New senate bill would allow free flow of data between private companies & DHS/NSA03/07/2014 19:04
Source: Mass Private I
A draft U.S. Senate bill aimed at making it easier for organizations to share cyberthreat information poses serious threats to personal privacy, several rights groups said in a letter to Congress.
A discussion draft of the Cybersecurity Information Sharing Act of 2014 (CISA) was released last week by Senate Intelligence Committee Chair Dianne Feinstein. The proposed bill would facilitate a vast flow of information to the National Security Agency at a time when the agency faces many questions about its surveillance practices, numerous privacy groups said in the letter.
The bill ignores many civil liberties protections incorporated into an earlier version, called the Cybersecurity Act of 2012, the letter said.
The CISA bill is designed to let companies more easily share, receive and use information about cyberthreats. It would also provide some protections for companies that engage in countermeasures to deal with attacks against their networks.
Backers of the legislation believe that such measures are needed to help private companies detect and respond to cyberthreats more efficiently. Sharing information about things such as bad IP addresses or malware can help companies more quickly respond to common threats, the supporters say.
Privacy groups contend that CISA would also authorize a free flow of real-time threat information between the private sector and U.S. government agencies, including the NSA and DHS.
The legislation would require the DHS to immediately disseminate any threat information it receives from private companies to other agencies, such as the Department of Defense and the U.S. Cyber Command, and that could lead to a unnecessary militarization of cybersecurity issues, the letter said.
"CISA requires that cyberthreat indicators shared from the private sector with DHS be immediately disseminated to the Department of Defense, which includes the NSA and U.S. Cyber Command."
"This new flow of private communications information to NSA is deeply troubling given the past year's revelations of overbroad NSA surveillance," the groups said in their letter. "It would enhance the NSA's role in the civilian cybersecurity program, risking militarization of the program."
The bill is vague on the specific instances under which companies can share data or what type of information can be shared, the groups said. In addition, there are few clear restrictions on how government agencies can use threat data received from private companies, and inadequate controls for protecting personally identifiable data, they said.
John Pescatore, director of emerging security threats at the SANS Institute, said the CISA bill would be unlikely to spur any significant increase in information sharing.
"It does try to address liability and antitrust concerns, and demand that the government protect and not retain such data. But the reality is that there is still little to gain by private industry voluntarily forwarding more information to the federal government. There are existing forums, like the Information Sharing and Analysis Centers, where such sharing already takes place at the level which makes sense for businesses," Pescatore said.
Nationwide DHS surveillance grants allow police to use private security cameras to spy on the public:
Downtown businesses are giving area law enforcement agencies greater access to private video surveillance feeds under a new push to increase real-time monitoring capabilities in Grand Rapids.
Jack Stewart, Kent County emergency management coordinator, said the Grand Rapids Police and Kent County Sheriff’s departments are increasing access to the downtown surveillance apparatus under a new public-private partnership program.
The two agencies are tapping into private video feeds from existing cameras mounted on the exterior of private commercial buildings downtown, he said.
Previously, police would request video from private feeds during the course of a criminal investigation. Now, police will be able to monitor the feeds in real time from county and city dispatch centers.
“This is the same technology that helped catch the Boston Marathon bombers,” said Stewart. “This is not day-to-day monitoring. It’s just in the event of an emergency. There would have to be an event serious enough to trigger us to monitor the cameras.”
If that B/S response sounds familiar it's the same load of crap NSA chief James Clapper tried to sell Congress last year, claiming they weren't spying on Americans.
Stewart said there are roughly 100 exterior video cameras right now that are or could be accessed under the program, many of them concentrated around government and critical infrastructure buildings.
Private businesses working with the DHS are secretly spying on us, see below:
Non-disclosure agreements precluded Stewart from naming specific businesses participating in the program, but some were willing to disclose that on their own.
Stewart said the program is limited to outdoor surveillance only, and monitoring of public areas where “there’s no expectation of privacy.”
The program, which Stewart said is pursuing federal Dept. of Homeland Security grants to expand the surveillance capability downtown with new and upgraded equipment, has been in the works for several years.
“Some of the cameras are hooked-up already, but we’d like to offer to enhance and expand to other businesses and facilities that want to hook-up to the project,” said Stewart about uses for the possible grant money.
The program is a response to increasing activity in the downtown area, and disclosure of the project follows a pair of downtown shootings this month that have caused Grand Rapids police to step up their presence in the district.