Is The Freedom Act a Stealth CISPA?

The American Everyman blog has been insisting since 2013 that the Snowden Spectacle would provide cover for passing CISPA, a bill that in its many different unpassed incarnations has been the bête noire of privacy advocates for some time. While I don’t agree with everything the AE blogger, Scott Creighton wrote, he is rare in making this connection and not wrong to. There is no question that the spirit and intended effects of CISPA reside in certain parts of the Freedom Act. It also creates conditions conducive to passing the real thing.

You may recall that CISPA is a bill which, in the ostensible interest of preventing and fending off cyberattacks, creates broad legal exemptions that allow the government to share “cyber threat intelligence” with private companies, and companies to share “cyber threat information” with the government. The ACLU listed these as the main reasons for its opposition to the bill:

  1. Creates an exception to all privacy laws to allow companies to share our personal information, including internet records and the content of emails, with the government and other companies, for cybersecurity purposes;
  2. Permits our private information to be shared with any government agency, like the NSA or the Department of Defense ’s Cyber Command;
  3. Fails to require the protection of Americans’ personally identifiable information (PII), despite repeated statements by the private sector that it doesn’t want or need to share PII;
  4. Once shared with the government, allows our information to be used for non-cybersecurity “national security” purposes – an overbroad “catch-all” phrase that can mean almost anything;
  5. Immunizes companies from criminal or civil liability, even after an egregious breach of privacy;
  6. Fails to implement adequate transparency and oversight mechanisms

Since the Freedom Act says nothing about cybersecurity, it’s not obvious at first glance what could connect it to CISPA. But the overarching objection to CISPA was that cybersecurity was simply a pretext for streamlining collusion on mass surveillance between the government and the private sector generally. This is the concern encapsulated in item 4, that CISPA makes data gathered in the interest of cybersecurity available for precisely the kind of investigations covered by The Patriot Act and its successor, The Freedom Act.

The Freedom Act’s signature feature, the thing we’re all supposed to be thrilled about, mandates the collusion of phone companies at the very least, by making them the retainers of bulk data the NSA will theoretically, in half a years’ time, no longer be allowed to capture and store under its own auspices. The operation will also require collusion of a “Booz-type contractor” that will supplant the NSA as the compiler of all the data from the disparate sources.

It’s fair to see the Freedom Act’s “target” for these searches as analogous to CISPA’s “cybersecurity threat” in terms of how it rationalizes the going-through of private user data, and the amount of user data that can be made available without a warrant, via the nebulously defined “selector” that determines what records a query returns. If there is some constraint that selectors impose on records retrieval that CISPA’s focus on a particular cybersecurity threat doesn’t, it’s not yet obvious.

By the very nature of the investigations covered, and the methods used therein, item 3 in the ACLUs CISPA concerns is also germane to the Freedom Act, which enables government agents to get unredacted records tens of thousands at a time. Personally identifiable information is precisely what this kind of record-searching covered by The Freedom Act is looking for.

Moving on, consider the ACLU’s concerns in item 5 about the immunization of companies against sections 105 and 106 of the Freedom Act, which are the most strikingly CISPA-like elements in the bill. These sections not only immunize “a person”  that cooperates in an invasion of privacy in any way from legal consequences, but also compensates them for their assistance, a la PRISM.  By compensating entities willing to share private data with the government, The Freedom Act adds an extra incentive for private sector secrecy, cooperation and zeal that CISPA does not.

About similar language in CISPA, the Electronic Frontier Foundation said that the “immunity provisions would override existing privacy laws like the Wiretap Act and the Stored Communications Act.” This certainly makes sense, since immunity from lawsuits and prosecution is clearance to operate above the law. So the ACLU’s objection to CISPA in item 1 above, and EFF’s similar objection, must also apply to The Freedom Act.

The Freedom Act’s language also seems to broaden the scope of  immunity beyond CISPA’s limits, by borrowing The Patriot Act’s “any person” which it defines as “any individual, including any officer or employee of the Federal Government, or any group, entity, association, corporation, or foreign power.” Though it’s hard to say for certain, this appears to be broader than  CISPA’s “protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider.” Unless I’m misreading, The Freedom Act’s language immunizes any person or entity involved in the unauthorized or illegal use of private records.

CISPA also stipulates that the immunity applies to entities acting “in good faith,” a qualifier that the Patriot Act included also in its much weaker immunization language.  It can’t  be an accident, then, that The Freedom Act’s immunization language omits any mention of “good faith” entirely, and thereby closes any small openings for lawsuits or prosecution, no matter how recklessly or destructively someone’s privacy has been invaded.

So far, so CISPA-like — and in some respects, actually worse —  but the accuracy of the comparison is significantly, though not wholly, contingent on how The Freedom Act stacks up in terms of the “adequate transparency and oversight mechanisms” mentioned in item 5 above. CISPA is entirely separate from FISA. Rather than oversight from a rubber stamping secret court, CISPA requires the Intelligence Community’s Inspector General annually to review and report on the government’s handling and use of information. An amended version of CISPA added in periodic review by the Privacy and Civil Liberties Oversight Board and required senior privacy officials from government agencies to complete annual reviews evaluating effects of CISPA use on privacy.

That the proposed oversight in CISPA consists entirely of Intelligence Community officials filing annual reports and periodic review by a committee that has no authority means there is really no oversight. On paper, The Freedom Act looks much better, by requiring authorization of “selectors” for querying data by the FISA court. However, the FISA court operates in secrecy and has denied only 12 warrants out of 33,943 requests between 1979 and 2012. There is no reason to believe its approval of selectors will be less lenient, and once approved, these selectors can be used repeatedly.

The Freedom Act establishes the involvement of amicus curiae —  friends of the court — who can advise the court on certain decisions. However, the use of this option, the person(s) assigned to the role, and the information to which they are privy, are entirely at the court’s discretion. In other words, like the court itself, this measure establishes only the appearance of oversight. The Freedom Act also establishes new reporting requirements, but by most accounts these are so broad as to be meaningless, especially since the bill exempts the FBI from many of them.

In summary, The Freedom Act throws more transparency bones to reformers than CISPA does, but they’re just bones. Hence, the ACLU’s objection to CISPA on this count (item 5) applies to The Freedom Act as well.

So if The Freedom Act is really the love child of The Patriot Act and CISPA, you would expect CISPA advocates to be Freedom Act advocates too. So let’s see, there’s Mike Rogers who wrote CISPA and is among the best friends the NSA has in Congress. Here’s his statement of support. Tech industry titans that supported CISPA, such as Google, Apple, Microsoft, Yahoo and Facebook, strongly endorsed The Freedom Act as well. Emptywheel’s Marcy Wheeler, a Freedom Act critic, noted that, in its communications endorsing the bill, Google uses “modernize” where less candid proponents are using reform. She also noted that the corporate beneficiaries of The Freedom Act’s immunity and payment provisions are keeping rather quiet about their impending benefits.

Unfortunately, the similarity with CISPA breaks down where opposition is concerned. Groups that adamantly opposed CISPA for reasons that, as we have seen, also apply to The Freedom Act, have swallowed the “Important First Step” Kool-Aid, and are now robotically regurgitating it or saying nothing at all. No doubt this owes at least in part to beloved public figures giving a world weary nod to the kind of Orwellian maneuver they built their reputations on excoriating.  After two years of insisting that Big Brother is watching us, and vigorously applauding themselves for doing so, they can’t possibly admit that things have actually gotten worse and will continue to do so.

While privacy advocates were savoring the drama of Patriot Act expiration, Rand Paul’s filibuster showboating, and the Freedom Act’s “important first step”, CISPA supporters were maneuvering to resuscitate the real CISPA. This time around it’s called the Cybersecurity Information Sharing Act, CISA (S. 754) and includes all the worst elements of its predecessor. Senate Majority Leader Mitch McConnell announced on June 9 that he would attach this bill to The Defense Authorization bill now on the Senate floor. Fortunately, even supporters of the bill, such as co-author Dianne Feinstein, opposed McConnell’s attempt to short circuit debate today and thwarted it. But CISPA’s supporters aren’t going to stop there, and the Freedom Act’s formalizing and normalizing of private sector collusion in mass surveillance can only help them.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

17 Responses to Is The Freedom Act a Stealth CISPA?

  1. thombrogan says:

    I just figured everything that can access the Internet is at risk of being hacked and compiled and used against the device user at some later date. It’s “nice” that the powers that be are making a symbolic, empty gesture to mollify some of the masses while what’s been going on keeps happening.

    It’s like when someone makes an effort to craft a plausible lie – the deception hurts, but a little less so.

    • Tarzie says:

      Yeah, I sympathize. When I re-read this post, I felt like a bit of a fool for taking this shit so seriously. I’m not really happy with it as a result.

      At the same time, I don’t think these laws are simply symbolic empty gestures, otherwise, they’d be better gestures. If this shit isn’t necessary, why pass such horrible bills? Why not pass a bill that’s bullshit from top to bottom that promises reform and makes everyone feel giddy about the system functioning? I think from a functional standpoint, it’s necessary to keep everything at the level of normality, instead of a few people working in secret. I think functionaries in the apparatus — at least some of them — need to feel like they’re not doing anything terribly wrong, and normalizing also keeps the money flowing. Everything just works better with all the powers that be signing off on it and creating a mechanism that implicates everyone and maximizes the big players’ gains.

      I think the kind of skepticism that just shrugs and says it’s all for show is not really accurate. If they’re going to do what they want anyway, why are they pushing so hard for CISPA? Obviously, some faction of the ruling class really wants that to happen and they’re going to keep on pushing until it does. Why so much effort for an extremely polarizing and controversial measure?

      Also generalized risk of being hacked that you describe is very far from mechanized data collection of all online artifacts that subjects everything to thought-crime and pre-crime analysis. The ability to hack individual computers is only useful once you’ve identified the computer you want to hack. I don’t think it can be done very easily en masse.

      • thombrogan says:

        “If this shit isn’t necessary, why pass such horrible bills?”

        To keep enough of us rubes happy that the system works so that we support it (and those opposed feel so overwhelmed they don’t even try to rebel). And, as you said, a lot of the participants don’t want to see themselves much less let others see them as violent offenders or enablers of such. If we’re all democracying, it’s all of us making the best of an imperfect system.

        “The ability to hack individual computers is only useful once you’ve identified the computer you want to hack. I don’t think it can be done very easily en masse.”

        I’m not saying it’s easily done en masse (though you and a huckabucka posters mentioned it is happening in your last post and comments section – it’s fucking gold when glennbots don’t clot it), nor am I saying mass collection is valuable as an end in itself. Was just grousing that we’re all hackable. Guess I might as well have complained we’re all able to be drowned in concrete (it just didn’t fit the context).

      • Tarzie says:

        To keep enough of us rubes happy that the system works

        This just doesn’t pass the smell test for me, for the reason I gave before: they’d pass more pleasing gestures if this had anything to do with it. Approval of Congress hovers around 11% and clearly the members don’t give a fuck.

        I do think there are forces that work against total corruption, such as the example I gave previously, workers who want to look at themselves in the mirror without feeling like shit. You can’t do massive surveillance without bills that fund it, structure it and induce mass cooperation. You just can’t.

      • robertmstahl says:

        “I don’t think it can be done very easily en masse.”

        There are aspects of the technology that can be done very easily, en masse. Circuits are either parallel or serial “communications”, or designs. Parallel processing is easy to design as pure AI, and can do things like “find” your credit card in next to no time anywhere on the planet, stop subways from crashing ever in Tokyo, and develop new places to drill in existing oil fields as easily as long, drawn out studies by teams of experts. Genetic algorithms, neural networking, and fuzzy logic do the deed. And, they get better, or learn (not “learn to learn” as Bateson describes) over time as the “correlation coefficients” simultaneously calculated are supplanted by more and more data, improving “the means” along the way. In truth, the capacity for this type of artificial intelligence that is integrated into the criminal agenda (e.g. take Indira Singh), runs slightly more efficiently if it is not skimmed off of by the-spy-who-loves-me. All true learning is otherness, but you see where the gestalt becomes the contest it remains as the crimes become, mechanically, more subtle, but less understood by the masses.

      • thombrogan says:

        I certainly didn’t present my attempt at a viewpoint as well as intended and cast my net too wide. I don’t see the corporatists as a completely monolithic swarm of hive minded amoral opportunists. There are several competing factions, so every decree benefits some at the expense of others as The Freedom Act must. And though I believe gathering terabytes of what should be our private data is “doable,” I don’t think that’s what is actually being done (though groups do get singled out).

        I was just disgusted and thought I had a point instead of the unfocused scrawlings actually shared. I apologize.

      • Tarzie says:

        Don’t apologize. I sometimes overthink random comments.

  2. jason says:

    we are all “before the law,” with techno- and bureau-crats for the layers & layers of lawyers. there needs to be a “booz-like” analyser between the telecoms & the gov & the FISA court needs “selectors” to, uh, help it select (????) before it moves on to another layer in the machine. and etc. “private” co’s are going to run more amok. and get paid for it.

    thank you tarzie. your comment about “normalization,” spot on.

  3. Dissent Now says:

    It seems related, and maybe you’ve noted the same somewhere in here, but I don’t even have the time to craft the right remark to make note of it, so all I can really say with regard to the link below is something like, “and as if straight immunity is not enough, it appears they also want to be immune from anyone knowing what they’re immune from.” Or something.

    http://www.politico.com/blogs/under-the-radar/2015/06/new-foia-exemption-at-stake-in-cybersecurity-bill-208636.html

  4. Fuck the anime-marxists says:

    “The conspiracy”. Still clinging to corporate media language and smears I see, tarzie.

    Scott was calling out Greenwald when you were still kissing up to him. FYI, asshole.

    • Tarzie says:

      I’ve made it very clear over and over again here that I have no objections to well-researched and thoughtful conspiracism, which is what Scott mostly does. Does he call it something else? Are you saying he doesn’t believe there’s been a conspiracy? Considering that I called his conspiracism “well-researched”, credited him with inspiring this post and said he was largely correct and one of very few who even made the Freedom Act/CISPA connection what, exactly, is your fucking point? Would it have been better had I not mentioned him at all?

      On the chance that conspiracism isn’t a word Scott would use to describe what he does, I’ve changed the language to Psy Op and False Flag theories, which is indisputably accurate. He sees everything in those terms, and not entirely without reason, though sometimes I think it gets ridiculous. Congrats to him for getting to Greenwald first. You can say I told you so on his behalf when I get round to conceding that Sandy Hook was a hoax a year or two from now. Is there not something to be said for Greenwald criticism that does not align itself with self-marginalizing and largely pointless crisis actor theories? Perhaps you’re seeing a half-empty glass rather than a half-full one. I signal boosted Scott because I think he deserves credit and I think he’s worth reading. I didn’t have to.

      One reason why I qualify my support for conspiracism is I really really dislike conspiracist culture, which attracts frothing fanatics like you and other asocial obsessives. I also think their focus on irretrievably speculative origin stories is misplaced. Snowden is a limited hangout in effects whether intended or not. I believe our system can just shape things into Psy Ops automatically. So I don’t really care if Snowden is in on the joke, though there is certainly evidence that he is, especially in light of his support for The Freedom Act. Nonetheless, what I care about is the effect.

      • Go fuck yourself, you piece of fucking trash. Israel thanks you for your service. I am not going to dignify your accusations with a defense of my character. I know who I am, and I know who you are, you self-righteous fuck. You should try a gig at the ADL. You are doing their work for free. And by the way, I dated an old man who happens to be Jewish. Also, are you still butthurt because Greenwald stopped massaging your fragile ego? Seems like only yesterday you two fucks were best of twitter pals back when I was calling that fraud out.

      • Tarzie says:

        LOL. This was in moderation and I coulda binned it but I’m def keeping it up, because you prove my point. However, I regret that I will not let you spew at length. Everything else will be deleted. One of you is enough for one year.

        God you really are some asshole. But how right you are about the root of my antipathy to Greenwald. Before Glenn, I was shagging Chris Hayes, and then he dumped me. So I wrote about him. Then there was Amy — a brief, trauma-induced foray into heterosexuality — and it was going great but then all of sudden she needed “more space.” Yeah, right. So I wrote about her.

        If I didn’t fall in and out of love so often, I’d have nothing to write about! I wish one of these people would at least give me a job!!! Maybe if I keep criticizing them…

        By the way, Israel pays me, motherfucker. A lot. I’d never deal with assholes like you for free.

      • willyloman says:

        for the record, I call it “journalism”

        I write about a number of things. “conspiracy theories” are a small part of what I do. I write about creeping neoliberalism being pushed by institutions like the IMF and World Bank. I expose color revolutions, our current struggles against the TPP, TTIP and TPA. I also covered elections and election fraud/stealing (which is not a conspiracy theory by the way, it’s proven fact), the fake ‘two party’ system we have here in the states. Things like that.

        I also write a great deal about the struggles of the Palestinian people.

        When it comes to my “well-researched and thoughtful conspiracism” what I simply do is acknowledge various pieces of information surrounding certain events that usually go unmentioned in the MSM. I point out the oddities in such cases, like the various mass casualty events we’ve been cursed with over the years. I call it American Gladio with good reason. Because that is what it is. Research the Gladio program in Europe post WWII and you will understand my reference.

        By the way, it’s now legal for the CIA and other agencies to operate on US soil since the NDAA 2013 declared the entire world is the “battle field”, including the United States. Kind of a game changer.

        Back in the day, I wrote about how banks were colluding with each other, rigging the game so that they and they alone would win. I was a ‘conspiracy theorist” for doing that. Then came LIBOR.

        Often “conspiracy theories” transition into something called “history” so one should be careful what one easily dismisses off hand. Take the Magic Bullet Theory for instance. I think it’s pretty well understood at this point that one man couldn’t have fired all those bullets that the officer’s radio recorded having been fired. Far more than 3 right? Say what you will about what one assumes as the motive for the killing and the cover-up, reality is, that “conspiracy theory” was correct from the start.

        As to Mr. “Snowden”: from what I can understand, and by his own admission, the guy is a manufactured character. His task was to set the American people upon the path of “having the discussion” about the illegal and unconstitutional surveillance. Obama himself said so less than 3 days after he first came on the scene. The 2nd court ruling said the illegal aspect of section 215 in the Patriot Act was the fact that we “hadn’t had the debate” over it in the country. And now supposedly, we have had “the debate”

        No we didn’t. Here’s the debate: it’s illegal and unconstitutional so it should stop completely. That’s the debate. But that’s not what we got. What we got was the privatization of the program which, by the way, is part of CISPA. And now, we have two new bills in congress (CISA is one of them) and a “Chinese hack” crisis that will pave the way for the other have of CISPA… giving Big Business the ability to police the internet.

        They move from one crisis to the next seamlessly because they would never win popular support for their plans without them. Like this latest shooting in Dallas for instance. It’s what they do and it’s not a conspiracy theory to simply take notice of it.

        I do appreciate your taking the time to do an evaluation of my work. In a sense, you are correct in that the USA Freedom Act is not CISPA in and of itself. But as you can see, they are working on the other half of it through yet another manufactured crisis, which I wrote about the other day.

        scott creighton
        willyloman
        American Everyman

        (and just so you know it’s me, I’ll put a little “hi there Tarzie” as an update on my latest article on the site 😉 )

      • Tarzie says:

        Hi Scott. I was hoping you would stop by so thanks for doing so.

        I admit my description was too narrow even if I sincerely didn’t mean it as a pejorative. But I have come to your blog only recently and mostly to read your Snowden work, which, as well as being excellent, revolves around a Psy Op. When I go there and also see posts dedicated to crisis actor theories, which I think is pretty hardcore, I assume that that’s your main thing. There would be nothing wrong with it if it were the case. I am only saying how I got the impression I got.

        I don’t think you and your followers read me at all, because if you did you would know that I do not discount [this thing that can’t be named] and we’ve had robust, respectful interesting discussions about them. I get called a conspiracist quite a lot myself because of it. One of my favorite Twitter pals sees things very much the way you do in many respects. But I am not going to unambiguously align myself with all theorists and theories, for numerous reasons that I don’t feel obliged to go into. There is a very conservative blogger who sometimes cites me, and when she does so, she makes a point of stressing that she does not share my politics. I don’t fault her for doing this at all, though I wish she’d do it with less sneering. As far as I know, none of my readers has frothed all over her blog for it, which is as it should be.

        As to Snowden, I think there is quite a lot of evidence that he is not what he says he is and I only discounted that possibility once, right at the very beginning. I don’t talk about it much because I am less interested in origin stories than effects. I might be the ultimate conspiracy theorist, in that I think our media system produces Psy Ops almost automatically, so I see focusing on their origins and execution can sometimes be minimizing and distracting. With this perspective, I think Snowden would function as a Limited Hangout or Psy Op whether he was intentional about it or not. If the system couldn’t shape him into something useful to powerful interests, it would purge him. For myself, a focus on the story behind the story is a distraction that gets limited returns. I discuss this viewpoint in relation to theories about David Graeber, here. All that aside, certainly Snowden’s disingenuous endorsement of the horrid Freedom Act strengthens your case.

        I agree with much of what you said here, except the suggestion that I’ve been dismissive. I’m glad you found at least some merit in my post. I didn’t have the background to quite understand what you were getting at with CISPA and The Freedom Act — simply because you had developed it over a number of posts, not all of which I’d read. But you piqued my interest, so I did some research and felt it was worth sharing with my readers. I also wanted them to both give credit where due and check out your blog. For the record, a number of people who share your interest in the the shadows read this blog and would have seen my original first paragraph as a strong recommendation. My stats suggest I sent a few people your way, and I doubt if they were doing so to gawk or sneer. So I’m somewhat surprised that crediting you has generated so much heat. This obliquely suggests one reason I keep an arm’s length from the culture surrounding [the thing we must not name.]

        Anyway take care. If I ever cite you again, I’ll take all the vigorously expressed concerns into account.

  5. zardoz says:

    Reading this adds some perspective to the recently leaked TISA documents. 2.1 of the e-commerce annexe reads:

    “No Party may prevent a service supplier of another Party from transferring, [accessing, processing or storing] information, including personal information, within or outside the Party’s territory, where such activity is carried out in connection with the conduct of the service supplier’s business.”

  6. davidly says:

    Thanks. You’ve become quite the go-to source. And nice citation.

    To assert that TFA is an empty gesture would certainly be missing a point, but things make more sense when you consider the show aspect along with the rest of it. I wouldn’t be too quick to dismiss the effect this has on the populace at large, who, don’t forget, know little about any of this, and for those who do, Greenwald is a hero or traitor, but they foster barely more than a vague notion about who he is beyond catchwords.

    I agree with thombrogan — for the purposes of this comment, mainly his first reply. It’s what I was on about before re. plausible consent. The fact that pols don’t have to try harder in spite of having such miserable approval ratings only shows how cheap plausibility’s manufacture has become.

    So the Freedom Act vs. CISPA is like Congress giving the Rama what-for on Fastrack. Sure there are those who oppose it, but it’s a pretty cool show to make dedicated voters feel good for a while about the fact that they are dedicated voters. Until they pass it. Or they don’t. It’s a win either way. And there’s always tomorrow when it’s convenient to have such shit looming.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s