The unnoticed expansion of domestic surveillance

An advancing cybersecurity bill may further compromise citizens’ privacy

By Keertan Kini Apr. 9, 2015

Earlier this week, John Oliver of HBO’s Last Week Tonight presented a compelling piece on the upcoming deadline for the reauthorization of the Patriot Act — the law passed in the wake of the 9/11 attacks which greatly enhanced the government’s powers of surveillance. At the time, the public asked few questions, demanding action for greater security and disregarding the potential cost. Twelve years later, Edward Snowden leaked classified documents from the National Security Agency about the breadth and depth of the NSA’s surveillance programs from that point forward, sparking national and international debate.

Programs such as PRISM for foreign surveillance and domestic wiretapping drew huge outcry. At the time, Brazilian President Dilma Rousseff accused the U.S. on the floor of the United Nations of “a breach of international law and an affront” to national sovereignty. Similar claims were made about domestic programs, especially since the their capabilities, let alone their use, were unknown to the vast majority of Americans.

In the two years since the furor, the public has largely forgotten the debate on domestic surveillance. Oliver interviewed Snowden on these matters, trying to draw attention to the impending expiration, and likely subsequent reauthorization, of the Patriot Act on June 1, but June 1 is not the most imminent deadline. We are poised to repeat our mistakes with a bill that critics have already dubbed the “Patriot Act 2.0”: the Cyber Information Sharing Act (CISA) that may be signed into law by May.

In the wake of high-profile security breaches — of Sony Pictures, Anthem, JP Morgan, Home Depot, and Target to name a few — which exposed corporate data, credit card data, and social security numbers, Congress has taken action. In a bill aimed at improving cybersecurity and preventing further data breaches, the Senate Intelligence Committee passed CISA, which will likely be voted on later this month. The bill incentivizes companies to share threat information and offers liability protection to those that do.

The bill is not merely a knee-jerk reaction to a few rare and prominent leaks. According to Netherlands-based security firm Gemalto, in 2014, there were more than 1400 data breaches of companies and government agencies, resulting in over 974 million data records being lost or stolen — an increase by almost 50 percent from 2013. Only 4 percent of the breaches were considered “secure,” in which the records exposed were rendered useless by encryption.

However, when CISA passed the Senate Intelligence Committee on March 13 by a 14-1 vote, only Sen. Ron Wyden, D-Ore., voted against it. In a public statement, he wrote, “If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill — it’s a surveillance bill by another name … It makes sense to encourage private firms to share information about cybersecurity threats. But this information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens.”

Many individuals and groups echoed his warning. In a letter to Chairman Richard Burr, R-N.C., and Vice Chairman Diane Feinstein, D-Calif., a coalition of civil liberties groups, security experts, and academics warned that “CISA disregards the fact that information sharing can — and to be truly effective, must — offer both security and robust privacy protections.” Signatories include the ACLU, the Electronic Frontier Foundation, the Brennan Centre for Justice, and MIT’s own Prof. Ronald L. Rivest.

The biggest criticisms stem from the bill’s broad definitions and uses of the shared data. Under the bill, the government may retain and use any shared information resulting from cybersecurity threats related to “an imminent threat of death, serious bodily harm, or serious economic harm.” The use of shared data is not limited to any specific agency. Under the Homeland Security Act of 2002, the data would be shared with “all appropriate government agencies,” including the FBI and NSA. The data may be used not only in combating broad threats but also in criminal proceedings. Since all data shared under the act by companies is voluntary, the data would be accessible without a warrant, without a judge to determine relevance. Lastly, given the liability protections extended to companies who share data, consumer privacy protections from corporations are potentially undermined.

We live in a constantly accelerating world of sensors and networks, where the Internet of Things is becoming more real every day. Not knowing what information about you is being shared and analyzed is disconcerting at best and terrifying at worst. Yet instead of engaging with these pressing issues, the news is inundated with predictions of a presidential contest 19 months away.

Proponents of the legislation note that any data accepted must be stripped of personal information. They also state that only data directly pertinent to cyberattacks can be shared. Regardless of interpretation, the bill has a much better chance of being signed into law than its predecessor last year, the Cyber Intelligence Sharing and Protection Act (CISPA) that was prevented from passage by civil rights organizations. According to ACLU media strategist Rachel Nausbaum, CISA is potentially worse than its forebear, stating in a blog post that it “fails to limit what the government can do with the vast amount of data to be shared with it under this proposal.”

However, the bipartisan support for CISA in the Senate and the presence and support for similar House bills — the Protect Cyber Networks Act and the National Cybersecurity Protection Advancement Act — mean that the measure will likely pass Congress. Both House bills are scheduled for the week of April 20, and CISA will likely hit the Senate floor at the same time. Reports this week about a breach of the White House and State Department networks last year are adding even more pressure for cybersecurity and information-sharing legislation. The final version of this bill may well be law by May.

The debate over privacy and security is incredibly complex, especially since those professionals and officials who have the most knowledge to weigh the costs and benefits cannot share that knowledge in the service of national interests. Victories are not announced, while failures are public and quite possibly fatal. The Patriot Act was passed in the shadow cast by 9/11, with the motto “never again” on everyone’s lips for good reason. Yet avoiding this debate due to its complexity or its inherent murkiness is incredibly shortsighted.

Civil rights activists often quote Benjamin Franklin: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” The quote, while accurate in wording, is often taken out of context. Rather than Franklin favoring liberty over safety, he was denouncing a choice presented to him by the colonial governor of Pennsylvania. Franklin sought both liberty and safety, unwilling to trade either.

Security and privacy interests need not be at odds with one another. So rather than waiting a decade until the next Edward Snowden reveals the scale and scope of government surveillance, before the final version of CISA becomes law, we should have this public debate. We should never have stopped.

Keertan Kini is a member of the Class of 2016.

14 Comments

Freedom about 9 years ago

I did not read this article, but I know it's wrong, because The Tech is a propaganda website and its articles do more harm than good.

Freedom about 9 years ago

I apologize and retract my former statement. I just finished reading the article and it made many well-substantiated points. Not even one little hint of communism or cultural Marxism! Good on you, author!

Freedom about 9 years ago

2- You are as meaningful as dust. Don't make me sign all my comments cryptographically.

- 15140132362817437

Freedom about 9 years ago

3 - Lunkheaded imposter. Don't be so childish as to think that a simple number can fool the educated readers of the Tech into believing that a socialist, left-wing radical like yourself, is the real Freedom. You disgrace such a reputable news source in even attempting to do so.

Freedom about 9 years ago

I'm a stupid moron with an ugly face and a big butt and my butt smells and I like to kiss my own butt.

Freedom about 9 years ago

4- Your attention is flattering.

5- There are better insults than "stupid moron." Still at least you're not hurting anyone-- you're better than The Tech!

I held my nose and read the first 10 words of the column, referencing John Oliver. Time for some real-talk, guys: First, getting news from comedians is pathetic on its face, disqualifying the author. Second, Oliver is a left-winger who spoon-feeds narrative not fact; why anyone views him as a helpful rather than harmful information source is beyond me. Third, Oliver is too annoying to listen to. He talks slowly and loudly like a peasant in a foreign country. Better to get news from a church pastor than from John Oliver. In the former case, the information is less toxic.

Freedom about 9 years ago

4 - One more thing, you clearly don't understand crytogram signing with prime factorization. This is a basic application of Fermat's prime cousin prime reciprocity theorem. I solved it myself by listening to the glorious 3rd Symphony by our Lord and Saviour Beethoven. Note I spelled Saviour with a 'u' to pay homage to our superior Victorian ancestors. You should study elliptical parabolic square curve cryptography and you would understand that it's not a simple number, plebeian.

Freedom about 9 years ago

Guys, stop impersonating me! This is super serious! I'll call the internet police on you, then you'll be sorry!

-5701972390187398574930872589734

Freedom about 9 years ago

2,4,5,7- I play it straight: I call something or someone wrong and say why. But you guys resort to impersonation. Visibly, to a leftist, language is not a tool for separating right from wrong and discovering something higher than yourself; something that makes you happier the next day. So you do not present a viewpoint. Instead, you rely on ridicule and cheap power plays. Leftism is a popularity contest. Rightism is something with intellectual value.

7- Nonsense. Music should not be revered. Good art is a practical thing: try listening to jarring sounds while living in an ugly room in an ugly house in a trashy neighborhood and you will understand.

I will now begin signing with SHA-256 hashes generated via http://www.xorbin.com/tools/sha256-hash-calculator To verify my authenticity in the future, I will reveal the data used to generate the hash below.

19a7bd9448b82d91d07bb44b8945fda466e7bbaa6a2915844379890358e96700

Freedom about 9 years ago

8 is another impersonation lol.

Freedom about 9 years ago

8 - You are meaningless and your views irrelevant. In any proper society they would be removed, as they justly should. Moral people (e.g. those who use single-sex bathrooms) would be allowed to express their views but you are an infantile piece of scum.

Also I know a guy who is in Anonymous and is a professional hacker. He knows how to ping your IP and download more RAM to your mainframe. He'll get you if you don't watch it. Impersonating me is a serious offence.

Freedom about 9 years ago

By the way, the data necessary to generate the hash was 'Real Victorians go pee-pee with Freedom'

Freedom about 9 years ago

11, 12- Yes, in the past I have said that co-ed bathrooms are morally inferior to same-sex bathrooms. Impersonator, you mock this idea.

So you want women to endure dangerous drunk men when they go to the bathroom late at night in a movie theater (safety risk). You want the sensitive, delicate sex to endure gazes from perverted men in the changing room (harassment). You want men to be very inappropriate in front of prepubescent women when they use urinals (exposing children to inappropriate material early on may cause harmful side effects such as early puberty).

As Confucius said, you should be respectful of your superiors (such as myself) instead of mocking them like a Communist. You seem to advocating a break from tradition which would basically expose young women to safety risks, harassment and inappropriate material. I wonder what kind of parent you would be. Would you be a pedophile and pervert and give your daughter severe daddy issues in the future? Your apparent views are disgusting and I'm worried you would abuse children. Ladies and gentlemen, observe a typical leftist.

The message was: Rightism is something with intellectual value.

New hash: 1cc589394ae3289e3742c8606ae0a1590ddc5a3468e918f053672b7d85bb5285

Em about 9 years ago

I can only enjoy seeing Walter Lewin being beaten at his own "haha no, in fact I m from india!" or " No I m not Lewin haha" game.

Seems like you got played.

And the "you should be respectful of your superiors (such as myself) " laeves no room for any assumptions.

I suggest you stop your ridiculous inpersonnation of someone called Freedom and go back to your actual name, because whoever decided to Doppleganger you just like you create ones for you, they seem to be quite tech savvy.

You go first or you get humiliated. Your choice Lewin.