All Your Privacy Are Belong to Us

Category: Privacy

The U.S. Congress is poised to enhance citizens’ privacy and cybersecurity protections... with a new law that blows gaping holes in existing privacy and cybersecurity protection laws. Yes, you read that right. Now read on to learn more about CISA -- the Cybersecurity Information Sharing Act…

CISA: Less Security and Privacy?

If the Cybersecurity Information Sharing Act (CISA) becomes law, private-sector companies would be allowed – even pressured - to share customers’ data with the Department of Homeland Security without requiring a search warrant or court order.

CISA is a reaction to the rising number of data breaches and other attacks that hackers have been launching in recent years. Its ostensible purpose is to encourage private companies to share data about such attacks and threats of attacks with law enforcement agencies, using the DHS as a clearinghouse.

DHS would receive the data, then distribute it to appropriate federal, state, and local law enforcement agencies who are supposed to defend companies against cyberattacks. The House and Senate versions of CISA also permit data collected by DHS to be used in investigations of violent crimes like robbery and carjacking.
CISA Cybersecurity and Privacy Law

CISA declares that any “cybersecurity threat” information that companies gather may be shared with DHS “notwithstanding any other provision of law.” The bill does not clearly define what “cybersecurity threat information” is, so opponents argue it could include anything: financial transaction data, health information, e-mails, private pictures or videos, you name it.

“The incentive and the framework (CISA) creates is for companies to quickly and massively collect user information and ship it to the government,” said Mark Jaycox, a legislative analyst for the Electronic Frontier Foundation, in an interview with Wired magazine. “As soon as you do, you obtain broad immunity, even if you’ve violated privacy law.”

Your Tax Dollars At Work

You might be wondering about the odd phrasing in the title of this article. It's a riff on the All Your Base Are Belong To Us animation that went viral back in 2001. That video was a mockery of Zero Wing, a video game with badly translated (but humorous) "Engrish" phrases.

The Senate version of CISA was passed by a 74-21 vote on October 27; it closely mirrors a bill passed by the House earlier this year. Minor differences need to be ironed out in conference before the bill goes to the President, who has indicated he will sign it.

Five amendments were offered in the Senate to tighten the definition of “cybersecurity threat information” and require companies to scrub data of personal identifiers before turning it over to DHS (unless personal data is necessary to identify the threat). All of the proposed safeguards were defeated.

The House version of CISA is slightly better than the Senate’s. The former contains a provision that requires companies to search for and strip personally identifying information of persons unrelated to a cybersecurity threat from data before sharing data with the government, if the companies “reasonably believe” the data contains such irrelevant and personal data.

The Senate version only requires a company to strip irrelevant personal data that it “knows at the time of sharing” is in the dataset that it intends to share. A company can easily choose not to know too much about what’s in the data it intends to share, lest it be forced to do the work of protecting personal data.

Even these very weak provisions can be circumvented, argues Robyn Greene, policy counsel for the Open Technology Institute. “If I’m one of a million victims of a botnet, and an internet service provider is sending the government all the ‘threat indicators’ associated with that botnet, that could include information about every one of those victims,” she says. “That personal information, once shared with the government isn’t just used for identifying the source of the threat. It can also be used to investigate a myriad of crimes that have nothing to do with cybersecurity.”

But It's All Voluntary!

CISA’s proponents claim that sharing data is entirely voluntary under the bill’s provisions (except for the users, who aren’t asked if they want their data shared with DHS). But opponents say that companies could be required to share data routinely in order to receive help from the government when they face an imminent threat. Another incentive to share data is the competitive intelligence that would flow back to participants in the form of threat trend reports issued by the government. Shareholders and liability insurers might also pressure companies to share data in order to reduce risks.

Security experts object that CISA’s information-sharing does nothing to effectively stop cyberattacks. Tech firms argue that CISA will diminish users’ trust in sharing private information with companies (probably a good thing, in general). A coalition of 55 privacy groups has opposed CISA. Even the Department of Homeland Security has warned, in a July letter to Congress, that the bill could inundate DHS with data of “dubious value” while it “sweep(s) away privacy protections.”

The beneficiaries of CISA are most likely to be the “fishermen” of law enforcement, who will get a vast new ocean of data to trawl through in search of something to investigate and prosecute. CISA will not keep determined hackers out of retailers’ customer databases.

UPDATE: This bill was passed, having been quietly snuck into a "must pass" budget bill. An article published on Dec 18th by Engadget said this:

"..if anything, the version of CISA that was quietly slipped into this budget plays with privacy even faster and looser than the original. For one, a previously held prohibition against sharing information with the NSA has been removed, meaning America's best surveillance agency can receive pertinent data without it being handled by Homeland Security first. More importantly, the provision that required personal information to be scrubbed from cybersecurity reports also seems to have gone missing, leaving that task up to the discretion of which ever agency gets their hands on it.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 3 Nov 2015


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 04 November 2015

The Top Twenty
Next Article:
GRANTED: Permission to Tinker, Copy and Explore

Most recent comments on "All Your Privacy Are Belong to Us"

(See all 29 comments for this article.)

Posted by:

Mac 'n' Cheese
05 Nov 2015

Heaven help us. Where are the true conservatives and libertarians in Congress?

Mac


Posted by:

JeepersPeepers
05 Nov 2015

So, another way for Big Brother to keep an eye on us (spy on us). Smacks of socialism to me.


Posted by:

RandiO
05 Nov 2015

It is becoming more and more apparent (to me, at least) that Americans have other fish to fry than to worry about their privacy and they are more inclined to favor security over privacy.
This war will never be won by us; as there will be a new acronym soup version if this law gets shut [shot?] down, as there has been similar alphabet soup names for such attempts previously.
A similar law was just passed in England but they have less respect for citizens’ privacy as they have more pressing 'concerns' and are more vigilant AND feel their citizen’s security is more important than their privacy!


Posted by:

Cho
05 Nov 2015

Unfortunately, if we want to be protected from the badguys, we have to tolerate the scrutiny needed to ascertain who said badguy is. They don't wear a name tag.


Posted by:

Hosea McAdoo
05 Nov 2015

What does "All Your Privacy Are Belong to Us" mean? Is it a typo?


Posted by:

RichF
05 Nov 2015

Bob the government will pass all the laws they want to take away our privacy rights and the public for the most part don't see or understand the immense problem this will be for them. They don't even understand that Snowden's revelations were an early warning about this theft of our freedoms.


Posted by:

Fallon T Gordon Sr MD
05 Nov 2015

The US Constitution is the law of the land. Homeland "insecurity" and the Patriot Act and spying on Americans anyway at all are UNCONSTITUTIONAL1 This will surely lead to secession, civil war or a return to real Constitutional government. The entire length and breadth of the powers of the US Constitution are expressed in James Madison's Federalist Paper #45. The Federal government is limited to war, peace, negotiation and foreign commerce and taxation.


Posted by:

Robert Kemper
05 Nov 2015

The battle for continued government control of the internet apparently is going to be a never ending one that I believe we must never stop fighting.


Posted by:

Bruce
05 Nov 2015

"YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! "

Interesting article, but, perhaps, you'd better check the title.

EDITOR'S NOTE: You must have missed the paragraph where I explained that. Look again...


Posted by:

Julie
05 Nov 2015

Big Brother is here. ummmm...you're not one of those companies required to share this information, are you? cuz then I meant MY Big Brother is here!! ;)


Posted by:

twinsdad9901
05 Nov 2015

This bill is not in any way, shape or form a cyber-security bill. Like Bob said, this is in reaction to the recent data breaches, but it would not have stopped ANY of them. It is a surveillance bill only.
We all need to contact our congress people to stop this from passing.
There are many articles describing what this bill does and does not do. This is a link to one article that explains it:

https://www.techdirt.com/articles/20151027/11172332650/senate-rejects-all-cisa-amendments-designed-to-protect-privacy-reiterating-that-surveillance-bill.shtml


Posted by:

sirpaul2
06 Nov 2015

"That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government...": Declaration of Independence.


Posted by:

DBA Seve
06 Nov 2015

Slippery slope; trading privacy for safety. This is America; where the rules and laws are supposed to protect our freedom; not reduce it.

Ben Franklin said something along the lines of "Those who give up freedom for security deserve neither freedom nor security."


Posted by:

Barb
06 Nov 2015

As I've often told close relatives, the safest place for your thoughts is inside your head. It is a shame that the freedoms we have enjoyed are eroding.


Posted by:

Robert
06 Nov 2015

I guess it's a sign of our old age Bob when the readers of your columns no longer recognize the old "standards" like Zero Wing's "All your base" reference. Let me sit down here on the porch in my rocking chair and start a game of shuffleboard (on my tablet computer, of course...).

And the advice offered by others here is probably the best. If you don't want something to haunt you for the rest of your life, don't post it on the 'net.


Posted by:

Old Man
06 Nov 2015

Thanks for the title explanation (in the yellow box under Your Tax Dollars At Work). I've seen "All your ... are belong to us!" many times, but didn't know it's origin.


Posted by:

MmeMoxie
07 Nov 2015

Dumb, dumb and really dumb Congressional people!!!

Congress thinks, that inacting this law, it would stop all of the hacking, in the USA - Dumb, dumb and really dumb!!! Why not just take care of the security of the DOD, the State Dept., the DOJ, so on and so forth???!!!

No, these stupids Congressmen/women, to the max, make a law that blows holes in the Computer Savvy security methods. All of this, because of a couple of tech smart congressional aides, who think they really know ALL about computer security and hacking. Again, dumb, dumb and really dumb!!!

Who did these dumb Congressional Senators and Representatives ASK, to get this law??? I bet, they only asked one, maybe two, hackers. Hackers is where you want to know, how they do it and what can help to MINIMIZE these attacks.

Now, major business's hire hackers for their security issues. This has helped save a lot of DoS attacks for their business's. However, the hackers get smarter and smarter everyday, so, attacks and invasions, still occur. I guess, the dumb Congressional people, don't get it.

Bottom line, the USPS is bankrupted, Amtrak is bankrupt and so are almost any program or business that the US Government owns, bankrupt! Cyber Security will also, be a complete bust!!!


Posted by:

Mike
08 Nov 2015

Help readers help themselves when it comes to items before the Congress TELL THEM the bill number so that they find the bill and read it, and also track its movement through the process leading to passage or failure. In this case the bill being considered is ---
S.754 - Cybersecurity Information Sharing Act of 2015 114th Congress (2015-2016)

about which full info about the bill itself can be found at
https://www.congress.gov/bill/114th-congress/senate-bill/754


Posted by:

Jason
09 Nov 2015

WAR IS PEACE. FREEDOM IS SLAVERY. IGNORANCE IS STRENGTH.


Posted by:

Daniel
22 Dec 2015

This CISA provision is the exception to the general rule of compromise when considering bills/laws. If you loved 99.9% of the bill, this one provision should have been enough to say NO. Very disappointed in Congress.

Even more disappointed that our Watchdog, the press, didn't yell and scream in unison about it. There was some coverage, but not near what it should have been.


There's more reader feedback... See all 29 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML


Article information: AskBobRankin -- All Your Privacy Are Belong to Us (Posted: 3 Nov 2015)
Source: https://askbobrankin.com/all_your_privacy_are_belong_to_us.html
Copyright © 2005 - Bob Rankin - All Rights Reserved