How Bad Does Alleged Pro-Security Legislation Have to Be to Get DHS to Oppose It?

Federal agency sees the Cybersecurity Information Sharing Act (CISA) as harmful, not helpful.

Scott Shackford | 8.3.2015 5:00 PM

(Maxxyustas | Dreamstime.com)

Get the cyberdynamite — Credit: Maxxyustas | Dreamstime.com

Privacy experts have been warning all along that the Cybersecurity Information Sharing Act (CISA) wasn't even trading citizen privacy for security. The legislation would give private companies legal immunity for sharing customer data with the feds in order to fight cybersecurity threats, hackers, et cetera. The justification was that more information and more sharing would lead to better cybersecurity.

But cybersecurity and privacy experts insisted this was simply not the case. As Andrea Castillo explained at Reason back in May, the federal government has a poor reputation when it comes to properly sharing information and are often the target of hackers themselves (and this was written weeks before the massive hack of federal personnel data was revealed).

It turns out there is some agreement from a surprising source: the Department of Homeland Security. A government agency responsible for all sorts of prying into citizens' personal lives does have some limits. They responded to a request for information by Sen. Al Franken (D-Minn.) with a letter detailing their concerns. Franken released the letter today. Via National Journal:

In releasing the DHS letter, Franken said Monday that CISA is not yet ready for a vote. "The Department of Homeland Security's letter makes it overwhelmingly clear that, if the Senate moves forward with this cybersecurity information-sharing bill, we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives," he said in a statement.

Franken, an outspoken privacy advocate in the Senate, asked DHS last month to set out any concerns it may have with the bill's privacy, effectiveness, and efficiency. The agency identified a number of issues with the bill, including a provision that would make it difficult for the agency to anonymize incoming data and preserve Americans' privacy, and a worry that the sheer volume of information that would be shared under the law would be overpowering.

DHS has been intimately involved in cyberinformation-sharing ever since recent legislation created the National Cybersecurity and Communications Integration Center cyberthreat clearinghouse within the agency. A number of federal agencies and over a hundred private-sector companies participate in DHS's information-sharing program.

Read more here. There is a little bit of agency jurisdiction policing here. The DHS wants to make sure it remains the hub for a cybersecurity information sharing program.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Study: Yes, Student Loans Are Making College More Expensive

Hide Comments (47)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

R C Dean 10 years ago

Yeah, nothing says "information security" like "immunity for sharing information".
1. Ken Shultz 10 years ago
  
  +1
2. Fist of Etiquette 10 years ago
  
  Plus it wouldn't make them immune from market forces as consumers become increasingly aware of privacy concerns.
  1. Ken Shultz 10 years ago
    
    But how would companies know to compete to address customers' privacy concerns if the government doesn't tell them that's what customers are concerned about?
  2. fleshy wavefunction 10 years ago
    
    as consumers become increasingly aware of privacy concerns.
    
    I'm actually a little surprised/concerned that this doesn't seem to be happening. There are companies that protect your identity but very few (I actually can't think of one) have "the other guys don't care about cyber security; we do!" as a selling point.
    
    Hell, look at how few people gave a shit about the NSA revelations.
    1. Ken Shultz 10 years ago
      
      My bank sent me a new credit card the other day. Said I used my old one at a store where there had been some concerns.
      
      Said there wasn't any evidence of fraud on my account, but they were sending me a new card just to be safe.
      
      I changed my pin and passwords.
      
      I know they were just protecting themselves, but they were watching out for me, too.
      1. fleshy wavefunction 10 years ago
        
        Still vanishingly rare from what I've seen. The banks do make some effort, but what about Wal Mart going after Target over it? "If you shop at Target, criminals in EASTERN EUROPE (gross!) will get your card info and take your money!" That type of scare tactic is usually really effective, so unless the companies think their customers don't care that much, I don't see why they're not hammering that point.
        
        As you noted, your bank is probably pulling a total CYA, although it just happens to cover yours as well.
      2. Pl?ya Manhattan. 10 years ago
        
        If they were watching out for you, they would have told you which store it was so you could respond accordingly. But I'm guessing they wouldn't tell you.
    2. Fist of Etiquette 10 years ago
      
      You may not find individual customers as concerned as you'd like, but other businesses are consumers, too. Cisco, for instance, took a financial hit in the wake of the NSA scandal.
Hyperion 10 years ago

So, in totally unrelated news. I sometimes watch the news from Brazil on Globo TV. Yesterday afternoon, my wife was watching and called me over to show me something that was happening.

What's going on is that under Dilma's labor party, which has been in power for about a decade or a little more, is that public sector unions have become very powerful. They have been able to demand and get huge salary and benefits increases, as well as lifetime pensions. So much so, that it's now common knowledge there that if you want the big bucks and other things that are mostly impossible from the private sector, you go to work in government.

So now, some states and districts are unable to pay public employees. In some cases, it's looking like 50% cuts or more. So the public employee unions are having a fit and striking again.
1. Hyperion 10 years ago
  
  Being a good libertarian, I seized the moment. I said 'Honey, remember those talks we had about socialism? Well, this part right here, this is the part where they run out of other people's money'. I didn't get a 'you're right', but the look of resignation signaling 'I don't have a counter point for that' was most gratifying.
  1. Ken Shultz 10 years ago
    
    There's an unwritten rule with women, where you're never supposed to say "I told you so", and even if that goes unsaid but it becomes painfully obvious that not only was a disaster foreseeable, it was also foreseen? Then they're going to quietly hold it against you as if you'd said "I told you so" anyway.
    
    There isn't really a remedy for it. It's just the way women are. It works like that in LA. It works like that Nairobi. Over time you may start to notice that she'd rather be wrong than agree with you. I suspect that's often due to an accumulation of "I told you so"s--both said and unsaid.
    
    You want to avoid that.
    
    Next time it becomes obvious that she was wrong about something, you might try to pretend you don't notice. And if she brings it up, maybe change the subject to something she was right about once.
    1. Hyperion 10 years ago
      
      Oh, trust me, my gratification was not shown. She may have been somewhat aware of it, but she didn't say anything. Sure I'll be punished at a future date for not picking my socks up from the bedroom floor or some other non-aggression. Well, sounds like you know how it works.
  2. Mrs. Lemuel Struthers 10 years ago
    
    As a secondary point: Brazil's is a commodity dependent economy (they export commodities just like Canada and Australia). As demand was destroyed in the consumer economies (US and Europe) and manufacturing economies (China, German) slowed, demand for commodities collapsed. The slow down in Brazil will be deep and permanent. They are in for a long term shit-storm. Plan accordingly.
    1. Hyperion 10 years ago
      
      Meh, that's a bold prediction. Brazil is a huge country and has a lot of resources to exploit. I sure hope not, and I think that if they can rid themselves of this shit labor party, they will come out of this funk. If not, yeah, it's not going to get any better.
2. R C Dean 10 years ago
  
  So now, some states and districts are unable to pay public employees. In some cases, it's looking like 50% cuts or more. So the public employee unions are having a fit and striking again.
  
  Well, the states and districts don't want them working anymore, and neither do they.
  
  Sounds like they are in agreement on that much, at least.
  
  "Thank you, comrade, for heroically sacrificing your lucrative public employment for the good of the collective. Your devotion to the community will not be forgotten. In recognition of your public-spirited act, you will find enclosed a souvenir 1 trillion Venezuelan bolivar banknote."
  1. Ken Shultz 10 years ago
    
    Again back to my perennial libertarian conundrum: what do we do with all the useless ex-government employees once they're fired?
    
    Nobody in their right mind would hire them.
    
    They have terrible attitudes, ridiculous expectations, and no sense of initiative or personal responsibility. Why would you hire someone like that when you could just hit yourself in the head instead?
    1. fleshy wavefunction 10 years ago
      
      Good question.
      
      Universities? University administrations are always hiring and it's not like another 50% dead weights are going to muck up the system.
    2. Hyperion 10 years ago
      
      Guaranteed minimum income. Really, I don't know what else the solution could be. Most of these people are not used to actually working, don't want to, and won't. So just pay them (less obviously) to go home and do nothing.
      1. fleshy wavefunction 10 years ago
        
        Ok, that's got me thinking... The government promises any company that will hire the (ex)employee 3 months free salary (the government continues to pay the employee their original wage). Make it 3 strikes. The employee can bounce to 3 different companies, being fired each time, before they are no longer supported by the program. If they don't learn their lesson, fine! There will be a ~9 month glut of cheap labor and then it's over.
      2. Ken Shultz 10 years ago
        
        That's what I think, too.
        
        Considering the costs to society of the Drug War, for instance, paying them to stop hurting people is better than paying them to hurt people, isn't it?
        
        Give them their pension early to go home and do nothing.
        
        Ken Shultz 10 years ago
        
        It'll make government employees less resistant to libertarian solutions, too. They resist us and hate us because they wouldn't have any means to support themselves in a more libertarian society.
        
        The police union owns Chicago, and they're not just giving it away libertarians. If we want people to do something, we need to offer them something better than what they have now.
        
        A lot of those lazy fucks would rather not have to get up in the morning, get dressed, and go clock in.
        
        Hyperion 10 years ago
        
        Can we apply that to congress as well?
    3. Paul. 10 years ago
      
      what do we do with all the useless ex-government employees once they're fired?
      
      Why do "we" have to do anything with them? Within a generation or two, they'll have learned to adapt to the free market. What's the problem?
      1. Hyperion 10 years ago
        
        If not for stupid politicians promising shit they can't keep delivering in exchange for votes, we wouldn't have this problem.
        
        You have to know, unless you are completely retarded that when public employee, paid for by tax payers, salaries are 2-3x what they would get in the private sector that something is very fucking wrong.
        
        Hyperion 10 years ago
        
        Well, ok, originally I was talking about Brazil. But the USA is heading in exactly this same direction. It will take a little longer, but the result will be the same. Running out of other peoples money is like a basic law of physics, there's no way around it.
      2. Ken Shultz 10 years ago
        
        In the mega cities in the Northeast, where the Democratic machines control everything, and the machines are controlled, especially, by the police union, they're not about to let the Drug War go. It's too much of a money maker for them.
        
        Look at Christie.
        
        They're not about to legalize recreational marijuana in New Jersey anytime soon--even if the Supreme Court ruled they could and the feds had to support it.
        
        You're simply not going to get any public union to commit suicide. It works the same way with public school privatization. The unions have control of the levers of state, and they're going to continue to pull them to their own advantage. They have all the cards. So how do you get them to cooperate instead of resisting libertarian solutions?
        
        You have to offer them something better than what they have now.
        
        And paying them to stay home instead of poorly educate students is probably worth it.
        
        You're probably paying them less to stay home than they're earning now, too.
        
        Hyperion 10 years ago
        
        Yeah, until they run out of money. You can only tax an economy so much. Then there's going to be some good ol European style austerity. This cannot be resolved by tax hikes only. The Democrats who keep saying we can keep this going through tax hikes only, are either lying or stupid.
        
        croaker 10 years ago
        
        I prefer showing them the woodchipper and letting them decide their own path.
    4. Chippy Chippie ?ang Bang 10 years ago
      
      It's time for The Pension Games!
      
      In exactly one year a fund worth One Billion (US) will be divided amongst any living current or retired government workers.
      
      It might start out slow, but as the months go by things will get more frantic and the last month will just be kee-razy!
  2. Paul. 10 years ago
    
    In recognition of your public-spirited act, you will find enclosed a souvenir 1 trillion Venezuelan bolivar banknote."
    
    Or 1/2 a roll of toilet paper.
    1. Paul. 10 years ago
      
      *whichever value is greater.
3. Paul. 10 years ago
  
  So you're saying Brazilian women will be more... pliable to foreign men bearing toilet paper?
  1. Hyperion 10 years ago
    
    Dollars will work well. Almost 4 - 1 against the REAL now. When I go there next time, I'm gonna feel like a real fat cat. Thanks, Dilma.
Fist of Etiquette 10 years ago

It turns out there is some agreement from a surprising source: the Department of Homeland Security. A government agency responsible for all sorts of prying into citizens' personal lives does have some limits.

Yeah, no. There's something else in the legislation DHS sees that we apparently don't. Somehow it weakens not just privacy but the department itself.
1. Wasteland Wanderer 10 years ago
  
  FTFA:
  
  There is a little bit of agency jurisdiction policing here. The DHS wants to make sure it remains the hub for a cybersecurity information sharing program.
  1. R C Dean 10 years ago
    
    Its sad that "separate of powers" now means "more agencies than bones."
Rich 10 years ago

the federal government has a poor reputation when it comes to properly sharing information

But, enough about Hillary's email scandal.
1. Ken Shultz 10 years ago
  
  You're stuck in the '90s, man.
  1. AlmightyJB 10 years ago
    
    Wdatpdim
    1. Ken Shultz 10 years ago
      
      There's a vast right-wing conspiracy to trick everybody into thinking that all of her business partners in the Whitewater deal went to jail, that she shouldn't have had the FBI screening files on her political enemies, that she didn't innocently make a zillion betting on futures (on margin) because she read a story in the Wall Street Journal, and that the horribly illegal activities she engaged in as Secretary of State weren't simply illegal but also evidence of gross incompetence.
      1. fleshy wavefunction 10 years ago
        
        Hillary agrees.
      2. Hyperion 10 years ago
        
        None of that matters. Hillary's mother was a good woman.
2. Hyperion 10 years ago
  
  What about the RepubliKKKan KKKlown KKKar, man?
Pathogen 10 years ago

The irony of a bitter failure of a federal agency, founded in a knee-jerk response to the allegedly critical need for "better information sharing between departments", post 9/11.. and tasked overseeing and facilitating inter- alphabet soup /LEO intelligence/information requests, that seems to have it's doubts about another layer of bureaucratic kabuki theater.. it's not lost on me.. nor the Chinese..
John 10 years ago

http://hotair.com/archives/201.....-defender/

I thought this had to be a hoax but it is not. The Navy won't rule out charging the Navy officer who shot the Chatanooga shooter.

You know at the very least his career is over. This is what progressive rule means; your duty is to meekly die at the hands of anyone from a preferred victim group who decides to kill you.
1. Pathogen 10 years ago
  
  Apparently, there's an inherent righteousness and nobility in victimhood, and something we should all aspire for.. and embrace. It is the keystone in progressive politics, and failing to heed the call, and welcome your own sacrifice on the altar of proglidyte narrative dogma... is truly an unforgiveable sin...
  1. Hyperion 10 years ago
    
    The commie... err, I mean the proggie elite know that in order to totally subjugate a people, they have to be a meek and downtrodden people. You cannot subjugate the proud, the independent, the self reliant. A group of whimpering victims on the other hand, those are easy to keep in line. Be good little peasants now and we'll increase your ration of breadcrumbs next month.
    
    The proggie underclass, well they're just ignorant fools, also known as useful idiots.

Please log in to post comments

Latest

Why the Wilson Center Had To Go—From a Former Employee

Seattle Schools Surveyed Students on Mental Health. Then Parents Discovered the Data Weren't Secure.

Brickbat: Bus Stop and Go

'Libertarian' Gov. Jared Polis Signs 'Restrictive' Gun Law and Booze Ban

Salvadoran President Says He Won't Return Kilmar Abrego Garcia

Recommended

Login Form