By Bill Wilson — On Thursday or Friday, the House of Representatives will be voting on new legislation, the “Cyber Intelligence Sharing and Protection Act” (CISPA). The ostensible purpose of the bill is to streamline the sharing of intelligence on cyber threats from the U.S. national security apparatus to Internet Service Providers and other web companies to protect the nation’s critical digital infrastructure.
In a joint letter to the House Permanent Select Committee on Intelligence, Americans for Limited Government, along with Liberty Coalition, TechFreedom, the Competitive Enterprise Institute and Freedomworks, applauded in part the goal of “empowering the private sector to defend itself against cyber adversaries,” calling it “an important and constitutional governmental function.”
On the surface, this information will allow companies to more effectively safeguard their systems and users against imminent cyber attacks on the homeland.
And if that was all this legislation and existing laws affecting cyber security and privacy did, there might scarcely be a word of criticism raised against them.
Big Brother is Watching
However, this bill is actually just one piece of architecture in a far vaster infrastructure that shares all of the apparent hallmarks of a Big Brother surveillance state.
As revealed recently by former National Security Agency (NSA) employee William Binney in a breathtaking interview with Democracy Now, communications and Internet companies are already being compelled to “share” extensive user data on U.S. citizens to the government, including to the NSA, under Section 215 of the U.S. Patriot Act.
Binney, who served as technical director of the agency’s world geopolitical and military analysis reporting group, resigned in 2001 after nearly 40 years of service to his country over the government’s use of a monitoring program that he in part helped to design.
Binney described the challenge the agency faced at the turn of the century in his interview, saying the NSA had an “inability to keep up with the rate of change.”
That project, called Thin Thread, competed with an agency favorite, Trailblazer, that was designed to upgrade the NSA’s capabilities to monitor worldwide communications in the digital age, as reported by the Baltimore Sun in 2006 — all begun under the Bush Administration.
Thin Thread
To “keep up with the rate of change,” Binney assembled his team. “I had a very small group of people in a lab and we decided to attack that problem. We did it by looking at how we could graph the network of communications and all of the communications in the world and then focus in on that graph and use the graph to limit what we wanted to attack,” Binney explained.
Binney said they succeeded, but that “in the process of course we scooped up Americans from different places so we had to protect their identities according to our laws and privacy rights of U.S. citizens. So we built in protections to anonymize their identities so you couldn’t really tell what you were looking at.”
Binney continued, “The worldwide web routes things all over so you never really know where U.S. citizens are going to be routed so if you were collecting somewhere else on another continent you could still get U.S. citizens. That was a universal problem. So we devised how you do that and protect U.S. citizens — and this was all before 9/11.”
They were ready to deploy, but the program was never implemented as originally intended. Said Binney. “After 9/11, all of the wraps came off for NSA and they just decided to — between the White House and NSA and CIA — to eliminate the protections on U.S. citizens and collect domestically.”
Pandora’s Box
In the end, Thin Thread turned out to be a Pandora’s Box. As Binney described, “They started collecting — from the one commercial company that I know of that participated — provided probably in the average of about 300 million records of communications from U.S. citizen to U.S. citizen inside this country.”
That company, Binney said, was AT&T. “It was long distance communications. So they were providing billing data. At that point, I knew I could not stay, because it was a direct violation of the constitutional rights of everybody in the country.”
In the end, Thin Thread’s network monitoring became the basis for the so-called terrorist surveillance program, Stellar Wind, according to the Sun article. Except its anonymizing and encryption features that would have protected user identities and required that an actual threat be established before data could be decrypted were all left out, as were protections that would have internally monitored the program for abuses.
All that remained was Big Brother.
After Binney left the agency in 2001, he learned that the program was being implemented from his former colleagues. He alerted the House Intelligence Committee, but to no avail. “The member of the staff that I went to went to Porter Goss who was chairman of the committee at the time and he referred her to General [Michael] Hayden for any further [information] — when it was the job of the committee to do the oversight on all of this domestic spying, and they weren’t doing it,” Binney said.
Although Trailblazer and Thin Thread are said to have been “essentially abandoned” according to the 2006 Sun article, Binney says they were the basis for the Stellar Wind program — which was never turned off.
20 trillion communications, and counting
Now, it is being used on an escalating basis.
“I think the surveillance has increased,” Binney said of the Obama Administration. “I would suggest that they’ve assembled on the order of 20 trillion transactions about U.S. citizens with other U.S. citizens. The data that’s being assembled is about everybody. And from that data then they can target anyone they want [for malicious prosecution].”
The 20 trillion communications estimate includes emails and phone calls, Binney noted. On emails, he said “I believe they have most of them… All they would have to do is put the various devices at various points along the network, at choke points or convergent points where the network converges and they could basically take down and have copies of most everything on the network.” He does not include Internet search queries and financial transactions in the 20 trillion estimate, saying he didn’t know if that information is being gathered.
But there clearly would be nothing to stop them if they wanted to gather it. Certainly not the useless Congress. No, only the Supreme Court could strike down this vast expansion of executive power.
And even then, it is unclear if the agency would even comply with the highest court in the land, since these programs were instituted in secret in the first place. Even when they say the program’s been ended, as in the 2006 Sun article, it wasn’t ended. It was being expanded.
The “Cyber Intelligence Sharing and Protection Act” and the Utah Data Center
It is in this context that CISPA is being implemented. Communications companies and Internet Service Providers are now being deputized to receive sensitive intelligence data to deploy national security tools and stratagems — all under the guise of enhancing cyber security.
There are other concerns with the legislation. Because it accepts the premise of private companies turning over their users’ communications to the government as a standard business practice, service providers can no longer assure users that their data is private. This undermines the freedom of contract.
Meanwhile, the private right to action under the bill should the information shared be misused, whether intentionally or negligently, creates a false sense of privacy. The fact is, the intelligence on U.S. citizens is already being “shared” by the communications companies. In fact, there are no “secure” forms of communication or data storage — anywhere.
This new legislation will not overturn Section 215 of the U.S. Patriot Act, nor will it prevent any information already in the government’s possession from being abused.
Although supporters of the legislation contend that CISPA “protects privacy by prohibiting the government from requiring private sector entities to provide information to the government,” does anyone really believe it would overturn this vast NSA surveillance program?
The debate over the provisions of CISPA, particularly the right of service providers to decide for themselves whether or not they wish to share data with the government, ignores the reality that the government is already gathering that data, with or without the companies’ knowledge by Binney’s account.
If the bill explicitly outlawed these existing NSA surveillance programs, and ordered the destruction of the data, it might have more teeth.
But come September 2013, the NSA’s new multi-billion dollar Utah Data Center as reported by Wired.com will be complete. It includes “four 25,000-square-foot halls filled with servers, complete with raised floor space for cables and storage… [and] more than 900,000 square feet for technical support and administration.”
There, the agency will be able to collect and store septillions of bytes of data — on every person in the world. This center is not being defunded by the bill either.
This is a very thin veneer of privacy indeed.
Not too late to turn back
The genie is already out of the lamp, and it will not easily be put back in.
While there is a legitimate need for intelligence collection in the digital era to protect national security, there do not appear to be any adequate constitutional safeguards — including the execution of warrants, the right to confront accusers, judicial review, or any congressional oversight whatsoever — for U.S. citizens who are being targeted by these measures.
How do the American people protect themselves from these programs being used against them?
Even if one supported the Bush era terrorist surveillance measures as a well-intentioned act to protect the homeland, as a nation we must now step back and seriously question ourselves — before we plunge into the depths of a tyranny not easily overturned.
To truly ensure privacy in the digital age, it is not enough to protect data from private access, as in CISPA which seeks to strengthen protections against cyber threats. Privacy must also be protected against government access as well. Nothing less than the essential liberty of every single American may be at stake.
Bill Wilson is the President of Americans for Limited Government. You can follow Bill on Twitter at @BillWilsonALG.