– Paul Ryan Sneaks Massive Surveillance Bill Into $1.1 Trillion Must Pass Spending Legislation:
On Friday, Congress will vote on a mutated version of security threat sharing legislation that had previously passed through the House and Senate. These earlier versions would have permitted private companies to share with the federal government categories of data related to computer security threat signatures. Companies that did so would also receive legal immunity from liability under the Electronic Communications Privacy Act (ECPA) and other privacy laws. Today’s language, renamed the Cybersecurity Act of 2015 (Division N of the omnibus budget bill) mostly assembles the worst parts of the earlier bills to threaten privacy even further.
We have about two days to figure out what this so-called Cybersecurity Act (OmniCISA) means for consumer privacy in the US. That unfortunate timing is thanks to Speaker Paul Ryan’s decision to include language announced at 2am this morning as part of a must-pass spending bill scheduled for a vote Friday.
– From Jennifer Granick’s article: OmniCISA Pits DHS Against the FCC and FTC on User Privacy
I know it’s hard to believe, but yes, Paul Ryan is indeed far worse than John Boehner. The fact that Republican members of Congress chose to make him Speaker of the House tells you all you need to know about the true nature of the GOP and who they really work for (it’s not you). After all, Paul Ryan’s public record speaks for itself. He voted for the banker bailouts as well as the Iraq War. He’s a very well behaved little status quo puppet.
Moving along, what Mr. Ryan just did to intentionally target the 4th Amendment rights of American citizens could be described as treasonous. A move which exemplifies the complete and total disrespect he harbors toward the people he claims to represent. For a bit of context, let’s turn to a post published here last week which unfortunately failed to get much traction titled, Paul Ryan is Aggressively Lobbying to Pass “Frankenstein” CISA Spy Bill Through Congress. In it, we warned:
Republican House speaker Paul Ryan has been leading the charge to push through legislation and reconcile two bills, the Protecting Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement with the Cybersecurity Information Sharing Act of 2015 (Cisa), a controversial bill that passed a Senate vote in October.
The speed with which Ryan is trying to push through a compromise has worried privacy activists. “We’ve just learned that the Intelligence Committees are trying to pull a fast one,” Nathan White, senior legislative manager at digital rights advocate Access, said in a recent email to supporters. “They’ve been negotiating in secret and came up with a Frankenstein bill – that has some of the worst parts from both the House and the Senate versions.”
Now we know why he was in such a rush. Rather than allow a bill with such tremendous implications for privacy and civil liberties to be debated on its own merits, Paul Ryan figured it would be a great idea to add it to a “must pass” 2,000 page, $1.1 trillion Omnibus spending bill, which is precisely what he did Wednesday morning at 2am.
The National Journal reports in today’s article, Controversial Cybersecurity Bill Poised to Pass in Massive Spending Package:
After years of debate and maneuvering, a major cybersecurity bill is finally on the fast track to approval after lawmakers attached it to a $1.1 trillion government spending package early Wednesday morning.
Think about that for a moment. A controversial surveillance bill that has been debated “for years” is simply snuck into a $1.1 trillion spending package at the last minute. Please explain to me how this can be seen as anything remotely resembling representative democracy?
While business groups and national security hawks are cheering the news, it’s a major blow to privacy advocates, who fear the measure will funnel more of Americans’ personal information into the hands of the National Security Agency.
This paragraph explains why it was snuck in so shadily, and who Paul Ryan really works for. He works for big business and the national security state. He doesn’t think twice about what’s best for the American people.
The legislation, now called the Cybersecurity Act of 2015, would encourage companies to share information about computer viruses and other cybersecurity threats with each other and the government. The bill would shield companies from lawsuits by their users for giving private information to the government as part of the program.
Civil-liberties groups warn the latest version of the measure has been stripped of some of the most significant privacy protections, transforming it into a surveillance bill.
“Instead of passing reforms that would have stopped the Anthem or [Office of Personnel Management] hack, Congress has chosen to advance legislation that places the privacy of Americans in further peril,” Neema Singh Guliani, a legislative counsel for the American Civil Liberties Union, said in a statement. “It would wrongly allow companies to share larger amounts of consumer information with government agencies, potentially including the NSA. This information could be used for criminal prosecutions unrelated to cybersecurity.”
Indeed, that’s exactly what it will do…
Although the bill would bar the NSA from directly receiving the data from the private sector, it would instruct the Homeland Security Department to share the information it receives with other “relevant federal entities,” which privacy advocates note could include the NSA or FBI. Lawmakers removed previous language that would have required that the government only use the data for “cybersecurity purposes,” which has privacy advocates worried that the data could find its way into criminal prosecutions.
The legislation could receive votes in the House and Senate as early as Friday.
Both chambers have already approved varying versions of the cybersecurity bill earlier this year. The White House had threatened to veto similar bills in 2012 and 2013, saying they lacked adequate privacy safeguards. But President Obama is expected to sign the legislation this time as part of the omnibus spending package if it reaches his desk.
“We are pleased that the Omnibus includes cybersecurity information sharing legislation,” a senior administration official said in an emailed statement. “The President has long called on Congress to pass cybersecurity information sharing legislation that will help the private sector and government share more cyber threat information by providing for targeted liability protections while carefully safeguarding privacy, confidentiality, and civil liberties.”
What unbelievable sham theater all of this is. So President Obama “threatened to veto” previous versions, but now that an even more shady bill is set to appear on his desk, he suddenly welcomes it. Works perfectly for him, since he can’t be expected to veto a $1.1 trillion spending bill, can he? The willingness of the U.S. government to sell out its own people should never be underestimated.
Moving along, for some details on how bad this CISA sneak attack really is, let’s turn to an article published yesterday by Jennifer Granick, the Director of Civil Liberties at the Stanford Center for Internet and Society.
From JustSecurity:
On Friday, Congress will vote on a mutated version of security threat sharing legislation that had previously passed through the House and Senate. These earlier versions would have permitted private companies to share with the federal government categories of data related to computer security threat signatures. Companies that did so would also receive legal immunity from liability under the Electronic Communications Privacy Act (ECPA) and other privacy laws. Today’s language, renamed the Cybersecurity Act of 2015 (Division N of the omnibus budget bill) mostly assembles the worst parts of the earlier bills to threaten privacy even further.
Yes, Congress really is sneaking in a bill that gives companies immunity for spying on their own customers and the Obama Administration is applauding the move. As George Carlin noted:
The word bipartisan means some larger-than-usual deception is being carried out.
Now back to Granick…
We have about two days to figure out what this so-called Cybersecurity Act (OmniCISA) means for consumer privacy in the US. That unfortunate timing is thanks to Speaker Paul Ryan’s decision to include language announced at 2am this morning as part of a must-pass spending bill scheduled for a vote Friday.
It appears that OmniCISA is trying to stake out a category of ISP monitoring that the FCC and FTC can’t touch, regardless of its privacy impact on Americans.
This section of OmniCISA would not only interfere with future privacy regulations, it limits the few privacy rules we currently have.
The essence of CISA and OmniCISA is to allow private entities to give the federal government categories of data that could be called cyber threat information in exchange for legal immunity for sharing that information, even if it includes private personal information. I’ve written here that a good information sharing bill should be clear about what types of information we are talking about sharing in the name of enhanced security practices. Vulnerability information means software flaws, virus signatures, threat signatures and the like. Security experts agree that private data, the kind protected by ECPA and other privacy laws, is only rarely needed for such reports. Nevertheless, OmniCISA would allow for sharing personally identifiable information by default and gives companies that share liability protection even if there’s no need to share the private data.
Information sharing, generally a good thing, is nevertheless is not going to make a huge cybersecurity difference. Security experts and a bi-partisan coalition of privacy groups told Congress that we don’t need to waive communications privacy laws — as OmniCISA does — to promote sharing of threat signatures. So why are we sacrificing even more American privacy on this altar? It’s amazing that, given all we are learning about government surveillance, Congress will actually vote to expand the federal government’s capacity to obtain personal data from private companies without court order.
Finally, here’s what one of the organizations on the front lines of the fight against unconstitutional government surveillance, Fight for the Future, had to say about Paul Ryan’s CISA move:
After several delays due to widespread outcry over privacy and civil liberties concerns, Speaker of the House Paul Ryan has successfully exploited a loophole in congressional process to include the final version of a controversial cyber bill in the must-pass “omnibus” budget bill unveiled late Tuesday night.
This puts the controversial legislation on the path to a vote without meaningful transparency or debate on the final text, which has been significantly altered in secret negotiations and stripped of nearly all privacy protections.
“It’s clear now that this bill was never intended to prevent cyber attacks,” said Evan Greer, campaign director of Fight for the Future, “it’s a disingenuous attempt to quietly expand the U.S. government’s surveillance programs, and it will inevitably lead to law enforcement agencies using the data they collect from companies through this program to investigate, prosecute, and incarcerate more people, deepening injustices in our society while failing to improve security.”
Traitors.
For related articles, see:
Paul Ryan is Aggressively Lobbying to Pass “Frankenstein” CISA Spy Bill Through Congress
Meet CISA – Dianne Feinstein’s Latest Attack on Privacy, Civil Liberties and the Internet
Facebook Caught Secretly Lobbying for Privacy Destroying “Cyber Security” Bill
Business as Usual – Paul Ryan Pushes Through Multiple Wall Street Giveaways in the Highway Bill
Paul Ryan Channels Pelosi on the TPP – You Have to Pass Obamatrade to See What’s in Obamatrade
In Liberty,
Michael Krieger