/ Trevor Timm / 1 pm Tue, Apr 21 2015
  • Submit
  • About Us
  • Contact Us
  • Advertise here
  • Forums
  • US Congress to vote on 'cybersecurity' bills that are basically surveillance bills in disguise

    US Congress to vote on 'cybersecurity' bills that are basically surveillance bills in disguise

    Congress is expected to vote on two 'cybersecurity' bills sometime in the next week that are essentially surveillance bills in disguise. Trevor Timm writes in this editorial, cross-posted on the Freedom of the Press blog, about how they affect journalists and whistleblowers.

    Along with dozens of other civil liberties organizations, Freedom of the Press Foundation has signed on to two letters strongly opposing the dangerous “cybersecurity” bills making their way through Congress and expected to be voted on sometime in the next week.

    The bills are little more than new surveillance powers wrapped in a cheap disguise, and you can read the full letters that describe the bill’s deficiencies here and here.

    If passed, the bills will adversely affect all Americans’ privacy, but they have particularly critical consequences for journalists and whistleblowers, so we wanted to highlight those concerns that the letters did not fully cover.

    First, as Politico’s Josh Gerstein reported on Monday, the bills “could create the first brand-new exemption to the Freedom of Information Act in nearly half a century.” The bills aim to allow private companies to share large swaths of private information with the government with no legal process whatsoever, essentially carving a giant hole in the country’s myriad privacy laws. But worse, the proposed FOIA exemption would prevent the public from ever being able to find out what type or amount of information these companies handed over.

    Gerstein explains the multiple ways the bills attempts to cut off transparency and accountability:

    A bill approved by the Senate Intelligence Committee last month would add a new tenth exemption to FOIA, covering all "information shared with or provided to the Federal Government" under the new measure.

    Another provision in the legislation would require that "cyber threat indicators and defensive measures" which companies or individuals share with the federal government be "withheld, without discretion, from the public." The Senate bill, which is expected to come to the floor soon, also seeks to shut off any access to that information under state or local freedom of information laws.

    There are extremely troubling parts of the bill relating to whistleblowers and journalistic sources as well. Dozens of organizations protested a variety of draconian provisions last year in a letter to Congress, and while some whistleblower protections have been added, as Open the Government described a couple months ago, the bill still has huge problems:

    [T]he bill still allows cybersecurity information to be used to investigate and prosecute whistleblowers or journalists under the Espionage Act. As the Sunshine in Government Initiative noted last summer, CISA’s broad definitions “would grant the federal government the authority to engage in the warrantless collection of journalists’ communications records…if the government deems the journalists, or the confidential sources they work with, ‘security vulnerabilities’ or ‘cybersecurity threats’ potentially ‘adversely impacting’ the confidentiality of information stored on government computers."

    As Stanford’s Director of Civil Liberties Jennifer Granick wrote at Just Security last week, there are narrow ways of sharing information that can improve cybersecurity that don’t involve handing over everyone’s personal information. These bills, on the other hand, will only open the door to more mass surveillance. To protect the security of journalists, sources, and all Americans, we need stronger privacy laws, not more loopholes.

    Dangerous 'cybersecurity' bills going through Congress threaten the rights of journalists and whistleblowers [freedom.press]

    / / 5 COMMENTS

    Notable Replies

    1. The bills aim to allow private companies to share large swaths of private information with the government with no legal process whatsoever... [and] prevent the public from ever being able to find out what type or amount of information these companies handed over.

      I wonder if corporations realize those privacy policies don't just protect the unwashed. They also buttress public trust in corporations themselves. Companies used to see public trust as a valuable asset, and this law would simply abolish it. The only reasonable response would be for us all to assume companies are hostile government agents. Does Google want that? Does Apple?

    2. "The bills aim to allow private companies..."

      Uh, no. The bills aim to create a system in which government can coerce private companies into "voluntarily" producing this information. Like the security theatre that are the FISA Court and Security Letters, these laws allow the government to set up a system that would allow them to do what the Constitution and its Bill of Rights would otherwise forbid. By making the disclosure "voluntary", there is no violation. Like with Security Letters, for which there is no provision in the Constitution or previously established precedent, companies will be threatened with legal expenses and other potential sanctions and adverse consequences if they don't comply. Likely, it will not be until the cost of compliance - due to consumer backlash- is greater than the cost of non-compliance that companies will stand up to this. With the U.S. Government one of the biggest, if not biggest, single payor in the private market domestically, that time may be far off. And, of course, the government has a number of other "pressure points" it can use. What we have allowed is the creation of a system where compliance with government demands is legally "voluntary", without being voluntary at all.

    Continue the discussion bbs.boingboing.net

    3 more replies

    Participants