In what looks like an attempted end-run around the recent anti-surveillance atmosphere in Washington, the government may be colluding with private industry to strengthen an already solid grip on personal spying. A perfect example of this cooperation can be found in a bill before the Senate, the Cybersecurity Information Sharing Act (CISA), which according the an article appearing in The Hill, is a surveillance bill masquerading as cybersecurity legislation. You be the judge.
The proposed law would grant companies new authority to monitor their users on their systems and then be given immunity from prosecution under virtually all existing surveillance laws. These so-called cyber threat indicators which would trigger sharing could be anything from email content to passwords, IP addresses, or plain old personal information. The measure’s language encourages companies to liberally comply and include as many personal details as possible.
If this wasn’t worrisome enough, armed with this information the government can then travel upstream to exploit a loophole allowing them to legally collect domestic data directly from the cables and switches that make up the Internet. So what they once did only to identify hackers, they can now do to spy more on the general public. Thus, the government and hackers would be gleaning the same information, though hopefully for different purposes. Once collected, the government agencies could store them forever to peruse at their leisure and discretion. The result is an increase in massive databases on innocent individuals.
The problem cannot be easily remedied by the courts who, aside from largely being kept in the dark on these matters, could not be made aware of the great surveillance snatch. But more troublesome and furtive is that CISA would not allow any disclosures even under the Freedom of Information Act. Another reason: how would you even know if your private information is being scooped up? All of this information can be passed around the government and handed down to local law enforcement to be used in investigations that have nothing to do with cyber crime, without requiring them to ever use a warrant. So CISA would give law enforcement a ton of new data with which to prosecute you for virtually any crime while simultaneously protecting the corporations that share the data from prosecution for any crimes possibly related to it.
This travesty is occurring without a whimper from the White House which should come as no surprise given how this administration’s policies have run roughshod over personal privacy in the past. Also, with an upcoming election cycle (doesn’t there always seem to be one in the US?) all you need do is follow the money as the defense industry has lobbied hard and put their wallets where their mouths are. Politicians who are directly paid by them are lining up to support this legislation. No surprise there. They trot out the tired rhetoric of national security and seek to capitalize and recent alleged hacks by China and Russia to point out the necessity of beefing up security.
But cybersecurity experts are not ready to climb on board. They are skeptical that CISA will thwart cyber attacks. What it is most likely to do is provide the government with more openings to exploit personal, private information for their advantage and to keep it available to be scrutinized by all levels of law enforcement right down to your local PD – all without so much as a warrant. This administration under the auspices of the FCC has already taken steps to cement the government’s role vis a vis the Internet by classifying it as a utility under the misguided net neutrality banner. CISA is but another nail in the coffin of Internet privacy. But who would have thought that private industry would be so easily manipulated and so willingly complicit?