It seems the Republican leadership (which includes Sen. John Thune) hasn’t had much luck with their strategy of limiting debate on surveillance bills by pushing them through just before a recess. There was enough opposition to CISA prior to the Senate’s August recess, that they were forced to postpone a vote until September. Since then, I’ve come across a few interesting stories about how CISA may actually make cyber-security worse.
This article on an DOJ IG report, speculates that companies may be hesitant to share any information with the government because of concerns about how the personal information of customers might be used. CISA, after all, allows the information shared with the government to be used for purposes other than cyber-security.read more
Soon, the Senate will vote on a cyber-security bill called CISA. It’s a red herring. Senator Wyden of the Intelligence Committee called it a “surveillance bill by another name”. CISA proponents, including Senators Thune and Rounds, wrongly claim that CISA will protect computer networks through increased information sharing between companies and the government. But CISA wouldn’t have stopped any of the recent computer network breaches such as those at Sony or Target.read more
On June 11th, Congress passed the Massie-Lofgren admendment to the 2016 Defense Appropriations bill. From Rep. Massie’s press-release:
Under Section 702 of the FISA Amendments Act, Americans’ private data and communications – including emails, photos, and text messages – can be collected by intelligence agencies, provided that data or communication at some point crosses the border of the United States. Given the current fluid nature of electronic communications and data storage, in which corporate and private server farms store Americans’ data all over the world, this loophole could allow intelligence agencies access to a vast swath of communications and data without warrant protection. Intelligence officials have confirmed to Congress that law enforcement agencies actively search the content of this intercepted data without probable cause, and have used evidence gathered to assist in criminal prosecutions. Government agencies have also reportedly coerced individuals and organizations to build encryption “backdoors” into products or services for surveillance purposes, despite industry and cryptologist claims that this process is not technologically feasible without putting the data security of every individual using these services at risk. The Massie-Lofgren Amendment would prohibit funding for activities that exploit these “backdoors.”read more
When enacted, Section 215 of the Patriot Act allowed the government to collect tangible things such as documents, records, and papers to obtain foreign intelligence information not concerning a US citizen or to protect against international terrorism.
In 2006, Section 215 was set to expire. Congress renewed the provision, but not without changes. To prevent mass data collection on Americans, the provision was amended such that the Government’s order include “a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation.”read more
A coalition of 25 various organizations led by the Electronic Frontier Foundation (EFF) recently graded elected officials in Washington, D.C. on the extent to which they are pushing for real surveillance reform. From the coalition’s website:
We are calling on the United States government to:
Pass strong legislative reform to outlaw mass surveillance, including phone record surveillance and Internet surveillance. This must include a recognition of the privacy rights of non-US citizens.
Reform the FISA court, the secret court that signs off on the NSA’s secret surveillance. FISA court reform includes transparency into any significant or new legal interpretations made by court and ensuring a well-resourced public advocate is in place to argue for privacy rights within the court and seek further review.
Prohibit the NSA from undermining international encryption technologies and standards and hacking into technology companies.
Promote transparency, publish transparency reports, and also give companies rights to publish granular accounts about how companies cooperate with bulk surveillance efforts and the number of user accounts that are affected.
Congress hasn’t acted on all of these issues recently, so I’d think of it as more of a mid-term report card. The methodology for the report card can be seen at the coalition’s web site. The Senate hasn’t voted on any related measures, so neither Sen. Thune and Sen. Johnson were graded.read more
Rep. Noem voted “YES” to the Sensenbrenner-Massie-Lofgren Amendment to Department of Defense Appropriations Act, 2015. The measure passed with bi-partisan support (293-123). The amendment prohibits the use of funding for backdoor searches of Americans’ communications without a warrant. It also prohibits the use of funding for the NSA to mandate or request that private companies and organizations add backdoors to the encryption standards that are meant to keep you safe on the web. Here is the actual text of the amendment:read more
Much has been said about metadata since the revelation this year of a NSA (National Security Agency) program that collects the telephone metadata of every American.
Many in Congress believe that metadata collection is not surveillance because it does not include the content of telephone calls. The truth is that the NSA’s metadata collection programs and subsequent analysis are surveillance. And for ordinary Americans, it may be the greatest invasion of privacy we’ve ever experienced.
Metadata is the set of information that describes something else. For a cell phone call, it includes the name, number, time, duration, and location for both the sender and recipient.read more
The Amash-Conyers amendment to the 2014 Defense Appropriations Bill is the first legislative attempt to reign in the NSA’s bulk surveillance of Americans since the surveillance was first revealed in June. According to Wikipedia, the amendment:
“sought to bar the NSA and other agencies from using Section 215 of the Patriot Act to collect records”, thereby ending the mass surveillance of Americans. Instead, it permitted “the FISA court under Sec. 215 to order the production of records that pertain only to a person under investigation”.
would have permitted the continued use of business records and other “tangible things” if the data were “actually related to an authorized counter-terrorism investigation”.
would have required judicial oversight with “a substantive, statutory standard to apply to make sure the NSA does not violate Americans’ civil liberties”.
The amendment lost by a vote of 217 to 205 with each party split on the issue. I wrote to Rep. Noem regarding her vote, and in her response she stated that “while I believe the Amash amendment went too far, I am in full support of further safeguarding our right to privacy and clearly drawing the line for federal agencies at the doorstep of the Fourth Amendment to the Constitution.”read more