In December 2012, the US Senate re-upped the NSA’s vast surveillance powers over the holidays when no one was paying attention.
Never underestimate the ability of the “do-nothing” US Congress to
make sure it passes privacy-invasive legislation on its way out the door. In
December 2012, the Senate re-upped the NSA’s vast surveillance powers over the
holidays when no one was paying attention. In December 2013, Congress weakened
video-rental privacy laws because Netflix asked them to and nobody noticed.
Now, as the post-election lame-duck session opens on Wednesday in
Washington, the Senate might try to sneak through a “cybersecurity” bill that
would, as the ACLU puts it, “create a massive loophole in our existing privacy
laws”. The vague and ambiguous law would essentially allow companies like
Google and Facebook to hand over even more of your personal information to the
US government, all of which could ultimately end up in the hands of the NSA and
the FBI.
The House already passed a version of this bill earlier in the
year, and the White House, despite vowing to veto earlier versions, told
reporters an “information sharing” cybersecurity bill was on its list of
priorities for the lame-duck session (while NSA reform is not).
Senate intelligence committee chair Dianne Feinstein says she’s
willing to make privacy compromises to get the bill to the floor, but did not
elaborate – at all – on what those were. And given the sleazy tactics of House
permanent select intelligence committee member Mike Rogers in pretending he had
the support of privacy groups when the House passed its version of the bill,
it’s hard to take anything the intelligence committees say in the area of
privacy on good faith.
Saxby Chambliss and Feinstein are even using the “risking the
economy” argument to get their bill up for a vote before the new Congress takes
over next month. And, you know, failing to pass robust NSA reform is harming
the economy too, according to virtually every major tech company, but so far
Chambliss and Feinstein have done their best to ignore that.
“This idea that we don’t trust each other – that’s a recipe for
disaster for us,” Admiral Michael S. Rogers, the new director of the NSA, told
USA Today. “We have got to work this collaboratively.”
Gee, I wonder why companies don’t trust the government anymore? Is
it because the NSA got caught basically hacking into of some of the biggest
American companies and siphoning off untold amounts of information? Or is it
because of anecdotes like this one, from the New York Times, where the NSA
calls in companies under the guise of cybersecurity to then weaken their
security?
Even agency programs ostensibly intended to guard American
communications are sometimes used to weaken protections. The NSA’s Commercial
Solutions Center, for instance, invites the makers of encryption technologies
to present their products to the agency with the goal of improving American
cybersecurity. But a top-secret NSA document suggests that the agency’s hacking
division uses that same program to develop and ‘leverage sensitive, cooperative
relationships with specific industry partners’ to insert vulnerabilities into
Internet security products.
Meanwhile, the FBI’s dangerous new proposal that would force tech
companies like Google and Facebook to insert backdoors into all their internet
email and chat programs would categorically make cybersecurity worse. Security
experts almost universally agree: creating a vulnerability that law enforcement
agencies can exploit will be found by foreign governments and criminals, making
it that much easier for, say, China to break into our communications as well.
It’s happened before, and will happen again, no matter how much kumbaya Obama
is trying to foster this week in Beijing.
Some politicians and intel hawks are pushing for even more radical
powers to sneak by while you’re not watching. In a little noticed story in
October, the Washington
Post reported about how
some former government officials want to give private companies “hacking-back”
powers – that is, they should be able to hack into the systems of anyone they
think is hacking them. This insane idea is so reckless that even its biggest
supporters admitted to the Post that it would likely ensnare
innocent people, but that hasn’t stopped them from continually pushing the idea
in cybersecurity circles.
Former NSA general counsel Stewart Baker told the Post, “I have a strong sense from
everything I’ve heard [from government officials] that they’re much more
willing to help companies that want to do this.”
The NSA may already be doing this itself on an automated scale. In
Wired magazine’s interview with Edward Snowden a few months ago, Snowden
described the NSA program code-named MonsterMind, which would “hack back”
automatically: “Instead of simply detecting and killing the malware at the
point of entry, MonsterMind would automatically fire back, with no human
involvement.”
But what happens when we hack back at innocent people? “These
attacks can be spoofed,” Snowden told Wired:
You could have someone sitting in China, for example, making it
appear that one of these attacks is originating in Russia. And then we end up
shooting back at a Russian hospital. What happens next?
No one doubts cybersecurity is a growing problem for the United
States and countries around the world – and you can bet Obama’s team has been
having a lot of side meetings about it on that trip to China, and in
conversations about Syria and a lot of other places. But if there’s anything
politicians shouldn’t be doing, it’s helping the US surveillance machine spy on
the people who elected them – behind our backs.
Trevor Timm is a Guardian US columnist and executive director of
the Freedom of the Press Foundation, a non-profit that supports and defends
journalism dedicated to transparency and accountability.
Source: Press TV
No comments:
Post a Comment