Less than two weeks after Congress was forced into passing historic NSA reform, the Senate tried Thursday to sneak a dangerous “cybersecurity” proposal, which would exponentially expand the spy agency’s power to gather data on Americans, into a massive defense-spending bill. The amendment thankfully failed, but it will be back – possibly within days – and it may require a huge grassroots effort to stop its passage.
Senate Majority Leader Mitch McConnell wanted to attach the Cybersecurity Information Sharing Act (Cisa) to the defense bill in order to push through the controversial measure while avoiding a large public debate about it. But he just missed getting the 60 votes required to move the amendment forward.
Cisa, which supporters have euphemistically labeled “info-sharing” legislation, essentially carves a giant hole in our privacy laws to allow tech companies like Google and Facebook to hand over our private data to the government with no legal process whatsoever. The bill is a disaster for transparency too: it contains what would be the first exemption to the Freedom of Information Act in 50 years, which could allow corporations to hide all sorts of information from public view that have nothing to do with cybersecurity.
But the bill has an even darker, more dangerous element that’s only come to the fore in the last couple weeks, even though the legislation has been kicked around for a few years.
In a little-reported speech on the Senate floor on Thursday, Oregon Democrat Ron Wyden issued an ominous warning to the public about the so-called “cybersecurity” bill, which he has called a “surveillance bill by another name” on multiple occasions. He warned every senator not to vote on the bill without reading a secret Justice Department memo interpreting the government’s existing legal authorities.
“This opinion remains classified,” he said, and “the senate rules prohibit me from describing it in detail. But, he said, “I believe any senator who votes for this legislation, without reading this secret Justice Department legal opinion I have referred to, is voting without a full understanding of the relevant legal landscape.” (Members of the Senate have security clearances that allow them to read at least some Justice Department memos.) It’s a legal opinion that Wyden has previously asked the Justice Department to withdraw, but so far they have ignored him.
Wyden, who sits on the intelligence committee and has more access to classified information than most senators, has been proven right constantly in the last two years after issuing similar warnings. It was Wyden who first revealed that the US government was secretly reinterpreting the Patriot Act in 2011 (and we found just how bad it was two years later from Edward Snowden). And it was Wyden’s question to Director of National Intelligence James Clapper that caught Clapper in a blatant lie to Congress. Wyden asked Clapper if the NSA was collecting data on millions of Americans, leading to Clapper’s now-notorious answer: “No, not wittingly.”
All of this is happening as the backdrop of yet another important Snowden story, published by the New York Times and ProPublica, which details the NSA’s secret expansion of warrantless surveillance of internet traffic flowing into and out of the United States in an alleged search for hackers. The Times details how the attorney general unilaterally expanded the NSA’s power in some instances and went to the secret Fisa court to get approval for others, all without ever debating the expansion in public.
In effect, and even without passing the Cisa bill that McConnell wants, the NSA and FBI are already tapping the internet backbone in secret to conduct “cybersecurity” investigations that sweep up a lot of American communications. And now they want a law that encourages companies to hand over even more data to them. As computer scientist Jonathan Mayer compellingly wrote last week, given what we now know the NSA is doing thanks to the New York Times story, the “info-sharing” law could be used in an underhanded way for them to exponentially increase the amount of data they can collect.
And even if the companies only think they are handing over a small portion of information, the NSA can use that information to vacuum up exponentially more private information of Americans through its wiretapping program. It would become a “surveillance dividend for the agency,” Mayer wrote.
The bill will be increasingly public, most notably because of the devastating hack of government security clearance information of millions of people that the Obama administration revealed last week. But the bill wouldn’t have done anything at all that hack, but that hasn’t stopped many Senators referencing it as a reason to pass it. Journalist Marcy Wheeler suggested that headlines lamenting the bill’s failure should be changed to: “Congress responds to devastating hack by pushing bill that wouldn’t help.”
Certainly there are ways the US can improve cybersecurity, including encouraging the ubiquitous use of encryption. Unfortunately the government continues to ignore those solutions or worse, and instead have decided this just another opportunity to expand its surveillance.
