Diary

New Counterterrorism Bill Would Force Internet Businesses to Turn Over Suspicious User Content to the Feds - No Warrant Required

The Senate Intelligence Committee has passed a version of the Intelligence Authorization Act for FY 2016 (S. 1705) that would create a “duty to report” requirement for “providers of electronic communication services, which include online content hosts, internet service providers, and public libraries and coffee shops that offer WiFi access.” These companies would have to report any supposed “terrorist activity.” The impact of this provision, which was introduced via a secret, closed-door committee process, would be massive. The Center for Democracy & Technology reports:

“This vague requirement would turn every component of the online communications environment – access providers, website operators, cloud services, social media platforms, search engines, email services, and more – into agents of the government, reporting on their users according to a set of completely opaque criteria. This type of obligation eviscerates any notion of “trust” between individuals and the online services they use – trust that has already been damaged by the mass government spying revealed by Edward Snowden’s disclosures.

Online service providers would be tasked with scrutinizing any content that gets flagged to them for potential links to terrorism, putting these providers in the inappropriate position of deciding what counts as protected political advocacy or discussion of current events, and what sort of speech should put someone on a government watch list.”

So, this would mandate the forced reporting of “facts and circumstances” of apparent terrorist activity, which includes public blog posts, tweets and status updates. But, it also includes private messages, emails and private journals kept online or backed up to remote storage.

This would have significant impact on privacy while also having a chilling effect on free speech.  And, there is no actual definition of what constitutes terrorism. There is also no requirement that the terrorist activity “be an apparent violation of the law.”

Alarmingly, your information would be turned over to the US government–directly–without a warrant, subpoena, or National Security Letter required.

In other attempts to undermine civil liberties, FBI Director James Comey has been on an anti-encryption crusade and Congress has been busy trying to push through a number of cybersecurity bills. None of these bills have anything to do with cybersecurity. They further chip away at privacy rights, because they are surveillance bills being peddled as necessary for Internet security.  On top of all of that, CISA (Cybersecurity Information Sharing Act) is back again, but this time the reason invented for its necessity is that it will prevent attacks like the OPM hack.

But, even President Obama has admitted to the reason why the US government is vulnerable to cyber attacks:

“In February, President Obama admitted, while addressing a cybersecurity summit in San Francisco, that the government is not performing up to par. He remarked that the government designs “new defenses, and then hackers and criminals design new ways to penetrate them. Whether it’s phishing or botnets, spyware or malware, and now ransomware, these attacks are getting more and more sophisticated every day.” He said that the federal government needs to be just as fast and flexible and nimble in constantly evolving its defenses.”

The consequences of CISA’s implementation would be massive expansion of the ability of the NSA (and other intelligence agencies) to do “backdoor searches” on its “upstream” collection.

[mc_name name=’Sen. Mitch McConnell (R-KY)’ chamber=’senate’ mcid=’M000355′ ] tried to include it in the defense appropriations bill by pointing to the OPM hack. It didn’t work that time, but recently McConnell announced plans to bring it up for a vote in the near future. He used the same tactic again, claiming that it is necessary due to the OPM hack. The key question to ask in regard to CISA, however, hasn’t been asked of McConnell: How would CISA have thwarted the OPM hack? It wouldn’t have stopped that hack or any other cyber attack. Because it’s not a cybersecurity bill. It’s a surveillance bill.