U.S. Government Has Been Planning to ‘Lockdown and Wait for a Vaccine’ Since 2007
BY WILL JONES | THE DAILY SCEPTIC | DECEMBER 13, 2022
More and more evidence is coming to light that the ‘lockdown and wait for a vaccine’ strategy unleashed in 2020 was being cooked up inside the U.S. Government for decades before COVID-19 appeared and gave too many people an excuse to put the dreadful plan into action.
Recently the role of CISA (Cybersecurity and Infrastructure Security Agency) in producing key lockdown guidance for America in March 2020 came to light.
Now, a pandemic plan from 2007 produced by the National Infrastructure Advisory Council (NIAC) and currently hosted on the CISA website has emerged.
The plan contains the original list of pandemic ‘essential businesses’ that was used by CISA in 2020 to lock down America. The 2007 plan (which was itself based on a Department of Homeland Security plan from the previous year) clearly states the intention to ban large gatherings “indefinitely”, close schools and non-essential businesses, institute work-from-home, and quarantine exposed and not just sick individuals. The aim is simple and clear: to slow the spread to wait for a vaccine.
During a pandemic, the goal will be to slow the virus’ transmission; delaying the spread of the virus will provide more time for vaccine development while reducing the stress on an already burdened healthcare system.
Here’s the relevant section of the 2007 NIAC plan in full.
2006 and 2007 were a turning point in U.S. biodefence planning. Prior to 2006, such planning had been focused on biological attacks, but after that point major mission creep set in and the new draconian ideas were applied wholesale to general pandemic planning. This controversial switch in focus so riled leading U.S. disease expert D.A. Henderson, who had been involved with the project up to that point, that he issued his famous riposte objecting in the strongest terms to the new ideas. He and his fellow dissenters wrote, presciently:
Experience has shown that communities faced with epidemics or other adverse events respond best and with the least anxiety when the normal social functioning of the community is least disrupted. Strong political and public health leadership to provide reassurance and to ensure that needed medical care services are provided are critical elements. If either is seen to be less than optimal, a manageable epidemic could move toward catastrophe.
I’m told by someone who was involved with the programme in the early days that the original biodefence planning in 2002-2003 assumed a targeted biological weapons attack with smallpox as the viral case and anthrax as the bacterial case – both considered worst case scenarios. It was recognised that the old smallpox vaccine was too risky to try to use on a wider population to protect them if such an attack occurred, thus the effort for a new vaccine. But very quickly, within a year or two (not least due to the SARS outbreak in 2003), there was a massive expansion of the original mission and suddenly every infectious agent, whether dangerous or not, was cast into the web of biodefence.
Outside the U.S. there was more resistance to this kind of totalitarian nonsense. However, even the 2019 World Health Organisation pandemic guidance bears many of its marks. While this guidance commendably did not recommend “in any circumstances” contact tracing, border closures, entry and exit screening and quarantine of exposed individuals, it did make conditional recommendations for use of face masks by the public, school and workplace closures and “avoiding crowding” i.e., social distancing.
The purpose was also the same: to ‘flatten the curve’ to wait for a vaccine, as illustrated in the diagram below. The WHO guidance states: “NPIs are often the most accessible interventions, because of the time it takes to make specific vaccines available”; “specific vaccines may not be available for the first six months”; NPIs are “used to delay the peak of the epidemic… allowing time for vaccines to be distributed”.
These untested ideas, which the WHO’s own guidance rightly admitted had no good quality evidence to support them, have now become a terrible orthodoxy for global pandemic response. This is despite them utterly failing to achieve any of their goals – a point that no one who backs them seems to have noticed.
Somehow, the world must learn the right lessons from this debacle. Yet it keeps threatening to learn all the wrong ones.
Fauci forced to testify on social media censorship
Samizdat | October 22, 2022
The White House’s chief medical advisor, Anthony Fauci, and other senior officials are set to be deposed under oath as part of a lawsuit claiming the government worked alongside social media platforms to create a “massive censorship enterprise” throughout the Covid-19 outbreak.
In a Friday ruling, Judge Terry Doughty granted a joint request from the attorneys general of Missouri and Louisiana to compel several current and former officials to testify in the suit, among them Fauci, ex-White House press secretary Jen Psaki, Director of White House Digital Strategy Rob Flaherty, Surgeon General Vivek Murthy and two high-level figures from the FBI and Department of Homeland Security (DHS).
“After finding documentation of a collusive relationship between the [Joe] Biden administration and social media companies to censor free speech, we immediately filed a motion to get these officials under oath,” Missouri AG Eric Schmitt said in a statement. “It is high time we shine a light on this censorship enterprise and force these officials to come clean to the American people, and this ruling will allow us to do just that. We’ll keep pressing for the truth.”
While the defense insisted that senior officials can only be called to testify about their actions in office under “extraordinary circumstances,” Judge Doughty said the personnel in question met that standard. He added that the two GOP-led states “have proven that Dr. Fauci has personal knowledge about the issue concerning censorship across social media as it related to Covid-19,” ordering him to cooperate with a deposition.
Requests to depose the other officials were granted on similar grounds, as the judge concluded all either held direct meetings with social media firms about the purported censorship, or had close knowledge of those discussions.
Jen Easterly, who heads up the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) was also ordered to testify. She played a “central role” in “flagging misinformation to social-media companies for censorship,” the plaintiffs argued, describing the cyber agency the “nerve center” of “the federal government’s efforts to censor social media users.” The same official was said to be involved in the DHS’ now-defunct ‘Disinformation Governance Board’ – dubbed the ‘Ministry of Truth’ by critics – which would have created a new mechanism to facilitate cooperation between the White House and social media sites.
Initially filed last May by Schmitt and Louisiana Attorney General Jeff Landry, the lawsuit claims the federal government encouraged online platforms to censor, delete or ban certain speech about the pandemic, including discussion of the “lab leak theory of Covid-19’s origin,” as well as questions about the effectiveness of face masks, vaccines or lockdown policies, among other issues. The two AGs have largely relied on documents obtained through subpoenas of YouTube, Twitter and Facebook’s parent firm Meta, which detail regular communications between the government and social media sites.
The White House, as well as the eight officials ordered to testify, have yet to comment on Friday’s ruling. The depositions must take place within 30 days of the order, though it remains unclear whether the defense intends to appeal the decision.
FBI and CISA tell people to flag “misinformation” to social media platforms
By Cindy Harper | Reclaim The Net | October 8, 2022
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have put out a warning about foreign actors pushing 2022 midterm election “misinformation,” encouraging people to flag “disinformation” to social media platforms.
“If appropriate, make use of in-platform tools offered by social media companies for reporting elections related disinformation,” the report, released by CISA reads.
We obtained a copy of the report for you here.
The FBI has warned about election-related disinformation being promoted by operatives for the Chinese and Russian governments ahead of the midterm elections in November.
The disinformation involves amplifying conversations that Americans are already having on social media, not creating new content, an official from the FBI’s Foreign Influence Task Force told the press.
The FBI is currently being sued for withholding records of communications with Facebook about the Hunter Biden laptop story during the last presidential election.
In an appearance on Joe Rogan’s podcast in August, Meta CEO Mark Zuckerberg said that before the 2020 election, the FBI warned Facebook about Russian propaganda.
“The background here is that the FBI came to us – some folks on our team – and was like, ‘Hey, just so you know, you should be on high alert. We thought there was a lot of Russian propaganda in the 2016 election, we have it on notice that basically there’s about to be some kind of dump that’s similar to that,’” he said.
The FBI did not explicitly mention the laptop story but Facebook thought the story fit the pattern that the federal agency described and decided to limit the reach of the story.
The Russian influence operations are, according to the report, more substantial compared to China. However, China has been accused of “Russian-style influence activities” by leveraging the political divisions in the US. The FBI official noted that Facebook recently deleted accounts allegedly created by Chinese operatives that shared memes mocking Senator Marco Rubio (R-FL) and President Joe Biden.
An official from the FBI’s Cyber Division said no hacking campaigns are targeting the midterms. However, the bureau is “concerned that malicious actors could seek to spread or amplify false or exaggerated claims of compromises to election infrastructure. The official added that “It’s important for all Americans to understand that claims of cyber compromises will not prevent them from being able to vote.”
Privacy advocates blast ‘surveillance bill in disguise’ after CISA tucked into spending deal
RT | December 17, 2015
Under the cover of a late-night session of Congress, House Speaker Paul Ryan announced a new version of the “omnibus” federal government funding bill that includes a version of the Cybersecurity Information Sharing Act, outraging privacy advocates.
The new version combines three bills, two passed by the House, and one – the Cybersecurity Information Sharing Act (CISA) – that had already passed the Senate by a vote of 74 to 21.
A long-standing critic of government overreach in surveillance, Senator Ron Wyden (D-Oregon), who voted against the Senate bill, issued a statement on Wednesday stating that it was a “bad bill when it passed” and “worse bill today.”
“Americans deserve policies that protect both their security and their liberty. This bill fails on both counts,” said Wyden, adding that “cybersecurity experts say CISA will do little to prevent major hacks and privacy advocates know that this bill lacks real, meaningful privacy protections.”
Under the latest version, the bill creates the ability for the president to set up “portals” for agencies like the FBI and the Office of the Director of National Intelligence so that companies can hand information about potential threats directly to law enforcement and intelligence agencies instead of the Department of Homeland Security. It allows for more data sharing between the public and private sector while shielding companies from liability.
It also changes the criteria for when information shared for cybersecurity reasons can be used in law enforcement investigations. Previously, the backchannel use of data could only occur in cases of “imminent threats,” while the new bill requires just a “specific threat.”
The Electronic Frontier Foundation has strongly opposed cybersecurity bills over the past five years. In a statement, it said they did nothing to address the real problems the government faces, “like computer data breaches that are caused by unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.”
Other advocacy groups, such as Fight for the Future, have previously referred to the bill as “a surveillance bill in disguise.”
The group’s campaign director, Evan Greer, called it “a disingenuous attempt to quietly expand the U.S. government’s surveillance programs.”
“Congress has failed the Internet once again,” she added, “now it’s up to President Obama to prove that his administration actually cares about the Internet. If he does he has no choice but to veto this blatant attack on Internet security, corporate accountability, and free speech.”
The bills were opposed not just by privacy advocates, but also civil society organizations, computer security experts, and many Silicon Valley companies. In April, a coalition of 55 civil groups and security experts signed an open letter opposing an earlier version of CISA.
The Department of Homeland Security itself warned in July that the bill could overwhelm the agency with data of “dubious value,” while at the same time “sweep[ing] away privacy protections.”
The EFF also said the CISA bill has no place in the federal budget package, a point shared by the Open Technology Institute (OTI).
“They’re kind of pulling a Patriot Act,” Robyn Greene, police counsel of OTI, told Wired. “They’ve got this bill that’s kicked around for years and had been too controversial to pass, so they’ve seen an opportunity to push it through without debate. And they’re taking that opportunity.”
EFF Disappointed as CISA Passes Senate
By Mark Jaycox | EFF | October 27, 2015
CISA passed the Senate today in a 74-21 vote. The bill is fundamentally flawed due to its broad immunity clauses, vague definitions, and aggressive spying authorities. The bill now moves to a conference committee despite its inability to address problems that caused recent highly publicized computer data breaches, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.
The conference committee between the House of Representatives and the Senate will determine the bill’s final language. But no amount of changes in conference could fix the fact that CISA doesn’t address the real cybersecurity problems that caused computer data breaches like Target and the U.S. Office of Personnel Management (OPM).
The passage of CISA reflects the misunderstanding many lawmakers have about technology and security. Computer security engineers were against it. Academics were against it. Technology companies, including some of Silicon Valley’s biggest like Twitter and Salesforce, were against it. Civil society organizations were against it. And constituents sent over 1 million faxes opposing CISA to Senators.
With security breaches like T-mobile, Target, and OPM becoming the norm, Congress knows it needs to do something about cybersecurity. It chose to do the wrong thing. EFF will continue to fight against the bill by urging the conference committee to incorporate pro-privacy language. And we will never stop fighting for lawmakers to either understand technology or understand when they need to listen to the people who do.
‘No customer oversight’: Dreaded cybersecurity bill CISA is back
RT | October 21, 2015
After a delay, cybersecurity legislation dreaded by privacy advocates and relentlessly pursued by national security officials, known as CISA, will get a vote on the Senate floor “in a couple of days,” a top sponsoring senator anticipates.
The Cybersecurity Information Sharing Act of 2015, also known as CISA, is as polarizing as it is close to a vote. It finally hit the Senate floor for debate on Tuesday, with top sponsor Senator Richard Burr (R-North Carolina) highlighting its necessity because “actors around the world continue to attack US systems, and in many cases penetrate it.”
Under the bill, private companies would have increased liability protection with respect to collecting American’s personal data that could potentially be related to security threats. It would also make it easier for them to share such data with the government, including departments like the National Security Agency.
Prominent CISA opponent and privacy advocate, Senator Ron Wyden (D-Oregon), challenged Burr, who chairs the Select Committee on Intelligence, on one argument in particular.
“He said that the most important feature of the legislation is that it’s voluntary. The fact is, it is voluntary for companies. It will be mandatory for their customers,” Wyden said, “and the fact is the companies can participate without the knowledge and consent of their customers, and they are immune from customer oversight and lawsuits if they do so.”
In many cases, customers have been able to nudge companies from a pro to a con position on CISA. In one instance last month, the Business Software Alliance (BSA) sent a letter to legislators, in part calling for “cyber threat information sharing legislation” granting them immunity so that they could “more easily share that information voluntarily.” However, after Fight for the Future, an internet freedom advocacy group, set up YouBetrayedUs.org to criticize the organizations, the BSA changed its tune.
The BSA, which includes Apple, IBM, and Microsoft, now opposes CISA, as does the Computer and Communications Industry Association, which includes Google, Facebook, and Amazon. Reddit, Wikimedia, Twitter, and Yelp have also released anti-CISA statements.
“Leading security experts argue that CISA actually won’t do much, if anything, to prevent future large-scale data breaches such as the federal government has already suffered, but many worry it could make things worse, by creating incentives for private companies and the government to widely share huge amounts of Americans’ personally identifiable information that will itself then be vulnerable to sophisticated hacking attacks,” added the American Library Association in a press release.
The discussion on CISA comes after a stall in the Senate’s schedule before its August recess. Lawmakers agreed to delay a vote on the bill when it became clear that senators had many amendments to submit, some of which included so-called “riders,” or unrelated issues, such as Senator Rand Paul’s (R-Kentucky) amendments to audit the Federal Reserve and defund “sanctuary cities.” At least 22 amendments will be given a chance to be added to CISA before a final passage vote.
Burr optimistically told The Hill that “a couple of days” was all that was needed to get to a final vote on CISA. He may have overshot, however, because there could be a scrimmage over amendments despite his efforts. Burr, with support of other Senate leaders, has managed to combine eight amendments into a legislative package he shares with CISA co-sponsor Senator Dianne Feinstein (D-California), but the grouping includes only one of Wyden’s two amendments.
Wyden told reporters that the one he feels “most strongly about” hadn’t been included. It would have provided a review system for deleting private info before data gets passed on to the government. The Wyden amendment that was included in the bill only requires that people be notified when their data is inappropriately shared.
Although no vote has been scheduled yet, Senate Majority Leader Mitch McConnell (R-Kentucky) is trying to end debate by Thursday. Beyond CISA, the Senate has an ambitious to-do list. It will decide whether to extend government spending beyond September 30, address the Iran nuclear deal, and fund highways and transportation systems in a comprehensive bill.
Amendments to CISA “Cybersecurity” Bill Fail in All Regards
By Mark Jaycox | EFF | September 1, 2015
Although grassroots activism has dealt it a blow, the Senate Intelligence Committee’s Cybersecurity Information Sharing Act (CISA) keeps shambling along like the zombie it is. In July, Senator McConnell vowed to hold a final vote on the bill before Congress left for its six-week long summer vacation. In response, EFF and over 20 other privacy groups ran a successful Week of Action, including over 6 million faxes opposing CISA, causing the Senate to postpone the vote until late September.
Senators submitted many amendments to the bill before going on vacation. The amendments, like the original language of the bill, fail to address key issues like the deep link between these government “cybersecurity” authorities and surveillance, as well as the new spying powers the bill would grant to companies.
But “cybersecurity” is already intimately tied to surveillance—a problem CISA would only worsen. Documents released by the New York Times reveal the government used the Comprehensive National Cyber Security Initiative (CNCI) to pay telecommunications companies to spy on consumers using their networks. The CNCI includes initiatives for information gathering, but it’s always been presented to the public as fostering research and encouraging public awareness of cybersecurity problems—not spying on Americans’ Internet traffic.
The revelations are stunning. The NSA paid telecommunications companies nearly $300 million dollars in the 2010 fiscal year to invest in surveillance equipment as part of the CNCI. In fact, STORMBREW’s Breckenridge site was “100% subsidized with CNCI funding.”
In contrast, the DHS only requested $37.2 million during the same time period to support research and development in cybersecurity science and technology. Even if DHS received what it requested, does the American public really want surveillance to outweigh research and education 10 to 1?
The news is compounded by other recently-released Snowden documents that show how the NSA uses foreign intelligence laws to run an intrusion defense system (IDS) on US soil. The documents show that a Justice Department memo gave the agency permission to monitor Internet cables, “without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware.”
CISA—and its amendments—do not even begin to address these serious problems. Instead, they mandate information sharing with the intelligence community, creating even more cyberspying.
EFF will continue to oppose CISA—even if some of these amendments pass—because CISA’s vague definitions, broad legal immunity, and new spying powers allow for a tremendous amount of unnecessary damage to users’ privacy, and it’s highly unlikely that the public will learn about it. Even an amendment (#2612) offered by by Senator Al Franken, which narrows some of the definitions in CISA, does little to clarify its most troubling provisions.
What’s worse is that information-sharing bills like CISA are being painted as silver bullets to data breaches. They aren’t. The bills don’t address problems like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.
Awful Amendments
Plenty of the amendments would make the bill even worse. We’ve already discussed the horrible CFAA amendment, #2626, proposed by Senator Sheldon Whitehouse. The amendment not only increases the scope of the already expansive Computer Fraud and Abuse Act (CFAA) but also authorizes injunctions against botnets (amending 18 U.S.C. § 1345) in a way that creates serious constitutional issues. After all, much of what DOJ and FBI want to do in shutting down botnets is, arguably, a search or a seizure under the Fourth Amendment; moreover, such injunctions may prevent users from communicating, thus raising First Amendment issues. The amendment is a great example of how not to amend the draconian CFAA. If the Senate wants to improve the CFAA, it should take a page out of our book.
Senator Carper has proposed another dubious change to CISA, amendment #2627. The bill attempts to codify the Department of Homeland Security’s EINSTEIN program without any public debate. EINSTEIN is an intrusion detection system—the parent of which was created by the NSA—to scan incoming Internet traffic to the federal government like emails and other connections. DHS has not told the public what agencies are using EINSTEIN. It’s possible that when you email your representative, DHS may also receive a copy. Before codifying EINSTEIN, DHS must be more transparent about the program. The most recent update from DHS about the program is from 2013, and many concerns have been raised about EINSTEIN’s legality and privacy implications. Unlike CISA, Senator Carper’s amendment mandates federal agencies create a plan to identify sensitive information and encrypt it; however, the clause exempts the Department of Defense and the intelligence community. Nor does the amendment authorize additional funding for federal agencies to improve security.
Senator Carper’s attempt to make a horrible bill marginally better is admirable, but he—along with other Senators—should oppose the bill. Even the best amendments fail to fix CISA’s serious flaws.
Not Awful Amendments
Some of the amendments try to narrow the scope of the bill. Senator Chris Coons’ amendment #2552 would limit information sharing to that necessary to describe or identify a cybersecurity threat, while Senator Wyden’s amendment (#2621) would require companies and the government to remove personal information unrelated to the threat.
But these well-meaning changes don’t address the root problems in the bill: the outrageously broad and vague definition of “cybersecurity threat” and the granting of new authorities to spy on users. Senator Franken’s amendment #2612 attempts to address that definition, but even his amendment isn’t enough. Again, no amendment scales back the two new authorities to spy on users and launch countermeasures in the bill.
Other amendments are better, including Senator Patrick Leahy’s #2587, which would remove the current CISA provision exempting all “cyber threat indicators and defensive measures” received by the government from disclosure under the Freedom of Information Act and may help ensure the public can obtain information about how, if CISA is enacted into law, the information “sharing” system actually operates; Senator Jeff Flake’s 6-year sunset (#2582); and, Senator Mike Lee’s email privacy amendment (#2556), which would codify US v. Warshak by amending the Electronic Communications Privacy Act to require warrants for email and other stored content.
While some advocates will paint these amendments as “steps forward,” the amendments merely shuffle deck chairs on the Titanic—even with the better amendments, the bill is still a bad idea. The Senators are going about the wrong strategy. Democrats and libertarian Republicans should be opposing CISA outright. That’s why we’re asking users to continue emailing their Senators to stop this bill. While CISA is the very definition of a zombie bill, the public outcry against it has made a difference. But we can’t stop now. Join us by tweeting, faxing, or emailing your Senator.
Obama Administration Supports Privacy-Invasive “Cybersecurity” Bill
By Mark Jaycox | EFF | August 20, 2015
Right before Congress left for its annual summer vacation the Obama Administration endorsed the Senate Intelligence Committee’s Cybersecurity Information Sharing Act (CISA). EFF opposes the bill because its vague definitions, broad legal immunity, and new spying powers allow for a tremendous amount of unnecessary damage to users’ privacy. Just last week the Department of Homeland Security agreed and criticized CISPA for its lack of privacy protections. More importantly, CISA fails to address the causes of the recent highly publicized data breaches.
The Obama administration’s endorsement is a complete reversal from its previous stance on privacy-invasive cybersecurity bills. In 2012, the White House published a detailed two-page veto threat against CISA’s antecedent, the Cybersecurity Information Sharing and Protection Act (CISPA). In the letter the Administration noted CISPA:
lacks sufficient limitations on the sharing of personally identifiable information between private entities
and that it would
inappropriately shield companies from any suits where a company’s actions are based on cyber threat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life.
The same is true of CISA, which is why the Administration should’ve vetoed the bill. Like CISPA, CISA
- Adds a new authority for companies to monitor information systems to protect an entity’s hardware or software.
- Fails to mandate companies and the government remove unrelated personal information before sharing it with government agencies like the NSA.
- Grants broad legal immunity to companies for sharing more private information with the government than they’re currently permitted to do.
Lastly, CISA, like CISPA, doesn’t address problems identified by recent data breaches like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.
The administration has invested immense capital into looking strong on cybersecurity since January. And instead of publishing another veto threat, the White House Press Secretary urged the Senate to pass CISA. There was no deep analysis as in 2012. There was no explanation about CISA’s own privacy problems. And there was no acknowledgement about the White House’s sudden change in position.
Even though the President wants to sign the bill, the Senate must pass CISA first. Privacy advocates have defeated these “cybersecurity bills” five times in the past five years. In July, users and privacy advocates postponed a vote on CISA after sending over 6 million faxes opposing CISA to Senators during a Week of Action. Unfortunately, the vote was only postponed to mid-September when Congress gets back from vacation.
We must continue the pressure on the Senate to stop this bill. Please join us in continuing to tell our Senators to say no to CISA.
A Surveillance Bill by Any Other Name Smells Just As Foul
By Nathaniel J. Turner | ACLU | July 28, 2015
An impressive coalition has formed to oppose a new surveillance bill masquerading as cybersecurity legislation.
Privacy and civil liberties organizations, free market groups, and others from across the political spectrum are joining this week in a common chorus call: Stop CISA.
Proponents of CISA — the Cybersecurity Information Sharing Act — claim the Senate bill would help prevent cyber-crimes by improving information sharing between the government and the private sector. But in reality, CISA only succeeds in expanding government surveillance and weakening privacy while making Americans less secure online. The bill as drafted would have done nothing to stop the high-profile breaches at Sony, Anthem, and, most recently, the Office of Personnel Management, which holds terabytes of sensitive information about millions of government employees.
For several years, certain elements of the business community and national security hawks in Congress have pressed for legislation like CISA. In April, the House passed a package of similar cybersecurity information sharing bills, which were opposed by the ACLU and bevy of other privacy and civil liberties groups, but were in some ways dramatically better than the bill now pending in the Senate.
CISA’s vague language and expansive definitions will give the government new ways to collect and use the personal information and communications of innocent Americans, all without a warrant or any review by an independent court or overseer. CISA would allow companies to share information with the government relating to a “cybersecurity threat,” a term defined so broadly in the bill that it could include huge swaths of emails and text messages. The handover of user information under CISA would be permitted even if otherwise prohibited by existing data privacy laws, like the Electronic Communications Privacy Act. The law would also give companies broad legal protections even if they improperly share consumer data.
And, perhaps unsurprisingly, the information shared by companies would automatically be forwarded to numerous intelligence, military, and law enforcement agencies, including the NSA and FBI.
Once in the government’s hands, CISA allows for the shared information to be used in garden-variety law enforcement cases that have nothing to do with cybersecurity. For example, the government could use private emails and messages received from communications providers like Comcast, Facebook, Google, or Verizon to investigate and prosecute whistleblowers who report serious misconduct to the press. That’s a serious concern given that the Obama administration has already prosecuted more national security whistleblowers than all other administrations combined.
As an added bonus for government snoopers, CISA also includes a new exemption to the Freedom of Information Act, which will make it harder for groups like the ACLU to obtain documents from the government to determine how it is using — or misusing — the shared information. That means, for example, that it could be nearly impossible for us to find out how much private information is flowing from companies to the government or how the government is using it.
And despite CISA’s promise to open the floodgates for private information to flow to the government without any privacy protections, it fails at actually delivering better cybersecurity. As we learned with the hack at the OPM, the government is not a reliable guarantor of data security. Hackers were able to access the personal information of millions of Americans — including Social Security numbers, birthdates, and records about citizens’ finances, health, associations, and even sexual orientation—that applicants for security clearances must disclose to the government. All that additional information would make the government an even more desirable target for cybersnoops and cybercrooks.
CISA is more than just a bad solution to a serious problem. It would actually make cybersecurity worse while compromising basic democratic protections for personal privacy. The Senate must reject this surveillance bill. But if it decides to send this travesty to the president, he should veto the bill, consistent with his past threats against similarly atrocious bills.
Do your part to Stop CISA.
Analog resistance: Activists protest CISA by faxing Congress
RT | July 28, 2015
Privacy activists are flooding Congress with messages of opposition to the cyber surveillance bill due to be considered by the Senate, using faxes rather than emails in order to poke fun at lawmakers’ antiquated understanding of technology and privacy.
Fight for the Future, a nonprofit fighting for privacy and against government surveillance, has set up a page dubbed “Operation: Fax Big Brother,” which lets anyone generate and customize a fax protesting the Cybersecurity Information Sharing Act (CISA). Each fax is then sent to all 100 Senators. The group has not said how many faxes have been sent so far.
CISA sailed through the Senate Intelligence Committee in March, with Oregon Democrat Ron Wyden being the sole dissenter. Senate is expected to take up a vote on the bill before the August 7 recess. A similar proposal, known as CISPA, was approved by the House of Representatives in 2013 but died in the Senate after public opposition compelled President Barack Obama to threaten a veto.
“Groups like Fight for the Future have sent millions of emails, and they still don’t seem to get it,” Evan Greer, the group’s campaign manager, told the Guardian. “Maybe they don’t get it because they’re stuck in 1984, and we figured we’d use some 80s technology to try to get our point across.”
According to the group, since 2012 civil liberties activists have sent hundreds of thousands of calls and tweets and over 2.6 million emails to Congress opposing overreaching cybersecurity laws. However, the fax stunt does not just have publicity value. Lawmakers often use analog technology like faxes and pagers in order to hide their digital tracks from Freedom of Information Act (FOIA) inquiries, claims a Senate staffer who spoke to the Guardian.
Sponsored by Senator Dianne Feinstein, a California Democrat, CISA seeks to enlist the support of corporations in collecting user data in the name of cybersecurity, providing them with liability protection if they share the data with federal agencies such as the NSA. Once they have the data, federal agencies would be able to share it freely with each other. What’s more, information shared with the government by the companies will be specifically exempt from FOIA disclosures.
Gabe Rottman, a legislative counsel with the American Civil Liberties Union, described the bill as a “new and vast surveillance authority that might as well be called Patriot Act 2.0 given how much personal information it would funnel to the NSA.”
The US Chamber of Commerce and a number of major corporations are backing the bill. In addition to Facebook and Google, Comcast and AT&T also favor CISA, as do Bank of America and Blue Cross Blue Shield Association.
Proponents of CISA have cited a spree of data breaches over the past year, from corporations such as Sony and healthcare provider Anthem to government agencies including the Department of State and Office of Personnel Management (OPM), as a reason to beef up cybersecurity. Critics have countered that CISA is not doing anything to protect networks from threats, and everything to vacuum up Americans’ data.
“With all these breaches, there’s a lot of fearmongering going on in DC,” says Fight for the Future’s Greer. “They just say: ‘This is a problem – we’ve got to do something!’ And this is the something they’re going to do. It’s not just that this won’t fix things – it’ll make them worse. And it’ll give sweeping legal immunity to some of the largest companies in the world and open us all up to new forms of surveillance.”
CISA Isn’t About Cybersecurity, It’s About Surveillance
By Rachel Nusbaum | ACLU | March 13, 2015
They say the first step is admitting you have a problem. But sometimes that’s the easy part.
When it comes to cybersecurity, it seems everyone in Washington admits we have a problem. It’s in the solutions phase where things really start to fall apart for policymakers.
Instead of focusing on ways to make our data (and the devices we store it on) more secure, Washington keeps offering up “cybersecurity” proposals that would poke huge holes in privacy protections and potentially funnel tons of personal information to the government, including the NSA and the military.
Thursday, the Senate Intelligence Committee met behind closed doors to mark up the Cybersecurity Information Sharing Act of 2015. They voted 14–1 to advance the bill, with Senator Wyden offering the lone no vote.
Unfortunately, by all accounts, CISA is one of those privacy-shredding bills in cybersecurity clothing.
If you remember CISPA, the information-sharing bill that fell under the weight of its privacy failings last Congress and even drew a veto threat from President Obama, the problems with CISA might sound a little too familiar. This bill is arguably much worse than CISPA and, despite its name, shouldn’t be seen as anything other than a surveillance bill – think Patriot Act 2.0.
The bill could also pose a particular threat to whistleblowers – who already face, perhaps, the most hostile environment in U.S. history – because it fails to limit what the government can do with the vast amount of data to be shared with it under this proposal. CISA would allow the government to use private information, obtained from companies on a voluntary basis (and so without a warrant) in criminal proceedings – including going after leakers under the Espionage Act.
If you are wondering how giving companies a free pass to share our personal information with the government will make our data more secure, you aren’t alone. We’ve already written about why real cybersecurity doesn’t need to sacrifice our privacy.
The ACLU also recently joined with a broad coalition to remind the committee about some of these problems – problems which have not been adequately addressed in the Senate’s proposal.
The letter reads, in part:
We now know that the National Security Agency (NSA) has secretly collected the personal information of millions of users, and the revelation of the programs has created a strong need to rein in, rather than expand, government surveillance. CISA disregards the fact that information sharing can – and to be truly effective, must – offer both security and robust privacy protections. The legislation fails to achieve these critical objectives by including: automatic NSA access to personal information shared with a governmental entity; inadequate protections prior to sharing; dangerous authorization for countermeasures; and overbroad authorization for law enforcement use.
You can read the full letter, and view the full list of signatories, here.