that rejected privacy-protecting amendments like Wyden’s and Franken’s show that there could still be strong debate over the details of the bill in that process. She points to the 41 votes in favor of Wyden’s amendment as a sign that the bill could even be filibustered to delay its ultimate passing into law. “There’s power in that and leverage to negotiate that Americans’ privacy is better protected,” Greene says. “There are Senators who will take a stand on this, and won’t accept a bill that doesn’t adequately safeguard privacy.”

President Obama could also still veto CISA, though that’s unlikely: The White House endorsed the bill in August, an about-face from an earlier attempt at cybersecurity information sharing legislation known as CISPA that the White House shut down with a veto threat in 2013.

CISA has faced opposition from the security community, which has largely objected to claims that information-sharing effectively stops cyberattacks. Tech firms also oppose the bills, arguing it will diminish their users’ trust in sharing private information with companies. Apple, Reddit, Twitter, the Business Software Alliance, the Computer and Communications Industry Association, and other tech firms have all publicly opposed the bill. And a coalition of 55 civil liberties groups and security experts all signed onto an open letter opposing the bill in April. Even the Department of Homeland Security itself has warned in a July letter that the bill could flood the agency with information of “dubious value” at the same time as it “sweep[s] away privacy protections.”

None of that was enough to sway the Senate against CISA. “You had computer security researchers against this bill, much of Silicon Valley against this bill, privacy advocates and civil society groups against this bill,” says the EFF’s Jaycox. “Our biggest takeaway is disappointment.”

Originally published by Wired

Sign Up

Article Tabs

A special episode dedicated to the most militarized land in the world—one that you may not even have ever heard of.

Restoring Internet Freedom Order, FCC rules, net neutrality, Internet freedom, fast line, Big Telecom, telecommunications industry, Ajit Pai

Access matters, and unequal access can have onerous consequences for those who can’t afford the fast lane.

Brexit, Brexit opposition, Theresa May, Jeremy Corbyn, no-deal Brexit

“This historic defeat will show that the government is deadlocked – and we now need to throw this back to the people and give them a final say," said Paul Butters of Best for Britain.

manosphere, incels, misogyny, black men, black women, racism, sexism, Black Manosphere

In response to the racism often targeted exclusively toward black men on majority white digital spaces, black males have created their own manosphere – where they rail against black women.

Act Out! [187] - How Police Are A Public Health Issue + Extinction Rebellion’s Move To Save Humanity

First up, Policing is a public health issue. Next, Extinction Rebellion wants to save humanity. Here's how they're going about it.

A special episode dedicated to the most militarized land in the world—one that you may not even have ever heard of.

Global investors managing $32tn are urging governments to phase out all coal burning. Photograph: Alexander Koerner/Getty Images

Global investors managing $32 trillion issued a stark warning to governments at the UN climate summit on Monday, demanding urgent cuts in carbon emissions and the phasing out of all coal burning.

Restoring Internet Freedom Order, FCC rules, net neutrality, Internet freedom, fast line, Big Telecom, telecommunications industry, Ajit Pai

Access matters, and unequal access can have onerous consequences for those who can’t afford the fast lane.

Photo illustration by Slate. Photos by Medioimages/Photodisc/iStock/Getty Images Plus.

By doing away with single-family zoning, the city takes on high rent, long commutes, and racism in real estate in one fell swoop.

Brexit, Brexit opposition, Theresa May, Jeremy Corbyn, no-deal Brexit

“This historic defeat will show that the government is deadlocked – and we now need to throw this back to the people and give them a final say," said Paul Butters of Best for Britain.

manosphere, incels, misogyny, black men, black women, racism, sexism, Black Manosphere

In response to the racism often targeted exclusively toward black men on majority white digital spaces, black males have created their own manosphere – where they rail against black women.

Posted 6 days 10 hours ago
Act Out! [187] - How Police Are A Public Health Issue + Extinction Rebellion’s Move To Save Humanity

First up, Policing is a public health issue. Next, Extinction Rebellion wants to save humanity. Here's how they're going about it.

Posted 6 days 22 hours ago
Minds, anti-Facebook, crypto social network, surveillance programs, social media addiction

Now is the time to defend the remnants of the Information Revolution. Take off the corporate gag, close the social media surveillance blinds, and shift.

Posted 6 days 10 hours ago
Scott Walker, Wisconsin GOP, Wisconsin protests

Michigan’s Republican-led legislature is also trying to disempower the state’s newly-elected Democratic governor.

Posted 6 days 22 hours ago
rising emissions, climate catastrophe, Global Carbon Project, climate impacts, carbon emissions, carbon cuts

According to a new Global Carbon Project report, emissions are heading in the opposite direction to the deep cuts that are urgently needed to prevent the worst impacts of climate change.

Posted 3 days 7 hours ago
Brexit, Brexit opposition, Theresa May, Jeremy Corbyn, no-deal Brexit

“This historic defeat will show that the government is deadlocked – and we now need to throw this back to the people and give them a final say," said Paul Butters of Best for Britain.

rising inequality, income inequality, global wealth, costs of inequality

Americans pay a steep price for not spreading their wealth around as well as other developed countries.

rising emissions, climate catastrophe, Global Carbon Project, climate impacts, carbon emissions, carbon cuts

According to a new Global Carbon Project report, emissions are heading in the opposite direction to the deep cuts that are urgently needed to prevent the worst impacts of climate change.

Scott Walker, Wisconsin GOP, Wisconsin protests

Michigan’s Republican-led legislature is also trying to disempower the state’s newly-elected Democratic governor.

Protesters on Sunday in Katowice, which is hosting the UN climate conference. Photograph: Sadak Souici/Le Pictorium/Barcroft Images

The move shocked delegates at a UN conference in Poland as ministers flew in for the final week of climate talks.