While defense secretary Ashton Carter unveiled the Pentagon's new Cyber Strategy last week he failed to mention the provision that will send private data about U.S. citizens and companies to foreign militaries.
"To improve shared situational awareness DOD will partner with DHS [Department of Homeland Security] and other agencies to develop continuous, automated, standardized mechanisms for sharing information with each of its critical partners in the U.S. government, key allied and partner militaries, state and local governments, and the private sector. In addition, DOD will work with other U.S. government agencies and Congress to support legislation that enables information sharing between the U.S. government and the private sector."
Basically America's new strategy unequivocally ties into information-sharing legislation that's making its way to the President's desk. Specifically the Cyber Information Sharing Act. Among other things, such as allow the copyright monopoly to aggressively track and sue filesharers, CISA would protect companies from being sued for sending data about their users to the DHS, which would be permitted to send it in real time to the DOD, other U.S. agencies or beyond the United States.
In short, because of CISA our spy agencies now have legal cover to send your data anywhere in the world, with no oversight whatsoever. Just mention "national security" and you get a free pass to do whatever you want with Americans' information.
Our new cyberwar strategy pledges DOD information sharing to allies in the Middle East. "As a part of its cyber dialogue and partnerships, DOD will work with key Middle Eastern allies and partners to improve their ability to secure their military networks as well as the critical infrastructure and key resources upon which U.S. interests depend. Key initiatives include improved information sharing to establish a unified understanding of the cyber threat, an assessment of our mutual cyber defense posture, and collaborative approaches to building cyber expertise."
So with a couple strokes of the pen, your information could be shared with Egypt, Saudi Arabia or even Afghanistan.
The nation's top cyber warrior is not shy, either. He is openly pleading for new info-sharing laws.
"We've got to get cyber-information sharing legislation passed," Adm. Michael Rogers, commander of U.S. Cyber Command and director of the National Security Agency, said earlier this month at an event. Rogers said his ability to share information with the FBI was key to fingering North Korea as the perpetrator of the Sony hack. Yet the whole world knew this so its unlikely the information was as vital as claimed. But it makes a nice example now that they want all your information.
So when CISA or its cousins becomes law, because there will be limited opposition for elected officials looking for votes and paranoid about what the NSA has on them, what kind of information might fly from company servers to DHS to DOD and then around world?
Members of the privacy community describe the scope as incredibly broad. And it also means that anything collected in the dragnet, which is literally ALL of your online information, can be used against you in a court of law. Warrants no longer apply.
Robyn Greene, who serves as policy counsel for the Open Technology Institute at the New America Foundation, argued that the bills allow companies to collect and share virtually all information about how and with whom you interact with online. Moreover, there would be no limits on how the U.S. government could use that information. It could, for example, be used to investigate or prosecute crimes that have nothing to do with stopping hacks. If the dragnet turns something up on you, regardless of any warrants being issued, they'll prosecute you.
"This authorization would not just seriously undermine Americans' Fourth Amendment rights, which would otherwise require the government to obtain a warrant based on probable cause to access much of that same information, it would create an expansive new means of general-purpose government surveillance. (Sec. 5(d)(5)(A))," she wrote.
Mark Jaycox, a legislative analyst at the Electronic Frontier Foundation, has made similar findings.
"Existing private rights of action for violations of the Wiretap Act, Stored Communications Act, and potentially the Computer Fraud and Abuse Act would be precluded or at least sharply restricted … It remains to be seen why such immunity is needed when just a few months ago, the FTC and DOJ noted they would not prosecute companies for sharing such information."
The dragnet is about to get bigger while our hard-won rights are going to be crushed. The legacy of this sweeping invasion of privacy and cancellation of our rights to due process and judicial oversight will be nothing short of astounding.
Our forefathers, who fought hard for these freedoms, must be rolling in their graves