Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Budget Bill Passes With CISA Surveillance Intact (npr.org)

Posted by Soulskill on from the raise-your-hand-if-you're-surprised dept.

An anonymous reader writes: Early on Friday, the U.S. Senate approved the 2,000 page 'omnibus' budget bill that allocated $1.15 trillion in government funding. Later in the day, President Obama signed it into law. Because the budget bill was so important, many other pieces of unrelated legislation were tacked onto it, including the Cybersecurity Information Sharing Act, a bill notable for giving the government increased internet surveillance powers. Civil rights activists and tech experts largely consider it a "privacy disaster," and several lawmakers voted against the budget bill solely for CISA's inclusion. Senator Ron Wyden (D-OR) said, "Unfortunately, this misguided cyber legislation does little to protect Americans' security, and a great deal more to threaten our privacy than the flawed Senate version. Americans demand real solutions that will protect them from foreign hackers, not knee-jerk responses that allow companies to fork over huge amounts of their customers' private data with only cursory review." Corporations in the U.S. will now have "legal immunity when sharing consumers' private data about hacks and digital breaches." The full omnibus is available online (PDF). The CISA provisions start on page 1,728.

27 of 153 comments (clear)

  1. War on Privacy by pellik · · Score: 4, Interesting

    Is privacy such an enemy of the state now that they have to push it through in the budget bill? Why is ramming this through such a high priority for the Senate? Privacy used to be a second class issue. It hurts to watch our interests be so blatantly ignored by our governing body.

    1. Re:War on Privacy by KGIII · · Score: 3, Insightful

      I believe, if certain Slashdot posters are to be taken as the consensus, it's the Republicans and they want us to die.

      Actually, I think they just don't actually give a shit any more.

      --
      "So long and thanks for all the fish."
    2. Re:War on Privacy by tlambert · · Score: 5, Insightful

      I believe this bill was making it's way through the legislative process and then the Eric Snowden disclosure happened.

      And? The concurrency of the two unrelated things is rather irrelevant. The Snowden disclosure happened because (A) The government was engaged in illegal activity, and (B) Snowden decided to be a whistleblower.

      Which would have been a protected action, were he an employee, but instead head was a 1099 contractor, like all the Uber drivers.

      How many high profile network break-ins have happened since then?

      Lots. They're generally not announced to the public, unless they involve credit cards or medical records.

      Juniper Networks just announced yesterday a major compromise.

      No, they announced a software patch for a problem that could have been used to compromised the security of VPN communications, but there's no evidence that it was ever used to do so, and some evidence that the change was made to the system by the employee of a government agency to allow them to eavesdrop on VPN conversations.

      OPM was hacked and information for 20Million current and former employees and their spouses and children were compromised.

      The agency should not have been keeping records on their spouses and children, since they were not employees, but even so, the compromised information was mishandled by the OPM. This was not a demonstration of skill on the part of the people who penetrated the system, it was a demonstration of incompetence on the people who were tasked with ensuring the system could not be penetrated.

      This legislation has been needed for years. It is about time congress passed it.

      This legislation was never needed. It's only utility is for making information collection for government agencies an unfunded mandate that has to be paid for by the companies whose systems the information is transiting.

      The purpose of doing this is to make the companies adding strong privacy features to their software, particularly mobile phone and tablet software, among others, responsible for, and punishable for not, revealing said information, on demand, and without warrant.

      In other words, it's an attempt to force companies to include back doors, or face fines when demands for information simply can not be accomodated to the governments satisfaction, for technological and mathematical reasons.

      BTW: You have your dates wrong: the Snowden disclosure occurred in 2013; the bill was first introduced to to the Senate Intelligence Committe over a hear later, in 2013, during the 113th congress.

      It's a really asinine piece of legislation. Paul Ryan (R, WI) should be removed from office over this nasty piece of crap, let alone the way he got it shoved through.

    3. Re: War on Privacy by Anonymous Coward · · Score: 4, Informative

      The bill offers immunity to PRISM partners and telcos/ISPs who collaborate with the government to spy on US citizens. Snowden's leaks raised the possibility that citizens would sue the private collaborators for betraying private data to the government without judicial oversight. Now, that can't happen, because in the middle of a 2,000 page amendment to a budget bill the government has promised immunity to those who help the government spy on its citizens without a warrant.

    4. Re:War on Privacy by nmb3000 · · Score: 4, Insightful

      Is privacy such an enemy of the state now that they have to push it through in the budget bill? Why is ramming this through such a high priority for the Senate? Privacy used to be a second class issue. It hurts to watch our interests be so blatantly ignored by our governing body.

      I agree, which is why I strongly suggest that everyone interested in this take a minute to look at the omnibus vote records from the House and the one for the Senate. If your representatives voted different than you want, take a few minutes to reach out to them. A phone call, email, or even (gasp) a physical letter will let them know what you think.

      --
      "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
      /)
    5. Re:War on Privacy by erikkemperman · · Score: 4, Insightful

      There are countless avenues within U.S. gov't that he could have followed

      Really? Name one whistleblower who followed one of those "countless avenues" to any effect, while not having G-men systematically wreck their lives.

      Thomas Drake and friends tried, and suffered for it.

      --
      Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
    6. Re:War on Privacy by Anonymous Coward · · Score: 3, Insightful

      As some whose entire (fingerprints, history, and the information of my family and friends... they got it all) information is out in the wild from the OPM hack, and someone that had to deal with illegal government requests from Qwest (don't ever refuse if you know what's good for you), I'd like to point out how piss-poor OPM security measures were (it took years of threatening lawsuits just to get "on file" listed in place of SS on SBU forms that travel within and outside my agency) and how this will actually decrease the security of everyone.

      The government has already proven they are incapable of securing anyone's information, and they have now opened the floodgates for everyone's information to be targeted.

      That this was passed under such tenuous conditions should make it clear how nefarious this legislation is. The government has declared its own people enemies of the state.

    7. Re:War on Privacy by Blue+Stone · · Score: 4, Interesting

      I read a rather insightful comment elsewhere saying that our securocrats have simply redefined privacy.

      Privacy is now defined as 'the state not currently looking at what information they hold on you'.

      Rather chilling, I thought.

      --
      Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
    8. Re:War on Privacy by kheldan · · Score: 3, Interesting

      Is privacy such an enemy of the state now that they have to push it through in the budget bill?

      Riders on sweeping bills like the one that keeps the Federal government's doors open are SOP for our government, and has been for a long time now. Very often things literally get sneaked into it, hoping it doesn't get noticed, considering the full text of the bill is thousands of pages. It's 'high priority' for the Senate because otherwise the Federal government literally shuts down due to no funding; people literally get sent home without pay, contractors don't get paid, services to citizens stop, etc.

      ..enemy of the state..

      Yes, apparently, it is, now. Look at how the younger generation views the concept of 'privacy': they 'share' every gods-be-damned little thing on social media platforms, never really giving a single thought to who or how many people are actually able to access and use that data however they wish, and they're convinced that anyone who values 'privacy' and goes out of their way to keep their lives private are either 'too old to understand' or that they're criminals/terrorists/predators and 'have something to hide'. This (in my opinion, so take it with a grain of salt, please) is due to the younger generation having been indoctrinated, from birth, to believe 'privacy is bad and selfish', and 'good people share', and Corporate America and our own government is behind it. Three-letter agencies love being able to see everything all the time, and if they had their fondest wishes, I wouldn't at all be surprised if they'd have us required to have cameras and microphones in our homes and in our vehicles, 'for our own safety', naturally, but so far pesky things like the rule of law, the Constitution, and the concept of basic human rights has kept them from doing things like that.

      --
      Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    9. Re:War on Privacy by ClickOnThis · · Score: 4, Informative

      Who (from which party) inserted CISA into the budget bill?

      Apparently, it was House speaker Paul Ryan (R).

      --
      If it weren't for deadlines, nothing would be late.
    10. Re:War on Privacy by ClickOnThis · · Score: 2

      Whoops, fixing the link.

      --
      If it weren't for deadlines, nothing would be late.
    11. Re:War on Privacy by bruce_the_loon · · Score: 2

      I'm not quite sure where the idea came from, maybe the Brits, but South Africa has a brilliant article in our constitution that a bill dealing with the appropriation of fund or taxation can only deal with that and no other item.

      Somewhere we learned that lesson that the US government doesn't want to have to learn.

      --
      Trying to become famous by taking photos. Visit my homepage please.
    12. Re: War on Privacy by DivineKnight · · Score: 2

      Unlimited access to blackmail. There are still details about citizen's lives that are not collected through these apparatuses, but to be honest, they aren't details that these people are interested in.

    13. Re:War on Privacy by AthanasiusKircher · · Score: 2

      That's not quite accurate. Paul Ryan presented the whole budget omibus bill after long negotiations that would ensure enough votes for passage. Lots of passages were likely added to the 2000-page omnibus bill at the request of various people to secure their votes. Who exactly wanted the CISA thing added is unclear, but clearly Paul Ryan was okay with it ending up in the final version.

      But saying he was primarily responsible to requesting it to be put in there on the first place? We don't really know that, and because negotiations before the final draft went on "behind closed doors," it's not likely we could know for sure who wanted it.

  2. Why do you allow this travesty? by Anonymous Coward · · Score: 5, Insightful

    Completely unrelated laws "riding" on other bills... There should be a law against that.

    1. Re:Why do you allow this travesty? by KGIII · · Score: 3, Insightful

      We'll have to tack it onto the next budget.

      I wish I were kidding.

      --
      "So long and thanks for all the fish."
    2. Re:Why do you allow this travesty? by penguinoid · · Score: 2

      They allow it so that they can feign incompetence and that they were "forced" or "tricked" into passing the unpopular law that they've been itching to pass.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  3. Personal information is removed - read page 1740 by VikingNation · · Score: 2

    The act clearly states on page 1740 that personal information needs to be removed from data that is shared. The act also states that any violation of this will require notification of the person if this is not followed. The act also states that privacy and civil liberties factors are included. Before people need to read the and attempt to understand before jumping to conclusions.

  4. Re:VPN by KGIII · · Score: 4, Informative

    I contacted them in the past. They log.

    --
    "So long and thanks for all the fish."
  5. Don't buy USA, Don't use USA by Anonymous Coward · · Score: 3, Interesting

    So basically any private data can be *sold* to NSA etc. for political, commercial and 'terrorist' surveillance as long as the company self declares it 'for cyber attack analysis'.

    Ask yourselve a simple question, why would a vague minor 'cyber threat' data exchange get pushed through in a budget measure if it was so innocuous? Obviously it was what we thought it was, a cover to legalize all the bulk mass warrantless surveillance shit that is still going on.

    And I say 'Sold', because several companies lobied for it, which suggest to me they've been promised money in exchange for the data. A hidden subsidy into US corps to buy their complicity in the surveillance.

    And the solution? Well don't buy USA made kit. It kinda sucks and don't use USA services where possible. Americans don't have a lot of choice, but the rest of the world has.

    In other news, we find out that UK has its own version of 'Parallel Construction', MI5 GCHQ not only spied on brits they briefed police in secret to arrest people and fake evidence trails. Now we know why they said "we briefed the police if people were innocent to let them go"... to explain all the meetings between spooks and police!

  6. Read Uk Spooks admissions by Anonymous Coward · · Score: 2, Informative

    That's like the 'meta data is anonymous' claim, its false. There is no way to strip user info from that data, as AOL found when they released their user searches. But in this case its simply cover. Each record is individual and has an id in it to make it a trivial cross join to pull up the details.

    Read the admission from the UK spooks, on their bulk anonymous surveillance, this is much closer to the truth of the situation:

    http://www.theregister.co.uk/2015/12/16/big_brother_born_ntac_gchq_mi5_mass_surveillance_data_slurpingIntelligence agency staff have stated:

    "These datasets vary in size from hundreds to millions of records. Where possible, Bulk Personal Datasets may be linked together so that analysts can quickly find all the information linked to a selector", such as a telephone number or search query. The information retrieved "may include, but is not limited to, personal information such as an individualâ(TM)s religion, racial or ethnic origin, political views, ... medical condition, sexual orientation, or any legally privileged, journalistic or otherwise confidential information."

  7. Re:Personal information is removed - read page 174 by tlambert · · Score: 2

    The act clearly states on page 1740 that personal information needs to be removed from data that is shared. The act also states that any violation of this will require notification of the person if this is not followed.

    Only information which is (A) personally identifiable, AND (B) not relevant to the investigation. Guess who decides relevance?

    Meanwhile, we also know for a fact that it's rather easy to mine personal identifications out of aggregate "depersonalized" data, since there's a story on Slashdot every couple of weeks where someone has done it in order to get their Masters degree.

  8. Re:Guys - chill by WOOFYGOOFY · · Score: 2

    So far it appears that personal information will not be strippedout andthereis immunity for any collateral damage the passing of the PI may be responsible for and further useage of the PI for any reason (criminal investigation) by the receiving party is fair game even if unrelated to the original intent or if the PI was included by mistake or whatever. Gleaned my info from techdirt, so you may want to double check it.

  9. Welcome to the USA! by Chas · · Score: 2

    Land of the free-ish.
    Home of the "fuck you peon scum!"

    --


    Chas - The one, the only.
    THANK GOD!!!
  10. Re:Nuremberg by WaffleMonster · · Score: 4, Insightful

    Have you read the act?

    Have you?

    Try that first before equating the United States with Nazi Germany

    I find it interesting when people invoke Godwin in a dismissive tone as if people are crazy for drawing comparisons. Nazi Germany was allowed to occur because of a whole series of events and defects in human character which really do have parallels everywhere.

  11. Re:VPN by Burz · · Score: 3, Informative

    PIA doesn't log IIRC, and they have good deals.

    Here is an email guide to start with (there are no ideally private email providers, but many are better than gmail). Riseup and ProtonMail look interesting.

    A note about using PGP email: This still leaves a trail that is rich in metadata (the who/when/where parts of the messages). Only the what is concealed, leaving much to be desired.

    More interesting are new messaging apps which the EFF has rated. I think Signal, Ostel+Jitsi and RetroShare look the most promising. Ring is a newcomer that uses OpenDHT and promises to be what Skype might have been.

    For just increasing privacy a couple notches while browsing, add the following extensions (Firefox): Privacy Badger, HTTPS Everywhere, Adblock Edge (not sure if AE is really needed with PB). Using a Firefox derivative like IceWeasel or PaleMoon won't likely include ad-based features that might compromise privacy (though Mozilla is said to have removed ads anyway).

    As for browsing with Tor, you cannot beat Qubes OS with the Whonix package. This will help you blend in more and prevent exploits over Tor from accessing any personal data. A system with IOMMU hardware and BIOS is recommended.

    After all these years, I2P is still progressing and growing. It marries technologies like onion routing and DHT and its 'I2P Bote' messenger may be the best in class, IMO. Of course, I2P is meant to route all kinds of traffic and even has bittorrent built-in. I'd also recommend running I2P in a Qubes domain, although it comes with TAILS if you're more comfortable booting with that.

  12. Re:VPN by DivineKnight · · Score: 2

    How about no? I say we rent a bus, park it out front of the capitol, and begin throwing people under it until such time as they rescind this "law."

    Quietly ceding territory has never been a good long term strategy, and freedoms lost due to appeasements are rarely restored with ease.