Senator Exploits JP Morgan Data Breach to Push Surveillance Bill

Zenon Evans | 10.6.2014 3:45 PM

(cc)

Because he looks like a man who knows his way around the Internet. — US Govt

The hackers who stole information from 76 million households and 7 million businesses aren't the only ones exploiting people in the JP Morgan Chase security breach. Politicians are, too.

Sen. Angus King (I-Maine), who sits on the Senate Intelligence Committee, issued a statement pushing for some government action:

This terrible news only further underscores the urgent need for Congress to pass comprehensive cyber security legislation. … Congress must work to pass legislation that will improve our capabilities and protect us against more attacks like these. The next Pearl Harbor will be cyber, and shame on us if we're not prepared for it. We have a bi-partisan bill teed up in the Senate and I'd like to see it move before the end of the year.

That bill is the Cybersecurity Information Sharing Act (CISA).

Earllier this year, a broad coalition of about two dozen organizations, including the National Coalition Against Censorship and the National Whistleblower Center, signed a letter to congressional leaders earlier this year explaining why this bill has little to do with cybersecurity and more to do with prosecuting whistleblowers, curtailing people's online privacy, and making government less transparent.

The Electronic Frontier Foundation notes that this is just latest iteration of unpopular "cybersecurity" bills (like CISPA and SOPA) that lawmakers have been pushing for the last four years, and points out some serious problems:

The bill authorizes companies to launch countermeasures for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system. Combined, the two definitions could be read by companies to permit attacks on machines that unwittingly contribute to network congestion. The countermeasures clause will increasingly militarize the Internet—a prospect that may appeal to some "active defense" (a.k.a. offensive) cybersecurity companies, but does not favor the everyday user.

Second, the bill adds a new authority for companies to monitor information systems to protect an entity's rights or property. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called "cyber threat indicators," freely with government agencies like the NSA.

The American Civil Liberties Union adds that CISA would esentially "circumvent the warrant requirement [of the Fourth Amendment] by allowing the government to approach companies directly to collect personal information."

[Hat tip: Techdirt, Mike Masnick]

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: White House Hunts Leakers Because 'Obama Hates the Press,' Says NYT Reporter

Hide Comments (25)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Hyperion 10 years ago

Does this guy know that dentures come in white these days?
The Late P Brooks 10 years ago

further underscores the urgent need for Congress to pass comprehensive cyber security legislation
Maybe I’m crazy, but my expectation is that the internet gets less secure every time Congress passes a law regulating it.
1. bassjoe 10 years ago
  
  For me, at least, the Internet got less secure when TrueCrypt shut down due to what may have been government pressure.
Fist of Etiquette 10 years ago

You know who else attacked Pearl Harbor?
1. RBS 10 years ago
  
  Michael Bay?
2. Andrew S. 10 years ago
  
  the Germans?
  1. Scruffy Nerfherder 10 years ago
    
    You’re on a roll
3. Fist of Etiquette 10 years ago
  
  Team America: World Police?
4. Invisible Finger 10 years ago
  
  Mr. Harbor?
Homple 10 years ago

Make negligent businesses liable for losses incurred by their customers and watch the problem magically start fixing itself.
1. Scruffy Nerfherder 10 years ago
  
  Then watch Visa/MC/AmEx get legislation passed that pushes all of that liability onto the retailers, regardless of who is at fault.
  1. bassjoe 10 years ago
    
    That pretty much already happens. without the legislation. Even if retailers can definitely prove a transaction actually occurred (“here he is! I videoed him signing the damned receipt!”), a customer’s chargeback will 99% of the time go through. At least for small-mid retailers; Target, etc., probably have deals where the chargeback losses are split.
Fist of Etiquette 10 years ago

The American Civil Liberties Union adds that CISA would esentially “circumvent the warrant requirement [of the Fourth Amendment] by allowing the government to approach companies directly to collect personal information.”
Which, of course, would have stopped the JP Morgan Chase attack in its tracks.
RBS 10 years ago

Because he looks like a man who knows his way around the Internet
Oh, I’m sure he knows his way around some parts of the Internet…
1. Andrew S. 10 years ago
  
  Dammit, I knew I’d be too slow for this one. It’s just too easy. Just look at that face. Look at that mustache. The joke made itself.
  1. Scruffy Nerfherder 10 years ago
    
    He probably likes gladiator flicks too.
    1. Andrew S. 10 years ago
      
      Has he been in a Turkish prison?
Scruffy Nerfherder 10 years ago

cyber
Cyber
CYBER
CYBER
CYBER!!!!!
1. thom 10 years ago
  
  do u cyber?
  1. Scruffy Nerfherder 10 years ago
    
    http://willusingtheprefixcyber…..idiot.com/
Bardas Phocas 10 years ago

Every night, I wrap myself in my cyber-security blanket and I thank God I’m an American, where at least I know I’m free.
1. RBS 10 years ago
  
  Like thisThis?
2. Hyperion 10 years ago
  
  Right before the swat team breaks in and shoots your dog.
The Laconic 10 years ago

That alt-text was apparently beamed straight out of my head.
Paul. 10 years ago

The same goes for a “cybersecurity threat,” which includes anything that “may result” in an unauthorized effort to impact the availability of the information system.
As a [former] network engineer, a law like this would have come in handy. Imagine the number if iDevices I could have snatched from doctors’ hands and tossed into the dumpster because they represented an “unauthorized effort to impact the availability of the information system”

Please log in to post comments

Senator Exploits JP Morgan Data Breach to Push Surveillance Bill

Latest

Another Illegal Power Grab From the FTC

A Cruel and Risky Abortion Ban Versus an Overreaching Interpretation of Federal Law

TikTok Gets 9 Months

Supreme Court Takes Up ATF's Unilateral 'Ghost Gun' Rules

Brickbat: Who's Counting?

Recommended

Login Form