Cybersecurity

How Bad Does Alleged Pro-Security Legislation Have to Be to Get DHS to Oppose It?

Federal agency sees the Cybersecurity Information Sharing Act (CISA) as harmful, not helpful.

|

Get the cyberdynamite
Credit: Maxxyustas | Dreamstime.com

Privacy experts have been warning all along that the Cybersecurity Information Sharing Act (CISA) wasn't even trading citizen privacy for security. The legislation would give private companies legal immunity for sharing customer data with the feds in order to fight cybersecurity threats, hackers, et cetera. The justification was that more information and more sharing would lead to better cybersecurity.

But cybersecurity and privacy experts insisted this was simply not the case. As Andrea Castillo explained at Reason back in May, the federal government has a poor reputation when it comes to properly sharing information and are often the target of hackers themselves (and this was written weeks before the massive hack of federal personnel data was revealed).

It turns out there is some agreement from a surprising source: the Department of Homeland Security. A government agency responsible for all sorts of prying into citizens' personal lives does have some limits. They responded to a request for information by Sen. Al Franken (D-Minn.) with a letter detailing their concerns. Franken released the letter today. Via National Journal:

In releasing the DHS letter, Franken said Monday that CISA is not yet ready for a vote. "The Department of Homeland Security's letter makes it overwhelmingly clear that, if the Senate moves forward with this cybersecurity information-sharing bill, we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives," he said in a statement.

Franken, an outspoken privacy advocate in the Senate, asked DHS last month to set out any concerns it may have with the bill's privacy, effectiveness, and efficiency. The agency identified a number of issues with the bill, including a provision that would make it difficult for the agency to anonymize incoming data and preserve Americans' privacy, and a worry that the sheer volume of information that would be shared under the law would be overpowering.

DHS has been intimately involved in cyberinformation-sharing ever since recent legislation created the National Cybersecurity and Communications Integration Center cyberthreat clearinghouse within the agency. A number of federal agencies and over a hundred private-sector companies participate in DHS's information-sharing program.

Read more here. There is a little bit of agency jurisdiction policing here. The DHS wants to make sure it remains the hub for a cybersecurity information sharing program. 

NEXT: Should schools that arrange field trips to foreign countries have duty to warn about / protect against rare tick-borne encephalitis?

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Yeah, nothing says “information security” like “immunity for sharing information”.

    1. Plus it wouldn’t make them immune from market forces as consumers become increasingly aware of privacy concerns.

      1. But how would companies know to compete to address customers’ privacy concerns if the government doesn’t tell them that’s what customers are concerned about?

      2. as consumers become increasingly aware of privacy concerns.

        I’m actually a little surprised/concerned that this doesn’t seem to be happening. There are companies that protect your identity but very few (I actually can’t think of one) have “the other guys don’t care about cyber security; we do!” as a selling point.

        Hell, look at how few people gave a shit about the NSA revelations.

        1. My bank sent me a new credit card the other day. Said I used my old one at a store where there had been some concerns.

          Said there wasn’t any evidence of fraud on my account, but they were sending me a new card just to be safe.

          I changed my pin and passwords.

          I know they were just protecting themselves, but they were watching out for me, too.

          1. Still vanishingly rare from what I’ve seen. The banks do make some effort, but what about Wal Mart going after Target over it? “If you shop at Target, criminals in EASTERN EUROPE (gross!) will get your card info and take your money!” That type of scare tactic is usually really effective, so unless the companies think their customers don’t care that much, I don’t see why they’re not hammering that point.

            As you noted, your bank is probably pulling a total CYA, although it just happens to cover yours as well.

          2. If they were watching out for you, they would have told you which store it was so you could respond accordingly. But I’m guessing they wouldn’t tell you.

        2. You may not find individual customers as concerned as you’d like, but other businesses are consumers, too. Cisco, for instance, took a financial hit in the wake of the NSA scandal.

  2. So, in totally unrelated news. I sometimes watch the news from Brazil on Globo TV. Yesterday afternoon, my wife was watching and called me over to show me something that was happening.

    What’s going on is that under Dilma’s labor party, which has been in power for about a decade or a little more, is that public sector unions have become very powerful. They have been able to demand and get huge salary and benefits increases, as well as lifetime pensions. So much so, that it’s now common knowledge there that if you want the big bucks and other things that are mostly impossible from the private sector, you go to work in government.

    So now, some states and districts are unable to pay public employees. In some cases, it’s looking like 50% cuts or more. So the public employee unions are having a fit and striking again.

    1. Being a good libertarian, I seized the moment. I said ‘Honey, remember those talks we had about socialism? Well, this part right here, this is the part where they run out of other people’s money‘. I didn’t get a ‘you’re right’, but the look of resignation signaling ‘I don’t have a counter point for that’ was most gratifying.

      1. There’s an unwritten rule with women, where you’re never supposed to say “I told you so”, and even if that goes unsaid but it becomes painfully obvious that not only was a disaster foreseeable, it was also foreseen? Then they’re going to quietly hold it against you as if you’d said “I told you so” anyway.

        There isn’t really a remedy for it. It’s just the way women are. It works like that in LA. It works like that Nairobi. Over time you may start to notice that she’d rather be wrong than agree with you. I suspect that’s often due to an accumulation of “I told you so”s–both said and unsaid.

        You want to avoid that.

        Next time it becomes obvious that she was wrong about something, you might try to pretend you don’t notice. And if she brings it up, maybe change the subject to something she was right about once.

        1. Oh, trust me, my gratification was not shown. She may have been somewhat aware of it, but she didn’t say anything. Sure I’ll be punished at a future date for not picking my socks up from the bedroom floor or some other non-aggression. Well, sounds like you know how it works.

      2. As a secondary point: Brazil’s is a commodity dependent economy (they export commodities just like Canada and Australia). As demand was destroyed in the consumer economies (US and Europe) and manufacturing economies (China, German) slowed, demand for commodities collapsed. The slow down in Brazil will be deep and permanent. They are in for a long term shit-storm. Plan accordingly.

        1. Meh, that’s a bold prediction. Brazil is a huge country and has a lot of resources to exploit. I sure hope not, and I think that if they can rid themselves of this shit labor party, they will come out of this funk. If not, yeah, it’s not going to get any better.

    2. So now, some states and districts are unable to pay public employees. In some cases, it’s looking like 50% cuts or more. So the public employee unions are having a fit and striking again.

      Well, the states and districts don’t want them working anymore, and neither do they.

      Sounds like they are in agreement on that much, at least.

      “Thank you, comrade, for heroically sacrificing your lucrative public employment for the good of the collective. Your devotion to the community will not be forgotten. In recognition of your public-spirited act, you will find enclosed a souvenir 1 trillion Venezuelan bolivar banknote.”

      1. Again back to my perennial libertarian conundrum: what do we do with all the useless ex-government employees once they’re fired?

        Nobody in their right mind would hire them.

        They have terrible attitudes, ridiculous expectations, and no sense of initiative or personal responsibility. Why would you hire someone like that when you could just hit yourself in the head instead?

        1. Good question.

          Universities? University administrations are always hiring and it’s not like another 50% dead weights are going to muck up the system.

        2. Guaranteed minimum income. Really, I don’t know what else the solution could be. Most of these people are not used to actually working, don’t want to, and won’t. So just pay them (less obviously) to go home and do nothing.

          1. Ok, that’s got me thinking… The government promises any company that will hire the (ex)employee 3 months free salary (the government continues to pay the employee their original wage). Make it 3 strikes. The employee can bounce to 3 different companies, being fired each time, before they are no longer supported by the program. If they don’t learn their lesson, fine! There will be a ~9 month glut of cheap labor and then it’s over.

          2. That’s what I think, too.

            Considering the costs to society of the Drug War, for instance, paying them to stop hurting people is better than paying them to hurt people, isn’t it?

            Give them their pension early to go home and do nothing.

            1. It’ll make government employees less resistant to libertarian solutions, too. They resist us and hate us because they wouldn’t have any means to support themselves in a more libertarian society.

              The police union owns Chicago, and they’re not just giving it away libertarians. If we want people to do something, we need to offer them something better than what they have now.

              A lot of those lazy fucks would rather not have to get up in the morning, get dressed, and go clock in.

            2. Can we apply that to congress as well?

        3. what do we do with all the useless ex-government employees once they’re fired?

          Why do “we” have to do anything with them? Within a generation or two, they’ll have learned to adapt to the free market. What’s the problem?

          1. If not for stupid politicians promising shit they can’t keep delivering in exchange for votes, we wouldn’t have this problem.

            You have to know, unless you are completely retarded that when public employee, paid for by tax payers, salaries are 2-3x what they would get in the private sector that something is very fucking wrong.

            1. Well, ok, originally I was talking about Brazil. But the USA is heading in exactly this same direction. It will take a little longer, but the result will be the same. Running out of other peoples money is like a basic law of physics, there’s no way around it.

          2. In the mega cities in the Northeast, where the Democratic machines control everything, and the machines are controlled, especially, by the police union, they’re not about to let the Drug War go. It’s too much of a money maker for them.

            Look at Christie.

            They’re not about to legalize recreational marijuana in New Jersey anytime soon–even if the Supreme Court ruled they could and the feds had to support it.

            You’re simply not going to get any public union to commit suicide. It works the same way with public school privatization. The unions have control of the levers of state, and they’re going to continue to pull them to their own advantage. They have all the cards. So how do you get them to cooperate instead of resisting libertarian solutions?

            You have to offer them something better than what they have now.

            And paying them to stay home instead of poorly educate students is probably worth it.

            You’re probably paying them less to stay home than they’re earning now, too.

            1. Yeah, until they run out of money. You can only tax an economy so much. Then there’s going to be some good ol European style austerity. This cannot be resolved by tax hikes only. The Democrats who keep saying we can keep this going through tax hikes only, are either lying or stupid.

            2. I prefer showing them the woodchipper and letting them decide their own path.

        4. It’s time for The Pension Games!

          In exactly one year a fund worth One Billion (US) will be divided amongst any living current or retired government workers.

          It might start out slow, but as the months go by things will get more frantic and the last month will just be kee-razy!

      2. In recognition of your public-spirited act, you will find enclosed a souvenir 1 trillion Venezuelan bolivar banknote.”

        Or 1/2 a roll of toilet paper.

        1. *whichever value is greater.

    3. So you’re saying Brazilian women will be more… pliable to foreign men bearing toilet paper?

      1. Dollars will work well. Almost 4 – 1 against the REAL now. When I go there next time, I’m gonna feel like a real fat cat. Thanks, Dilma.

  3. It turns out there is some agreement from a surprising source: the Department of Homeland Security. A government agency responsible for all sorts of prying into citizens’ personal lives does have some limits.

    Yeah, no. There’s something else in the legislation DHS sees that we apparently don’t. Somehow it weakens not just privacy but the department itself.

    1. FTFA:

      There is a little bit of agency jurisdiction policing here. The DHS wants to make sure it remains the hub for a cybersecurity information sharing program.

      1. Its sad that “separate of powers” now means “more agencies than bones.”

  4. the federal government has a poor reputation when it comes to properly sharing information

    But, enough about Hillary’s email scandal.

    1. You’re stuck in the ’90s, man.

      1. Wdatpdim

        1. There’s a vast right-wing conspiracy to trick everybody into thinking that all of her business partners in the Whitewater deal went to jail, that she shouldn’t have had the FBI screening files on her political enemies, that she didn’t innocently make a zillion betting on futures (on margin) because she read a story in the Wall Street Journal, and that the horribly illegal activities she engaged in as Secretary of State weren’t simply illegal but also evidence of gross incompetence.

          1. Hillary agrees.

          2. None of that matters. Hillary’s mother was a good woman.

    2. What about the RepubliKKKan KKKlown KKKar, man?

  5. The irony of a bitter failure of a federal agency, founded in a knee-jerk response to the allegedly critical need for “better information sharing between departments”, post 9/11.. and tasked overseeing and facilitating inter- alphabet soup /LEO intelligence/information requests, that seems to have it’s doubts about another layer of bureaucratic kabuki theater.. it’s not lost on me.. nor the Chinese..

  6. http://hotair.com/archives/201…..-defender/

    I thought this had to be a hoax but it is not. The Navy won’t rule out charging the Navy officer who shot the Chatanooga shooter.

    You know at the very least his career is over. This is what progressive rule means; your duty is to meekly die at the hands of anyone from a preferred victim group who decides to kill you.

    1. Apparently, there’s an inherent righteousness and nobility in victimhood, and something we should all aspire for.. and embrace. It is the keystone in progressive politics, and failing to heed the call, and welcome your own sacrifice on the altar of proglidyte narrative dogma… is truly an unforgiveable sin…

      1. The commie… err, I mean the proggie elite know that in order to totally subjugate a people, they have to be a meek and downtrodden people. You cannot subjugate the proud, the independent, the self reliant. A group of whimpering victims on the other hand, those are easy to keep in line. Be good little peasants now and we’ll increase your ration of breadcrumbs next month.

        The proggie underclass, well they’re just ignorant fools, also known as useful idiots.

Please to post comments

Comments are closed.