Article Lead Image

Lisa Plummer/Flickr (CC BY SA 2.0)

This new cyber surveillance legislation should worry all Americans

Yes, you really are getting pwned.


Nathan White

Internet Culture

Congress is considering the omnibus bill, a $1.1 trillion spending bill meant to fund government operations through the Obama administration’s last fiscal year. Because an omnibus bill is so large, and because it is essentially guaranteed to become law, it’s a very good place to hide controversial legislation that you don’t want people paying attention to. And that is exactly what is happening with a cyber surveillance bill that has been reanimated and hidden in the omnibus under the new (and misleading) name, the Cyber Security Act of 2015.

Yes, you really are getting pwned, and the leaders of the intelligence committees, the Speaker of the House, and even the president have all signed off on the plan.

Cyber information sharing is an old idea that seemed like low-hanging fruit when it was first proposed in 2013 in a law known as CISPA (Cyber Intelligence Sharing and Protection Act). However, we quickly learned that it is very difficult to “encourage” companies to share more information while also protecting the privacy of individuals and keeping incentives for corporations to secure their own networks. Under close scrutiny from technologists, it became clear that CISPA would do little–if anything–to increase cybersecurity, but it would create a new surveillance program that would impact the privacy rights of hundreds of millions of people. Two years ago, the Obama administration issued a veto threat over CISPA with these same objections (the law was re-introduced the next year, and the administration issued a second veto threat for that version as well).

While most of the world has moved on to more helpful ways to promote cybersecurity, the intelligence community has continued to push for information sharing–largely because of the surveillance applications of sharing information with the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI). They’ve been supported by this endeavor by large corporations who will benefit from liability protections and relief from the pressures of actually improving their networks. Many members of Congress have gone along with this powerful coalition because of an intense pressure to do “something” about cybersecurity.

After years of struggling, promising, and threatening, the intelligence community finally got bills through both the House and the Senate in 2015. The problem they faced was reconciling these dramatically different bills in an election year without any political “upside” for either party. If the process failed, it would be embarrassing for the bill’s sponsors. Sen. Richard Burr (R-N.C.) asked his colleagues to vote against popular amendments, saying even “simple tweaks” threatened to derail the negotiated bill. And the more the intelligence committees pushed, the more abundantly obvious it became to even casual observers that the bill has little to do with cybersecurity.

Instead of playing by the rules, they pulled a quarterback sneak. In secret, they negotiated a Frankenstein bill with the worst parts of each bill and convinced House Speaker Paul Ryan to betray his own principles by including it in the omnibus. Worse, they changed the supposedly “carefully negotiated” bill in secret, to remove the last vestiges of any privacy protection, despite promising colleagues in public that they had made changes to address the concerns of privacy-minded senators. Sadly–and despite the protestations of civil society and many members of Congress–leadership agreed to this ploy.

This is a major victory for the intelligence community, but it’s a victory they’ll come to regret. 

The play was called by the leaders of the intelligence committees, and it was executed flawlessly. They even convinced the White House to sign off on the agreement, a sad disappointment from an administration that demonstrated principled leadership just two years ago. The White House capitulated without engagement at every step of the process and agreed to sign the secretly negotiated new CISPA before anyone could object. The White House’s goal has changed from a principled effort to improve cybersecurity and respect our rights to a desperate attempt to add a “victory” before leaving office.

If you’re angry, you should be. Congress is betraying its process. Speaker Ryan is betraying his publicly stated principles. President Barack Obama is betraying his own record–all to pass a cyber surveillance bill that undermines your rights while rewarding companies for failing to protect your data. There are some bright stars: Members of Congress like Representatives Zoe Lofgren (D-Calif.), Justin Amash (R-Mich.), John Conyers (D-Mich.), Blake Farenthold (R-Texas), and Jared Polis (D-Colo.) are staging a rebellion to fight back against CISPA’s inclusion in the omnibus bill. But Ryan’s allies have already defeated one legislative maneuver, and Obama has signaled he’ll sign the bill.     

We now expect the bill to become a law, which will be a sad day for our rights and for the future relationships between technology companies, civil society, Congress, and the intelligence community. We expect better from civil servants. We expect better from congressional leadership. We expect better from the White House.

This is a major victory for the intelligence community, but it’s a victory they’ll come to regret. The intelligence committee may have won a policy battle they lost consistently for years, but the tactics they have used have done deep damage. Since the Edward Snowden leaks, the intelligence community has struggled to rebuild trust from both the American people and the technology companies that provide them so much data. This end run around the political process days before the end of the congressional year is a significant setback. The intelligence community rewrote a bill in secret negotiations and snuck it into law without debate–and they’re doing it to support a bill that will provide them our information without clarity about how the data will be used. This kind of sneaky tactic to surreptitiously collect data is the source of so much distrust.

Our last chance is to convince Speaker Ryan or President Obama to remember their principles and remove this cyber surveillance bill from the omnibus.

Nathan White is the senior legislative manager for the Access advocacy team. A former communications director in the U.S. Congress, Nathan has shaped political and social issue campaigns across the United States and the Internet. He holds a B.A. in political science from Kalamazoo College and an M.A. in global marketing, communications, and advertising from Emerson College. 

Photo via Lisa Plummer/Flickr (CC BY SA 2.0)

The Daily Dot