On Feb. 13, Rep. Mike Rogers (R-MI) introduced the Cyber Intelligence Sharing and Protection Act (CISPA) in the House of Representatives – again.
The legislation, which failed last year in the Senate, would amend the National Security Act of 1947 to allow the exchange of electronic information about citizens between government intelligence agencies and the private corporations that make up the nation’s critical infrastructure. Included in this latter category are banks, pharmaceuticals, energy corporations and utilities. The Business Roundtable, an association of the CEOs who run private corporations with combined annual revenues of $7.3 trillion, endorsed the proposed law in a document released this past January, so the heavy hitters were lining up behind the proposition even before it existed.

Since 9/11, Americans have grown accustomed to relinquishing our civil rights whenever the government claims that national security is at stake. It’s curious, though, that even as the 2001 attacks recede in time, and a weakened Al Qaeda can no longer operate internationally, the government continues to encroach on our right to privacy. The broadening insistence on widespread surveillance is justified by proliferating enemies such as Hezbollah, the governments of China and Iran, transnational organized crime, hackers and hacktivists, spammers, phishers and general terrorists. The fact is that we are no longer sure whom we should fear – or why. Yet we are expected to permit the government and private corporations to examine our private lives without limit. 

You cannot imagine what it is like to have the government scrutinizing your every action until it has happened to you. We can learn, though, from the experience of those who have already been on the receiving end of this whistleblowers who have disclosed gross waste, potential fraud and serious misconduct at the National Security Agency (NSA) and the Central Intelligence Agency (CIA), for example. After they became whistleblowers, the government monitored their every digital move: every credit card transaction, Internet site visit, phone call and e-mail fed the insatiable maw of the State. But at the very least, the surveillance agencies had to have a warrant.

For organizations working for accountability in government and corporate institutions, it is therefore important to know how serious the cyber security problem really is before completely relinquishing the efficacy of the fourth amendment (freedom from unreasonable search and seizure). The proliferating number of existential cyber-threats presented to us by government and the BRT suggests, in itself, a certain hysteria. Similarly, a Bloomberg Government study, excerpted on the web, presents a terrifying prospect of cyber invasion. The deep, urgent voice-over, is accompanied by a video with high-tech graphics and an ominous beating drum. At one point, the graph onscreen morphs from a stock market crash to a vital signs monitor and threatens “catastrophic loss of life” as the graphic flat-lines and the beep that presumably represents a heartbeat becomes a dead, droning monotone instead. This will be, of course, the consequence of imminent cyber threats.

This week, the House of Representatives will consider the “Cyber Intelligence Sharing and Protection Act,” a piece of legislation that would allow America’s intelligence agencies to share and protect the voluminous data they collect about America’s citizens with the keepers of America’s financial infrastructure, among others. An identical bill passed the House last year but died in the Senate, despite a powerful push from a curious coalition of spies, lawyers, financiers and politicians.

As an American citizen about to be shared and protected, when you see that kind of lineup behind a power play, you may fear trouble. For many months now, the bill's campaign has been building. It began last summer with a briefing for about 50 Washington think tankers convened by former Senator Jon Kyl (R-AZ).

That day, July 9, 2012, was a scorcher, with afternoon temperatures over 100 degrees when the audience convened in a third floor briefing room at the Senate’s Russell Office Building on Capitol Hill. Kyl had invited the American Center for Democracy (ACD) and the Economic Warfare Institute (EWI) to hold a “Super-Panel” and an open discussion on the topic of “Economic Warfare Subversions: Anticipating the Threat.”

The make up of the panel was a little peculiar; it featured a number of heavy hitters from the intelligence community, including General Michael Hayden (former director of both the CIA and the National Security Agency), James Woolsey (former CIA director), and Michael Mukasey (former Attorney General for George W. Bush). But there were others. First among them was the facilitator and director of the Economic Warfare Institute itself, Dr. Rachel Ehrenfeld, who aggressively used her academic title at every opportunity, an unusual practice in this company. Among the remaining panelists, one suggested that jihadists were setting wildfires in Colorado that summer. Another, a former Alternate Director for the U.S at the International Monetary Fund (IMF), also produced a memorable presentation by envisioning complex terror scenarios not even Hollywood could produce.

This month, the Business Roundtable (BRT) posted an alarming proposal: "More Intelligent, More Efficient, Cybersecurity Protection." The BRT is an association of the CEOs of the largest U.S. corporations. Its members represent companies that collect combined annual revenues of over $7.3 trillion, so when the BRT speaks, Congress tends to listen.

In brief, the 32-page declaration on cybersecurity states the BRT’s case for a legal alliance between the private sector and intelligence agencies that will exempt corporations from lawsuits as they wage cyber warfare. 

The argument is simple: much of the American economy is privately owned: banks, chemical plants, toll roads, energy systems. If cyber-enemies were to attack and disable critical functions, the damage would be crippling. Therefore, government and the private sector must establish a new legal framework for cyber defense, and this arrangement will allow the fluid exchange of privileged information between the country’s intelligence agencies and the private corporations that sit at the Business Roundtable.

Here at GAP, where we work with whistleblowers from both the national security and the finance worlds, the prospect of secret collaboration between the two spheres is frightening. Over the course of the past ten years, whistleblowers have reported to us on cronyism, fraud, cover-up, illegality and corruption at the top of the National Security Agency, CIA, AIG and many of the country’s largest banks, costing taxpayers hundreds of billions of dollars. 

Moreover, the self-interested crimes reported made the United States more vulnerable, not only to cyber threats, but also to economic collapse. 

From one whistleblower we learned the NSA shut down an effective, inexpensive program that sorted through the sea of electronic communications washing around the world daily and found threatening email and telephone connections. The NSA preferred a costly and cumbersome program built by a well-connected private sector contractor – a program that, in the end, didn’t work and had to be abandoned.

Whistleblowers at majors US banks have produced documentation showing widespread fraud in the pre-2008 mortgage origination and servicing business that wrecked the industry. We’ve also seen far-reaching incompetence, negligence and cover-ups at financial institutions that brought on the Great Recession.

Nonetheless, the BRT and the USG are proceeding down the path toward a “partnership” between national intelligence agencies and private corporations that is virtually oversight-free. In January 2013, we’re seeing the BRT proposal in pre-publication detail for the first time. Yet a couple of weeks ago, Ellen Nakashima wrote a piece in the Washington Post indicating the collaboration between US financial institutions and the intelligence community is already well underway.

In fact, the Congress tried to set this up more officially just last year but failed: H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA), passed in the House last April. It would amend the National Security Act of 1947. According to the BRT, the legislation would:

[E]nable national intelligence agencies to share strategic threat assessments and other pertinent intelligence, including classified information, with private-sector entities that own or operate major information systems and other critical infrastructure systems. More important, the bill removes legal barriers to information sharing and establishes a protected framework for the bidirectional sharing of information between the public and private sectors (p. 4).

Although the legislation did not pass the Senate, the government and its private sector friends are evidently proceeding. This is never a good idea in a democracy. Insider CEOs sit down at their roundtable with select politicians and come up with a scheme for protecting and advancing their own interests, which they then announce publicly as a plan with benefits for all of us.

Because the scheme is designed to promote and protect specific interests, though, it’s not presentable in raw form. Therefore, it’s unveiled as an effort to protect us all, and it’s written in denatured bureaucratic prose that is hard to penetrate.

Let’s parse the BRT proposal just posted, for example.

The government must create a clear and concise legal framework for both private sector to private sector and private sector to public sector sharing, with appropriate liability, antitrust and freedom of information protections for those acting within the framework. All of the actions proposed by BRT depend on the advancement of information sharing and removal of current legal barriers.

“Current legal barriers” are, of course, our rights as citizens to privacy and to information about what the government is doing. What the BRT is actually proposing here is not liability, antitrust and FOIA  “protections” from just anyone. The BRT is saying it needs protection from us. Although we’re all in this together, BRT firms must be protected not only from formidable cyber criminals and hostile “nation-state actors,” but also from U.S. citizens who might ask what’s going on.

John Wonderlich, Policy Director at the Sunlight Foundation, which works for transparency in government, had this to say about the prospect of public/ private cooperation on intelligence as proposed by CISPA:

Let's make something clear. The Freedom of Information Act is the law that lets the public force the government to determine whether information should be released or not. The Freedom of Information Act doesn't guarantee that information will be released, but just that anyone can request its release, and then have a legal process to try to provide a fair ruling on whether that information should be made public. Information that shouldn't be shared is already protected by law, through largely uncontroversial exemptions.

The FOIA is, in many ways, the fundamental safeguard for public oversight of government's activities.

So as it stands, FOIA does not automatically trigger the release of information from a government agency. At GAP, where we work frequently with FOIAs, we wouldn’t argue that the FOIA is an expeditious and efficient way to obtain information. For example, when Google called on our spy agencies to help with cyber attacks in 2010, the Electronic Privacy Information Center (EPIC) filed a request for data about the deal under the Freedom of Information Act. The FOIA was denied, and when EPIC appealed, it was denied again.

Nonetheless, the BRT wants even the law that permitted the request to be diluted, just in case some judge someday decides that the public has a right to information about back-channel, high-level public/private intelligence collaboration.

Since 9/11, we’ve learned the hard way that “national security” can be used to cover a multitude of sins. Think “enhanced interrogation techniques” and Abu Ghraib. Do we really want to cast the cloak of national security over credit default swaps and the shadow banking system? 

Because that’s exactly what the Business Roundtable is proposing. And not just that. The BRT also wants much of the same legal immunities that the government has. If the proposal for this “More Intelligent, More Efficient Cybersecurity Protection” proceeds, we’re surrendering the right to ask anything about it: Like how much it costs and what it’s authorized to do – to us.

Bea Edwards is the Executive Director for the Government Accountability Project, the nation's leading whistleblower protection and advocacy organization.

A Senate committee investigative report released today finds that fusion centers – massive Department of Homeland Security (DHS) undertakings touted as a solution to "information sharing" – are a colossal waste of taxpayer money and do little, if anything, to improve national security. The New York Times on the report:

The report found that the centers “forwarded intelligence of uneven quality — oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections, occasionally taken from already published public sources, and more often than not unrelated to terrorism.”

The Senate report contains evidence of fusion centers' needless invasion Americans' privacy rights, useless intelligence reporting, pervasive lack of oversight, and complete inability to account for the taxpayers money. DHS can't even give a definite number about how much taxpayer money it has spent on the fusion centers, and the margin of error is way bigger than the Powerball jackpot. WaPo reported:

[the Senate report says] oversight has been so lax that department officials do not know exactly how much has been spent on the centers. The official estimates varied between $289 million and $1.4 billion.

Government could have saved American taxpayers a few hundred million by listening to the American Civil Liberties Union (ACLU) when it warned back in 2007 that the developing fusion centers lacked proper oversight and endangered Americans' privacy rights. Five years ago, the ACLU reported that fusion centers

. . . raise very serious privacy issues . . . [and] there are serious questions about whether data fusion is an effective means of preventing terrorism in the first place, and whether funding the development of these centers is a wise investment of finite public safety resources.

Last night I discussed a variety of whistleblower issues currently in the news:

Over the weekend, I attended a TRUTHCON event presented by the Bradley Manning Support Network and the Georgetown Chapter of the National Lawyers Guild. (Go here to support Bradley Manning now). In the coming weeks Manning's attorneys are set to argue Manning's motion to dismiss the charges based on a failure to provide Manning with a speedy trial and a motion to dismiss the charges based on unlawful pre-trial punishment, specifically allegations of Manning's torture.

The past 72 hours has held one of the strangest disharmonic convergence of free speech events I have ever seen.

(1) On Tuesday, President Obama flourished his pretty rhetoric on free speech to the United Nations (UN):

Those in power have to resist the temptation to crack down on dissidents.

(2) A day later, the Sydney Morning Herald published US Air Force documents classifying Wikileaks and its founder Julian Assange as "enemies of the state," an action in sharp contrast to Obama's rhetoric about the importance of protecting dissent in a democracy.

Declassified US Air Force counter-intelligence documents, released under US freedom-of-information laws, reveal that military personnel who contact WikiLeaks or WikiLeaks supporters may be at risk of being charged with "communicating with the enemy", a military crime that carries a maximum sentence of death.

(3) The day after Obama's UN address, Assange addressed the UN from the Ecuadorian embassy where - fearing extradition to the U.S. - he has been granted asylum. Read FireDogLake's Kevin Gosztola for the highlights, including an understandable demand (especially in light of the fact that the U.S. government declared Assange the "enemy") that Obama live up to the free speech ideals Obama himself so eloquently presented to the UN:

President Obama spoke out strongly in favour of the freedom of expression. Those in power, he said, have to resist the temptation to crack down on dissent.

There are times for words and there are times for action. The time for words has run out. It is time for the US to cease its persecution of WikiLeaks, to cease its persecution of our people and it cease its persecution of our alleged sources.

It is time for President Obama to do the right thing and join the forces of change: not in fine words but in fine deeds.