New CISA Law: Big Brother Writ Large or No Big Deal? [analysis]

cisa infographic what is cisa
Written by Jim Kelly

CISA was slipped inside an unrelated spending bill before Christmas and it passed. The new law gives the NSA renewed and broadened rights to surveil America. [analysis]

aNewDomain — For years now, lawmakers have been trying to pass laws that would make it inexpensive and risk-free for corporate America to share Americans’ personal info and online browsing, shopping and communications habits with the U.S. government and with each other.

But such proposed legislation, best known to millions of protesting Internet users as CISPA, SOPA and, later, CISA, seemed too controversial to ever pass. At one point two years ago, the Internet actually went dark over the prospect of one of the proposed legislations passing.

That all changed last week. As most of us were debating whether Hans Solo could or should die in “Star Wars” and ordering holiday gifts online, legislators in Washington took a version of the hotly debated Cyber Intelligence Sharing Act of 2015 and embedded it in a huge, 1.8 trillion dollar government spending bill at the last minute. It only needed to pass a committee vote, which it did, two days later.

And on Dec. 18, 2015, U.S. President Barack Obama, who said he’d veto similar legislation in 2011, 2012 and again in 2013 signed it into law.

Talk about a sucker punch. Like it or not, CISA is now the law of the land.

Opponents like Google, Facebook, Yelp and virtually every privacy advocacy group, liberal or conservative, say the law now gives the government an unprecedented ability and right to collect, without a warrant, personal information and data on every American’s online activities, from messaging to search history to buying habits and more. And they say it gives tech companies and others the incentive to share the data with the NSA, FBI and other law enforcement agencies because, under CISA, sharing such private information now ensures full liability protection and immunity from customer lawsuits relating to it.

Supporters, like reps from the U.S. Chamber of Commerce, say that’s just paranoid. The law wasn’t designed to give the NSA, the FBI or anyone else easier, broader access to Americans’ data, they say. It was supposed to help protect companies from hacking. Click here to see a list of “CISA Myths,” as published by the Chamber, and this, which attacks the group’s stance on how ineffective CISA actually will be to stop corporate hacking.

Companies who’d benefit most from such legislation have opposed CISA, however, including a long laundry list of technology companies. And the Department of Homeland Security has opposed it, in a letter in response to questions by Sen. Al Franken (D-Minn.), saying that the law sweeps aside various civil liberty and privacy protections.

One thing that’s certain: All this personal data — including identifiable details like your name, address and phone number, combined with detailed records of what you do online — can now legally be dispersed to some nine national and regional law enforcement agencies regardless of whether you have committed a crime.

“You had … much of Silicon Valley against this bill, privacy advocates and civil society groups against this bill,” said Mark Jaycox, analyst for the Electronic Frontier Foundation (EFF), the privacy watchdog group that has been working for years against bills like CISPA, SOPA and various renditions of CISA, including the one that just passed as law. “Our biggest takeaway is disappointment.”

How It Happened

In a late-night session of Congress, House Speaker Paul Ryan announced a new version of the omnibus bill. Turned out that this huge piece of financial legislation now included a version of CISA inside, a fusion that would certainly have incendiary debate around it, but also would sharply reduce odds of a White House veto as it concerns so much of the White House budget, according to analysts quoted in Wired reports just after it happened.

Rep. Jim Jordan (R-Ohio) made a last-minute attempt to cut it out of the spending bill with an amendment, but the amendment he offered up was voted down by the powerful Rules committee (9-2) and failed to get a floor vote.

“Ultimately this will be embarrassing for Congress,” said Nathan White, senior legislative manager at digital rights group Access Now. Zoe Logren (D-Calif.) was one of several Republican and Democratic lawmakers who told The Hill they’d vote against the omnibus rather than support it with CISA intact. She said:

“I just think it’s very troubling … the bill should not be in the omnibus. It’s a surveillance bill more than a cyber bill.”

The version that finally passed as part of the spending omnibus was decidedly weaker in terms of privacy protections, opponents said. Supporters have yet to comment on that score.

U.S. Chamber of Commerce: CISA Offers”Appropriate Privacy Protections”

Throughout the debate this year around CISA, the U.S. Chamber of Commerce and other supporters have steadily maintained that CISA carries “appropriate” privacy protections.

But in the course of CISA’s legislative debate in the Senate this fall, the Senate struck down a package of common sense privacy and transparency amendments one by one in October.

First, Senator Ron Wyden’s amendment was voted down that required companies to delete personally identifiable information prior to furnishing sensitive personal data to the government. Second, Senator Patrick Leahy’s amendment was voted down to prevent CISA from carving out a new exception to the Freedom of Information Act that would bar news organizations from enforcing the transparency laws to discover the types of information that corporations are furnishing the government.  

Historically, when the government sought information deeply secured in computer forensics from corporations, the Department of Justice requested the judiciary to sign off on a subpoena. In response, companies sought to quash the subpoenas on the usual basis of the government’s overbroad requests delving into “fishing expeditions” and violating state and federal privacy laws placing individuals, companies and the community at risk.  

But with the advent of the Patriot Act and continual terrorist threats, law enforcement agencies resorted to sending a “National Security Letter” to seek data and information in the absence of obtaining a court order which easily garnered corporate cooperation without further discussion.  

Without a substantial reason for requiring the data, however, the government should be prohibited from encroaching on the constitutional freedoms of Americans without wielding carte blanche authority to engage in invasion of privacy and civil rights abuses, and courts should review these requests.

Our cyber footprints and piles of data are continually growing. With growth comes fresh opportunities for a safer future equipping the authorities with ways and means to fight crime. However, to avoid possibilities for abuse and overreaching by government and corporations, comprehensive privacy laws should apply to everyone. 

Global Trends in Surveillance and Censorship

Meanwhile, an annual report of the human rights and democracy group, the U.S.-based non-profit Freedom House, recently announced an unprecedented expansion of censorship globally involving public interest issues and imposition of surveillance over the broadband Internet which continues to trample digital freedom of world citizens for the fifth year in row. Freedom House released these disturbing findings two weeks ago last Wednesday.

Since June 2014, 65 nations were evaluated in the assessment by the digital rights and democratic advocates group’s annual survey posted last week (10/29/15), “Freedom on the Net”, that showed 32 nations have deteriorated in Internet privacy and human rights freedom and transparency, including Libya, France — and Ukraine, which has been mired in a “territorial conflict and propaganda war with Russia.” 

In contrast to France’s historical revolutionary stands at the barricades against tyranny and monarchy, the terror-wounded nation witnessed the steepest decline following the terroristic campaign targeted against the satirical left-wing publication, Charlie Hebdo, in early 2014 with the passage of restrictions comparable to the U.S. Patriot Act, which carries a range of punishment from incarceration, probation, fines and penalties as well as the death penalty in the most extreme cases.  

According to Sanja Kelly, a project manager for Freedom on the Net, governments “are increasingly pressuring individuals and the private sector to take down or delete offending content, as opposed to relying on blocking and filtering.”

“They know that average users have become more technologically savvy and are often able to circumvent state-imposed blocks,” Kelly reported.  

Criticism of the governmental authorities, according to the report, was most probable to trigger censorship, and in 42 of the 65 countries private companies were compelled to restrict or delete online content. More than 61 percent of all broadband Intenet users have been targeted for online censorship in instances involving royalty, government and/or the military. More than 58 percent live in countries where bloggers or other Internet users were jailed for sharing content on social, political and religious issues. 

And several countries assumed stronger positions against online anonymity and encryption technologies this year. In 14 of the 65 countries, new laws were passed to increase and upgrade surveillance measures and restrict encryption and anonymity tools which have been valued globally as a matter of human rights. “Given the mounting concerns over government surveillance, companies and Internet users have taken up new tools to protect the privacy of their data and identity,” as noted in the report with attribution to U.N. Special Rapporteur David Kaye in May 2015. 

“Unfortunately, governments around the world have moved to limit encryption and undermine anonymity for all Internet users, often citing the use of these tools by terrorists and criminals. Such restrictions disproportionately threaten the lives and work of human rights activists, journalists, opposition political figures and members of ethnic, religious and sexual minorities,” the report stated.  

Edward Snowden Endorses Global Treaty To Curb Surveillance

Overall, new laws in 14 countries in the past year have expanded government surveillance, according to the report. Bucking the trend, in June the U.S. passed legislation that effectively bars the NSA’s controversial bulk collection of domestic phone metadata. The scheme was exposed by former NSA contractor Edward Snowden in 2013, who leaked thousands of documents within the vast secret U.S. surveillance program, including every phone call made by Americans. He landed in Russia in asylum after the U.S. revoked his passport, where he remains to this day. 

The passage of the new CISA law was reportedly regarded as an “incremental step” in the right direction of digital surveillance reform.  

Domestic digital espionage of regular citizens rises to the level of an international threat that can only be addressed in a proposed international treaty mandating that privacy is a basic human right, said Edward Snowden last Thursday at a New York City forum via video. “This is not a problem exclusive to the United States … This is a global problem that affects all of us,” Snowden, the former NSA systems analyst, stated in his remarks from Moscow via video link.  

“What’s happening here happens in France, it happens in the UK, it happens in every country, every place, to every person,” Snowden said. The most important question, he added, is “how do we assert what our rights are, traditionally and digitally?”  

The global advocacy group, Avaaz, organized the event to endorse the “Snowden Treaty,” calling upon nations to pledge to curb surveillance of telephone calls and online Internet activity, and also consent to grant asylum and safe harbor for those exposing illegal domestic espionage. This direct message is featured in a website calling for a declaration of the NSA surveillance programs as “a direct contravention of international human right law.” Further, the site calls out a declaration that “[p]rotecting the right to privacy is vital not just in itself but because it is an essential requirement for the exercise of freedom of opinion and expression, the most fundamental pillars of democracy.”  

The forum coincided with the United Nations General Assembly. 

Diplomats in some countries reportedly have expressed an interest in a draft of the treaty. Meanwhile, the European Parliament (EU) officially declared Edward Snowden an “international human rights defender,” and urged that EU member states drop any criminal charges against Snowden with guarantees of not extraditing him to the U.S., which has charges pending against him.  

The resolution marks a tremendous moment of international support for Snowden and described by EU Civil Liberties Committee chair Claude Moraes as the Parliament’s “most comprehensive investigation completed to date.”  

According to the critically-acclaimed recent graphic biography by my colleague, the Pulitzer nominated political commentator Ted Rall, the pronouncement of support for Snowden finally marks the international recognition of Snowden’s courageous revelation of the NSA’s sneaky and corrupt surveillance practices.  

Stay tuned.

Here’s a letter from the Department of Homeland Security that essentially withdrew the agency’s support of CISA.

White House CISA Document Priorities, a leaked government doc as published by Reuters:

Summary administration priorities for CISA by Dustin Volz

For aNewDomain, I’m Jim Kelly.

Cover image: stopcyberspying.com