How The NSA's 'Cybersecurity' Surveillance Should Completely Change The Debate On Cybersecurity Bills

from the they're-about-surveillance dept

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

For quite some time now, we've been warning about the government's questionable attempts to pass "cybersecurity" bills that focus on "information sharing" with names like CISA and CISPA . Defenders of these bills insist that they're "just voluntary" and are necessary because it would enable private companies to share threat information with the US government, so that the US government could help stop attacks. Of course, we've been asking for years (1) why, if this is so useful, companies can't already share this information and (2) what attacks these bills would have actually stopped? No one ever seems to have any answers.Defenders of the bill also insist that there really shouldn't be any privacy concerns because companies can just hand over the limited information on the attacks, not any personal user info. However, with the recent revelations from Pro Publica and the NY Times (via Snowden documents) about how the NSA uses "cyber signatures" in sniffing through the upstream collection (i.e., sniffing throughinternet traffic by tapping into fiber backbones) computer security expert Jonathan Mayer notes that this completely changes the equation on just how bad these "information sharing" cybersecurity bills really are.Before it was known that the NSA could do this, the argument was that sharing details of a cybersecurity threat would just lead to DHS and NSA taking that "threat" information, and then seeing if it can help figure out ways to prevent the threat., now that we know the NSA can sniff the entire upstream collection using such "cyber signatures" and then is allowed towhatever it finds ascollection, this becomes very clearly a surveillance bill -- just as Senator Ron Wyden warned That's because the new documents make it clear that the NSA not only wants to search based on these broad "cyber signatures" but then claims it gets to keep that data and can search through whatever it collects. These are the infamous "backdoor searches" that Senator Wyden has been warning about for ages.So, these "information sharing" bills don't just give the NSA access to private information from companies, butgive the NSA the "cyber signatures" it needs to then snarf up a ton of other private information that it has long wanted access to. This is why closing the "backdoor search" loophole is so important as well -- and not letting any of these "information sharing" bills pass is also of utmost importance.Oh, and one other sneaky thing in all of this that Mayer highlights: defenders of these information sharing bills insist that they're not surveillance bills because, as Rep. Adam Schiff noted: "this bill makes clear in black and white legislative text that nothing authorizes government surveillance in this act." But, as Mayer points outbecause the governmentit needs, under the secret program that was just revealed. What the information sharing does isby making it easier for the NSA to collect the information it then can slide into the program in order to snarf up much more important private information.

Filed Under: cisa, cispa, cybersecurity, information sharing, jonathan mayer, nsa, surveillance