Meet CISA, A De Facto Cyber Patriot Act

By Lucian Armasu
published

The final changes to the so called “cybersecurity bill” say that the data shared by companies, which can now include personally identifiable information and be shared directly with the NSA, can also be used for surveillance activities and to chase down other types of crimes, pointing to a sort of cyber Patriot Act.

House Speaker Paul Ryan managed to push CISA into the “omnibus” budget bill, but not before Congress stripped out all of its privacy protections and turned it from what was originally meant to be a cybersecurity bill into a de facto surveillance bill. When the final version of the “cybersecurity” bill was being merged from multiple similar bills, Congress removed the few privacy protections the Senate version had when it received the necessary votes to pass.

Initially, the CISA bill required that the data that is shared with the government by private companies must first pass through DHS, a civil agency, to strip personally identifiable information before the NSA would get the data.

The cybersecurity bill was supposed to force companies to share "cyber threat data," not personal information. Now, this requirement has been removed from the final bill, and companies can be forced to share the data directly with the NSA or the Department of Defense. Scrubbing the data of personal information is also "at the discretion of the agency," which could mean it will happen much less often now.

The final version of this new bill also removes the prohibition of using this data for "surveillance" activities. It removes the restriction of using the data for "cyber crimes" and now includes "other crimes," as well. It's reminiscent of the Patriot Act and National Security Letters, which were initially being promoted as solutions to stop terrorists, but ended up being used mainly for drug crimes.

This "cybersecurity" bill could now end up being a next-generation "cyber Patriot Act" that further expands the NSA’s surveillance powers, just two-and-a-half years after Snowden’s revelations exposed the mass surveillance being conducted by the NSA.

The bill now also offers complete liability protection for the companies sharing this data, even if the companies are guilty of "gross negligence and willful misconduct." This isn’t unlike the immunity that telecom companies got in 2008 in the FISA Amendments Act, which was extended in 2012 for another five years after pressure from President Obama and Dianne Feinstein, who was then the Chairman of the Senate Intelligence Committee.

That immunity law made the telecoms great partners to the NSA, because now they could comply with any request the NSA was making, without worrying about any privacy laws or a proper warrant from a judge. The new cyber Patriot Act could have the same effect on tech companies, who may be fighting for user privacy now, but they may not be so inclined to do it after they receive complete immunity for sharing large amounts of user data with the government.

Evan Greer, the campaign director of Fight for the Future, one of the main digital rights groups fighting against CISA, said the following about the latest changes:

“It’s not surprising at all that Congressional leadership wants to use a sneaky loophole to rush this cyberspying bill through without any real transparency or debate on the final text. In the last week, they’ve dropped all pretenses that this is bill to improve security.”“Gutting the already insufficient civil liberties protections that the bill offered has made it clear that this is a mass incarceration bill that will empower the government to prosecute and jail people using the data they collect from companies through this program for a wide range of offenses that have nothing to do with cybersecurity or terrorism.”

He also called on President Obama, who has already promised in the past to stop any cybersecurity bill that doesn’t have strong privacy protections, to veto the bill.

“Now is when we’ll find out whether President Obama really cares about the Internet and freedom of speech, or whether he’s happy to roll over and allow technologically illiterate members of Congress [to] break the Internet in the name of cybersecurity. This administration promised to veto any information sharing bill that did not adequately protect Internet users’ privacy, and the final version of this bill doesn’t even come close. It’s time for President Obama to deliver on his word,” added Greer.

Update, 12/16/15, 9:45am PT: Senator Ron Wyden, who is a member of the Senate Intelligence Committee and has called CISA a "surveillance bill by another name" in the past, issued a statement on the latest, "worse" version of the bill as well:

“This ‘cybersecurity’ bill was a bad bill when it passed the Senate and it is an even worse bill today. Americans deserve policies that protect both their security and their liberty. This bill fails on both counts. Cybersecurity experts say CISA will do little to prevent major hacks and privacy advocates know that this bill lacks real, meaningful privacy protections,” said Wyden.

______________________________________________________________________

Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.

You can follow him at @lucian_armasu. Follow us on Facebook, Google+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
Topics
Security
6 Comments Comment from the forums
  • Ryan Preciado Allen
    As always, another attempt by the government (behind them big bankers) to control everything we see and do. Big Brother will come up short on what our public elected officials have in plan for us. Orwell must be turning in his grave.

    "Freedom of speech is a principal pillar of a free government; when this support is taken away, the constitution of a free society is dissolved, and tyranny is erected on its ruins. Republics and limited monarchies derive their strength and vigor from a popular examination into the action of the magistrates." -Benjamin Franklin

    "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -Benjamin Franklin

    "Rebellion to tyrants is obedience to God." -Benjamin Franklin

    Reply
  • TechyInAZ
    17138674 said:
    As always, another attempt by the government (behind them big bankers) to control everything we see and do. Big Brother will come up short on what our public elected officials have in plan for us. Orwell must be turning in his grave.

    "Freedom of speech is a principal pillar of a free government; when this support is taken away, the constitution of a free society is dissolved, and tyranny is erected on its ruins. Republics and limited monarchies derive their strength and vigor from a popular examination into the action of the magistrates." -Benjamin Franklin

    "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -Benjamin Franklin

    "Rebellion to tyrants is obedience to God." -Benjamin Franklin

    Agreed.
    Reply
  • FinneousPJ
    Nice going USA
    Reply
  • Adilaris
    I think every time they try to call it a "cybersecurity" bill, they should be legally required to be punched in the mouth.
    It is anything but.
    Reply
  • f-14
    it's time for the teeth to be used on these seditious conspirators.
    we have the right to throw out all the traitors voting yes to this stuff and stick them in a dark hole in a prison for 20 years, from president, supreme court judges and congressmen and to the employees of the government breaking the law which includes any cops secret service fbi or other agency.

    "That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security."
    http://www.archives.gov/exhibits/charters/declaration_transcript.html

    Article. VI.
    "All Debts contracted and Engagements entered into, before the Adoption of this Constitution, shall be as valid against the United States under this Constitution, as under the Confederation.

    This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.

    The Senators and Representatives before mentioned, and the Members of the several State Legislatures, and all executive and judicial Officers, both of the United States and of the several States, shall be bound by Oath or Affirmation, to support this Constitution; but no religious Test shall ever be required as a Qualification to any Office or public Trust under the United States."

    Article III.
    Section. 1.
    "..... The Judges, both of the supreme and inferior Courts, shall hold their Offices during good Behaviour, ......."

    Article. II
    Section. 4.
    "The President, Vice President and all civil Officers of the United States, shall be removed from Office on Impeachment for, and Conviction of, Treason, Bribery, or other high Crimes and Misdemeanors."
    http://www.archives.gov/exhibits/charters/constitution_transcript.html

    U.S. Code › Title 18 › Part I › Chapter 115 › § 2384
    18 U.S. Code § 2384 - Seditious conspiracy
    If two or more persons in any State or Territory, or in any place subject to the jurisdiction of the United States, conspire to overthrow, put down, or to destroy by force the Government of the United States, or to levy war against them, or to oppose by force the authority thereof, or by force to prevent, hinder, or delay the execution of any law of the United States, or by force to seize, take, or possess any property of the United States contrary to the authority thereof, they shall each be fined under this title or imprisoned not more than twenty years, or both.
    (June 25, 1948, ch. 645, 62 Stat. 808; July 24, 1956, ch. 678, §?1, 70 Stat. 623; Pub. L. 103–322, title XXXIII, §?330016(1)(N), Sept. 13, 1994, 108 Stat. 2148.)
    https://www.law.cornell.edu/uscode/text/18/2384

    we have the right to enforce the supreme laws of the land upon all government employees
    Amendment IX
    The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

    Amendment X
    The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
    http://www.archives.gov/exhibits/charters/bill_of_rights_transcript.html

    80+years of mass multiple felony violations of these rights and supreme laws of the land have gone on for too frequently and far to long.
    Reply
  • Red Flag Target
    This is just the tip of the iceberg. DHS, NSA, FBI (DITU - Data Intercept Technology Unit & OTD - Operational Technology Division) are engaged on a "data-rape" spree against innocent Americans.

    "Meta-Data" collection discussion is a diversion; propaganda to detract attention away from what is really being done.

    These agencies are operating by the tenets established by GCHQ/JTRIG in the UK: Deny, Deceive, Degrade, Disrupt, and Destroy.

    They include cyber-harassment, data theft and interception of ALL of your communications. Think they go to a judge to get a court order or to pull a warrant for cyber-harassment and the hacking of every on-line account you access? LOL. Guess again.

    In some cases, in order to provide for plausible deniability, they outsource their illegal work to James Bimen and Associates in Fairfax, Virginia. The software the agencies and the companies they outsource to is developed by HT Srl (HackingTeam) and Cicom - both based in Baltimore, Maryland.

    HackingTeam is on record for selling software and technology to countries which oppress and kill their dissidents - and if it is illegal to sell weapons to these countries, why are they allowed to sell weaponized software to the same authoritarian regimes?

    The agencies - pass along personally identifying information (PII), supposedly protected by the Privacy Act, to local and state law enforcement, for them to monitor "targets" as well.

    Who is a target you might wonder? Veterans, activists, LGBT community members, gun owners, NRA members, investigative journalists, politically outspoken individuals, Tea Party members, conservatives, etc. The list goes on.

    Targets of these illegal cyber-operations are also harassed on the street-level by InfraGard, the FBI's "civilian" branch, which also has access to all of the stolen PII (once again - without a warrant), and uses it against "targets" (aka "domestic threats") in operations modeled after East Germany's Stasi (look up "Zersetzung").

    This latest "data collection program" should be named "The Privacy Rape Program," and this latest expansion of their illegal powers will certainly be utilized to augment the scope of their unconstitutional activities.

    They have no oversight and are intent on destroying the lives of anyone who they have decided poses a "potential domestic threat." These activities - and this latest legislation - is simply an extension of the counter-intelligence program (COINTELPRO) which was brought to light in the 1970's by the Church Committee.

    The program was never discontinued, it was simply renamed, buried beneath layers of secrecy, and is even more intrusive and unconstitutional due to the rapid advancement of technology, which most Americans (or judges) don't even know exists.
    Reply