If there has been a prevailing zeitgeist on the Hill over the past few weeks, it would be summed up as, “Less encryption, more information sharing.” The mentality among politicians seems to be that cybersecurity is strengthened when more private information is shared among agencies that have poor track records on securing against data breaches and when encryption standards are weakened by security vulnerabilities and backdoor access points. And, indeed, some politicians are really pushing hard on these points.
In a recent Fox News Sunday segment, Senate Majority Leader Mitch McConnell (R-KY) made clear that he intends to “take a step in the direction of dealing with the [cybersecurity] problem with [an] information-sharing bill that … will be broadly supported.” The bill in question, the Cybersecurity Information Sharing Act (CISA), has been on the Senate’s radar for the past few months, and now it appears that McConnell will push the issue of cybersecurity before the August recess. Unfortunately, the bill contains more problems than solutions, many of which I have highlighted in recent posts (here, here, and here).
More broadly concerning, however, is how a bill like CISA would essentially strip away many of the surveillance reforms recently made law by the USA FREEDOM Act. Indeed, earlier this year, Sen. Ron Wyden (D-OR) pointed out that CISA is simply “a surveillance bill by another name” — couched in the inoffensive language of “information-sharing” — and that it likely has gained support because of the recent Office of Personnel Management (OPM) hack and the presence of the word “cybersecurity” in the bill. The misleading description makes selling expanded surveillance powers much easier – after all, who could be against voluntary information sharing?
But the government has shown itself to be a woefully ineffective caretaker of Americans’ personally identifiable information (PII). The OPM hack is a clear indicator of precisely why a bill like CISA is not only bad policy but could potentially end up producing the mother of all OPM hacks, exposing millions of innocent Americans’ data to nefarious agents. Given that federal agencies have had immensely poor track records in securing their own networks, why would we want to grant them access to even more of our PII?
Moving beyond the civil agencies of the executive branch, even government intelligence agencies have proven themselves incapable of keeping their systems secure. For proof one need look no further than the myriad examples made public by the surveillance state’s enemy numero uno: Edward Snowden.
While some have lambasted Snowden’s leaks from the perspective of the potential harm to national security, others have noted the government’s clear violations of civil liberties; Snowden not only released secret documents surrounding surveillance operations; he also released the information gathered by the NSA, from revealing webcam photos to innocuous conversations between quarreling lovers. This, some claim, is the clearest argument for condemning the former contractor’s actions. But as a recent article in The Atlantic discusses, this is far from the truth.
The NSA collects and stores the full content of extremely sensitive photographs, emails, chat transcripts, and other documents belong[ing] to Americans, itself a violation of the Constitution – but even if you disagree that it’s illegal, there’s no disputing the fact that the NSA has been proven incapable of safeguarding that data. There is not the chance the data could leak at sometime in the future. It has already been taken and given to reporters.
And as though CISA and NSA surveillance were not enough to quell the hawkish perspective of intelligence community supporters, a recent Washington Post article highlighted the Senate Intelligence Committee’s approval of yet another piece of surveillance/information-sharing legislation. Its provisions would ostensibly dictate that any electronic communication service provider that “obtains actual knowledge of any terrorist activity … shall provide to the appropriate authorities the facts or circumstances of the alleged terrorist activity.”
The trouble with this legislation, which mimics many of the concerns over CISA, is that it ignores how social media and the Internet more broadly deal with issues relating to suspicious or threatening materials: mechanisms empowering user-reporting. There is no practical or privacy-respectful way social-media sites like Twitter and Facebook could monitor the activities of millions upon millions of users and make qualified determinations as to whether a post, link, or other online activity constitutes a genuine terrorist threat. Thus they rely on the online community to report such activities. Trust-based relationships are a vital cornerstone of cyberspace’s security and independence.
Importantly, the essence of this legislation simply mandates that any such activity reported to an “electronic communication server provider” must also then be reported to the relevant law-enforcement or intelligence agency. But this type of mandate raises a host of privacy and surveillance-related concerns. It would turn online communication providers into speech Stasi, roaming the “tubes” of the Internet seeking out any questionable or seemingly illicit material and handing the information over to the government. This holds the potential to chill speech on the Internet.
From President Obama’s directive ordering the creation of the Cyber Threat Indicator Integration Center (CTIIC) to CISA and the ongoing discussion surrounding weakening encryption, these past few months have seen a revitalized charge for renewed and expanded surveillance powers in the wake of the USA FREEDOM Act’s passage. Where previously the danger was the growing power of the state surveillance apparatus, now, though the threats to civil liberties are the same, the language of the game has changed. The invocation of this kind of doublespeak is literally lifted right out of Orwell’s 1984:
This process of continuous alteration was applied not only to newspapers, but to books, periodicals, pamphlets, posters, leaflets, films, sound-tracks, cartoons, photographs – to every kind of literature or documentation which might conceivably hold any political or ideological significance. Day by day and almost minute by minute the past was brought up to date. … All history was a palimpsest, scraped clean and reinscribed exactly as often as was necessary.
And so it is that we find ourselves moving from a “surveillance” state to an “information-sharing” state. Though the essence is the same, the language is transmogrified to make the panopticon appear less oppressive, more liberating, and in full agreement with the constitutional covenant between citizens and the state. To once more quote Orwell, the information-sharing state, like the surveillance state, is nothing more than “a boot stamping on a human face – forever.”