Congress Drops All Pretense: Quietly Turns CISA Into A Full On Surveillance Bill

from the even-worse-than-before dept

Removes the prohibition on information being shared with the NSA, allowing it to be shared directly with NSA (and DOD), rather than first having to go through DHS. While DHS isn't necessarily wonderful, it's a lot better than NSA. And, of course, if this were truly about cybersecurity, not surveillance, DHS makes a lot more sense than NSA. Directly removes the restrictions on using this information for "surveillance" activities. You can't get much more direct than that, right? Removes limitations that government can only use this information for cybersecurity purposes and allows it to be used to go after any other criminal activity as well. Obviously, this then creates tremendous incentives to push for greater and greater information collection, which clearly will be abused. We've just seen how the DEA has regularly abused its powers to collect info. You think agencies like the DEA and others won't make use of CISA too? Removes the requirement to "scrub" personal information unrelated to a cybersecurity threat before sharing that information. This was the key point that everyone kept making about why the information should go to DHS first -- where DHS would be in charge of this "scrub". The "scrub" process was a bit exaggerated in the first place, but it was at least something of a privacy protection. However, it appears that the final version being pushed removes the scrub requirement (along with the requirement to go to DHS) and instead leaves the question of scrubbing to the "discretion" of whichever agency gets the information. Guess how that's going to go?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Remember CISA ? The "Cybersecurity Information Sharing Act"? It's getting much, much worse, with Congress and the administration looking to ram it through -- in the process, dropping any pretense that it's not a surveillance bill.As you may recall, Congress and the White House have been pushing for a "cybersecurity" bill, for a few years now, that has never actually been a cybersecurity bill. Senator Ron Wyden was one of the only people in Congress willing to stand up and directly say what it was: "it's a surveillance bill by another name." And, by now, you should know that when Senator Wyden says that there's a secret interpretation of a bill that will increase surveillance and is at odds with the public's understanding of a bill, you should to listen. He's said so in the past and has been right... multiple times.Either way, a version of CISA passed the House a while back, with at leastelements of privacy protection included. Then, a few months ago it passed the Senate in a much weaker state. The two different versions need to be reconciled, and it's been worked on. However, as we noted recently, the intelligence community has basically taken over the process and more or less stripped out what few privacy protections there were.And the latest is that it's getting worse. Not only is Congress looking to include it in the end of year omnibus bill -- basically a "must pass" bill -- to make sure it gets passed, but it's clearly dropping all pretense that CISA isn't about surveillance. Here's what we're hearing from people involved in the latest negotiations. The latest version of CISA that they're looking to put into the omnibus:In short: while before Congress could at least pretend that CISA was about cybersecurity, rather than surveillance, in this mad dash to get it shoved through, they've dropped all pretense and have stripped every last privacy protection, expanded the scope of the bill, and made it quite clear that it's a very broad surveillance bill that can be widely used and abused by all parts of the government.There is stillhesitation by some as to whether or not this bill belongs in the omnibus bill, or if it should go through the regular process, with a debate and a full vote. So, now would be a good time to speak out, letting your elected officials and the White House know that (1) CISA should not be in the omnibus and (2) that we don't need another surveillance bill.In the meantime, if Congress were actually serious about cybersecurity, they'd be ramping up the acceptance and use of encryption, rather than trying to undermine it.

Filed Under: cisa, congress, cybersecurity, dhs, nsa, omnibus, surveillance