How Big Business Is Helping Expand NSA Surveillance, Snowden Be Damned
How Big Business Is Helping Expand NSA Surveillance,
Snowden Be Damned
By Lee Fang Today at 9:08 AM
Since November 11, 2011, with the introduction of the
Cyber Intelligence Sharing and Protection Act, American spy agencies have been
pushing laws to encourage corporations to share more customer information. They
repeatedly failed, thanks in part to NSA contractor Edward Snowden’s
revelations of mass government surveillance. Then came Republican victories in
last year’s midterm Congressional elections and a major push by corporate
interests in favor of the legislation.
Today, the bill is back, largely unchanged, and if
congressional insiders and the bill’s sponsors are to believed, the legislation
could end up on President Obama’s desk as soon as this month. In another boon
to the legislation, Obama is expected to reverse his past opposition and sign
it, albeit in an amended and renamed form (CISPA is now CISA, the
“Cybersecurity Information Sharing Act”). The reversal comes in the wake of
high-profile hacks on JPMorgan Chase and Sony Pictures Entertainment. The bill
has also benefitted greatly from lobbying by big business, which sees it as a
way to cut costs and to shift some anti-hacking defenses onto the government.
For all its appeal to corporations, CISA represents a
major new privacy threat to individual citizens. It lays the groundwork for
corporations to feed massive amounts of communications to private consortiums
and the federal government, a scale of cooperation even greater than that
revealed by Snowden. The law also breaks new ground in suppressing pushback against
privacy invasions; in exchange for channeling data to the government,
businesses are granted broad legal immunity from privacy lawsuits — potentially
leaving consumers without protection if companies break privacy promises that
would otherwise keep information out of the hands of authorities.
Ostensibly, CISA is supposed to help businesses guard
against cyber attacks by sharing information on threats with one another and
with the government. Attempts must be made to filter personal information out of
the pool of data that is shared. But the legislation — at least as marked up by
the Senate Intelligence Committee — provides an expansive definition of what
can be construed as a cyber security threat, including any information for
responding to or mitigating “an imminent threat of death, serious bodily harm,
or serious economic harm,” or that is potentially related to threats relating
to weapons of mass destruction, threats to minors, identity theft, espionage,
protection of trade secrets, and other possible offenses. Asked at a hearing in
February how quickly such information could be shared with the FBI, CIA, or
NSA, Deputy Undersecretary for Cybersecurity Phyllis Schneck replied,
“fractions of a second.”
Questions persist on how to more narrowly define a cyber
security threat, what type of personal data is shared, and which government
agencies would retain and store this data. Sen. Ron Wyden, D-Ore., who cast the
lone dissenting vote against CISA on the Senate Intelligence Committee,
declared the legislation “a surveillance bill by another name.” Privacy
advocates agree. “The lack of use limitations creates yet another loophole for
law enforcement to conduct backdoor searches on Americans,” argues a letter
sent by a coalition of privacy organizations, including Free Press Action Fund
and New America’s Open Technology Institute. Critics also argue that CISA would
not have prevented the recent spate of high-profile hacking incidents. As the
Electronic Frontier Foundation’s Mark Jaycox noted in a blog post, the JPMorgan
hack occurred because of an “un-updated server” and prevailing evidence about
the Sony breach is “increasingly pointing to an inside job.”
But the intelligence community and corporate America have
this year unified behind the bill. For a look into the breadth of the corporate
advocacy campaign to pass CISA, see this letter cosigned by many of the most
powerful corporate interests in America and sent to legislators earlier this
year. Or another letter, reported in the Wall Street Journal, signed by
“general counsels of more than 30 different firms, including 3M and Lockheed
Martin Corp.”
The partnership between leading corporate lobbyists and
the intelligence community was on full display at a cyber security summit
hosted by the U.S. Chamber of Commerce a few days before the midterm election
last year, in which NSA director Admiral Mike Rogers asked a room filled with
business representatives for support in passing laws like CISA. At one point,
Ann Beauchesne, the lead homeland security lobbyist with the U.S. Chamber of
Commerce, asked Rogers, “How can the chamber be helpful to you?” — even
suggesting a viral marketing campaign akin to the “ALS ice bucket challenge” to
build public support. Watch the exchange below:
Rogers specifically mentioned during his speech before
the Chamber how corporations who partner
with agencies like the NSA can shift some of their information security
work to the government — a major cost
savings. “You have information that I need and I think I have information that
can be of value to you,” Rogers said.
At the moment, there are multiple versions of CISA,
including information sharing proposals from the House Homeland Security
Committee and Sen. Tom Carper, D-Del., but momentum has moved behind the Senate
Intelligence Committee version, amended under Chairman Sen. Richard Burr,
R-N.C., and Ranking Member Sen. Diane Feinstein, D-Calif. “The robust privacy
requirements and liability protection make this a balanced bill, and I hope the
Senate acts on it quickly,” said Feinstein as CISA passed 14-1 in a secret,
closed session of the Senate Intelligence Committee.
Reversing course over past opposition to the previous
iteration of the bill, CISPA, the White House has demonstrated firm support for
information sharing legislation this year. And more importantly, the Senate has
drastically changed, helping to create a far more National Security
Agency-friendly Congress. Sen. Mark Udall, D-Col., the chief opponent of CISA
last session, was defeated in his reelection campaign last November, and the
new Senate Majority Leader Sen. Mitch McConnell has made CISA a “priority.”
Comments
Post a Comment