This month, the Business Roundtable (BRT) posted an alarming proposal: "More Intelligent, More Efficient, Cybersecurity Protection." The BRT is an association of the CEOs of the largest U.S. corporations. Its members represent companies that collect combined annual revenues of over $7.3 trillion, so when the BRT speaks, Congress tends to listen.

In brief, the 32-page declaration on cybersecurity states the BRT’s case for a legal alliance between the private sector and intelligence agencies that will exempt corporations from lawsuits as they wage cyber warfare. 

The argument is simple: much of the American economy is privately owned: banks, chemical plants, toll roads, energy systems. If cyber-enemies were to attack and disable critical functions, the damage would be crippling. Therefore, government and the private sector must establish a new legal framework for cyber defense, and this arrangement will allow the fluid exchange of privileged information between the country’s intelligence agencies and the private corporations that sit at the Business Roundtable.

Here at GAP, where we work with whistleblowers from both the national security and the finance worlds, the prospect of secret collaboration between the two spheres is frightening. Over the course of the past ten years, whistleblowers have reported to us on cronyism, fraud, cover-up, illegality and corruption at the top of the National Security Agency, CIA, AIG and many of the country’s largest banks, costing taxpayers hundreds of billions of dollars. 

Moreover, the self-interested crimes reported made the United States more vulnerable, not only to cyber threats, but also to economic collapse. 

From one whistleblower we learned the NSA shut down an effective, inexpensive program that sorted through the sea of electronic communications washing around the world daily and found threatening email and telephone connections. The NSA preferred a costly and cumbersome program built by a well-connected private sector contractor – a program that, in the end, didn’t work and had to be abandoned.

Whistleblowers at majors US banks have produced documentation showing widespread fraud in the pre-2008 mortgage origination and servicing business that wrecked the industry. We’ve also seen far-reaching incompetence, negligence and cover-ups at financial institutions that brought on the Great Recession.

Nonetheless, the BRT and the USG are proceeding down the path toward a “partnership” between national intelligence agencies and private corporations that is virtually oversight-free. In January 2013, we’re seeing the BRT proposal in pre-publication detail for the first time. Yet a couple of weeks ago, Ellen Nakashima wrote a piece in the Washington Post indicating the collaboration between US financial institutions and the intelligence community is already well underway.

In fact, the Congress tried to set this up more officially just last year but failed: H.R. 3523, the Cyber Intelligence Sharing and Protection Act (CISPA), passed in the House last April. It would amend the National Security Act of 1947. According to the BRT, the legislation would:

[E]nable national intelligence agencies to share strategic threat assessments and other pertinent intelligence, including classified information, with private-sector entities that own or operate major information systems and other critical infrastructure systems. More important, the bill removes legal barriers to information sharing and establishes a protected framework for the bidirectional sharing of information between the public and private sectors (p. 4).

Although the legislation did not pass the Senate, the government and its private sector friends are evidently proceeding. This is never a good idea in a democracy. Insider CEOs sit down at their roundtable with select politicians and come up with a scheme for protecting and advancing their own interests, which they then announce publicly as a plan with benefits for all of us.

Because the scheme is designed to promote and protect specific interests, though, it’s not presentable in raw form. Therefore, it’s unveiled as an effort to protect us all, and it’s written in denatured bureaucratic prose that is hard to penetrate.

Let’s parse the BRT proposal just posted, for example.

The government must create a clear and concise legal framework for both private sector to private sector and private sector to public sector sharing, with appropriate liability, antitrust and freedom of information protections for those acting within the framework. All of the actions proposed by BRT depend on the advancement of information sharing and removal of current legal barriers.

“Current legal barriers” are, of course, our rights as citizens to privacy and to information about what the government is doing. What the BRT is actually proposing here is not liability, antitrust and FOIA  “protections” from just anyone. The BRT is saying it needs protection from us. Although we’re all in this together, BRT firms must be protected not only from formidable cyber criminals and hostile “nation-state actors,” but also from U.S. citizens who might ask what’s going on.

John Wonderlich, Policy Director at the Sunlight Foundation, which works for transparency in government, had this to say about the prospect of public/ private cooperation on intelligence as proposed by CISPA:

Let's make something clear. The Freedom of Information Act is the law that lets the public force the government to determine whether information should be released or not. The Freedom of Information Act doesn't guarantee that information will be released, but just that anyone can request its release, and then have a legal process to try to provide a fair ruling on whether that information should be made public. Information that shouldn't be shared is already protected by law, through largely uncontroversial exemptions.

The FOIA is, in many ways, the fundamental safeguard for public oversight of government's activities.

So as it stands, FOIA does not automatically trigger the release of information from a government agency. At GAP, where we work frequently with FOIAs, we wouldn’t argue that the FOIA is an expeditious and efficient way to obtain information. For example, when Google called on our spy agencies to help with cyber attacks in 2010, the Electronic Privacy Information Center (EPIC) filed a request for data about the deal under the Freedom of Information Act. The FOIA was denied, and when EPIC appealed, it was denied again.

Nonetheless, the BRT wants even the law that permitted the request to be diluted, just in case some judge someday decides that the public has a right to information about back-channel, high-level public/private intelligence collaboration.

Since 9/11, we’ve learned the hard way that “national security” can be used to cover a multitude of sins. Think “enhanced interrogation techniques” and Abu Ghraib. Do we really want to cast the cloak of national security over credit default swaps and the shadow banking system? 

Because that’s exactly what the Business Roundtable is proposing. And not just that. The BRT also wants much of the same legal immunities that the government has. If the proposal for this “More Intelligent, More Efficient Cybersecurity Protection” proceeds, we’re surrendering the right to ask anything about it: Like how much it costs and what it’s authorized to do – to us.

Bea Edwards is the Executive Director for the Government Accountability Project, the nation's leading whistleblower protection and advocacy organization.

A Senate committee investigative report released today finds that fusion centers – massive Department of Homeland Security (DHS) undertakings touted as a solution to "information sharing" – are a colossal waste of taxpayer money and do little, if anything, to improve national security. The New York Times on the report:

The report found that the centers “forwarded intelligence of uneven quality — oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections, occasionally taken from already published public sources, and more often than not unrelated to terrorism.”

The Senate report contains evidence of fusion centers' needless invasion Americans' privacy rights, useless intelligence reporting, pervasive lack of oversight, and complete inability to account for the taxpayers money. DHS can't even give a definite number about how much taxpayer money it has spent on the fusion centers, and the margin of error is way bigger than the Powerball jackpot. WaPo reported:

[the Senate report says] oversight has been so lax that department officials do not know exactly how much has been spent on the centers. The official estimates varied between $289 million and $1.4 billion.

Government could have saved American taxpayers a few hundred million by listening to the American Civil Liberties Union (ACLU) when it warned back in 2007 that the developing fusion centers lacked proper oversight and endangered Americans' privacy rights. Five years ago, the ACLU reported that fusion centers

. . . raise very serious privacy issues . . . [and] there are serious questions about whether data fusion is an effective means of preventing terrorism in the first place, and whether funding the development of these centers is a wise investment of finite public safety resources.

Yesterday, the House of Representatives voted to re-authorize the 2008 FISA Amendments Act (FAA). The FAA Re-authorization represents the normalization of a domestic surveillance state.

The FAA was bad enough in 2008, when it "legalized" parts of the Bush warrantless wiretapping program and gave retroactive immunity to telecommunications companies that gave up customers' private data to the government, but at least it had a sunset. American Civil Liberties Union legislative counsel Michelle Richard said of the re-authorization:

Yet again, the House has rubberstamped a law so broad and vague that, despite its passage four years ago, we still have little idea how the government is using it.  

Despite the facts that:

1. the sunset provided Congress an opportunity to rethink the broad surveillance powers the Executive has repeatedly abused;
2. even Senators - like Ron Wyden (D-OR) - cannot get a straight answer from the intelligence community about how the law is being used against Americans; and
3. whistleblowers, like my client National Security Agency (NSA) whistleblower William Binney, have risked everything to expose domestic spying, the House voted to further empower the Executive's already unprecedented surveillance powers.

The House was obviously not listening to the numerous warnings about continuing unchecked domestic surveillance programs from my clients – NSA whistleblowers William Binney, J. Kirk Wiebe, and Thomas Drake – all of whom were criminally investigated in retaliation for their disclosures. (Drake was prosecuted under the Espionage Act and faced decades in prison before the Justice Department's case against him collapsed in spectacular fashion days before trial.)

Whatever your opinion of Wikileaks founder Julian Assange, he was right when he called for an end to the war on whistleblowers in his speech outside the Ecuadorian Embassy in London yesterday:

The U.S. administration's war on whistleblowers must end. Thomas Drake, William Binney, John Kiriakou, and other heroic whistleblowers must be pardoned or compensated for the hardships they have endured as servants of the public record.

While my clients' stories differ greatly from Assange's, the Obama administration has threatened to criminally prosecute all of them with the same draconian Espionage Act, a law meant to go after spies not whistleblowers. And the effect of the Obama administration's policy – if not the goal – is the same for my clients and Assange - to silence dissent.

Despite that Assange is often attacked for only looking out for himself (who could blame him considering London police were waiting outside the Ecuadorian embassy to arrest him?), he took time in his minutes-long speech to reach out to others who have been prosecuted. He also correctly identified the Obama administration's war on whistleblowers as a war on journalists and the media, a connection made by myself, Glenn Greewald, and the US main stream media itself.

The United States must pledge before the world that it will not pursue journalists for shining a light on the secret crimes of the powerful.There must be no foolish talk about prosecuting any media organisations, be it Wikileaks or the New York Times.

Assange calls for an end to U.S.'s "witch hunt" against Wikileaks called to mind Supreme Court Louis Brandeis:

Fear of serious injury cannot alone justify suppression of free speech and assembly. Men feared witches and burnt women.

The Washington Post reported today on the spy software (sold by SpectorSoft) dozens of federal agencies have purchases to monitor their employees' electronic activities:

Government workers have long known their bosses can look over their shoulder to monitor their computer activity. But now, prompted by the WikiLeaks scandal and concerns over unauthorized disclosures, the government is secretly capturing a far richer, more granular picture of their communications, in real time.

WaPo's report comes on the heels of the Food & Drug Administration's surveillance scandal, which revealed widespread monitoring of employees, whistleblowers' protected communications with Congress and the Office of Special Counsel, congressional staffers, and reporters.

The SpectorSoft software can do more than simply read employees' e-mails. It can:

• Take a screen shot of a computer
• Intercept a tweet or Facebook post
• Monitor keystrokes
• Retrieve hard drive files

 SpectorSoft's senior marketing manager elaborated on what federal agencies can do with SpectorSoft's software:

“Think of it as someone stood behind you and put a video camera behind you while you’re working,” Catalini said. “It comes back down to: What does the agency want to record?”

Glenn Greenwald wrote yesterday about "secrecy creep"  – the retaliation against whistleblowers that has crept down from the White House into Executive branch agencies.

Whistleblowers have always been subjected to retaliation, but the retaliation used to be focused on marginalizing the whistleblower, shifting or eliminating the whistleblower's job duties, firing her, or yanking her security clearance. Now, with the Obama administration's war on whistleblowers, whistleblower retaliation includes polygraphs, systematic monitoring of whistleblowers' electronic activities, and prosecution under the Espionage Act – even at Executive agencies beyond the intelligence community.

Intelligence community whistleblowers like former National Security Agency (NSA) officials Bill Binney and J. Kirk Wiebe were targeted with criminal investigation and subjected to armed FBI raids. Even more severe, whistleblowers like former NSA official Thomas Drake and former CIA officer John Kiriakou were indicted under the Espionage Act.

Now Executive branch agencies outside the intelligence community are using the secrecy and surveillance tactics to punish whistleblowers.

Greenwald provides concrete examples of the secrecy creep resulting in increased whistleblower retaliation:

[1] . . . McClatchy reported on a criminal investigation launched by the Inspector General (IG) of the National Reconnaissance Office, America’s secretive spy satellite agency, against the agency’s deputy director, Air Force Maj. Gen. Susan Mashiko. After Mashiko learned that four senior NRO officials whose identities she did not know reported to the IG “a series of allegations of malfeasant actions” by another NRO official relating to large contracts, Mashiko allegedly vowed: “I would like to find them and fire them.”

[2] It was not until 2011 that the Interior Department . . .  hired . . . a hydrologist, Dr. Paul Houser, who was previously an associate professor in George Mason University’s Geography and Geoinformation Sciences Department.

Adding to the leak hysteria in Washington, the Senate Intelligence Committee advanced legislation purportedly to limit "leaks." WaPo reports:

The legislation, which has yet to be considered by the full Senate or House, would require the White House to notify Congress whenever it plans to share classified information with the public and would curb an increasingly common arrangement in which top national security officials take jobs as commentators on cable-television shows.

What Congress completely neglects to address in their apparent frustration that the White House leaks to the press before leaking to Congress, is that whistleblowers who are sources for Congress end up getting burned and monitored by the Executive branch.

If the Senate Intelligence Committee really wanted to stop media leaks and preserve its oversight abilities, it would enact meaningful whistleblower protections so that employees who bring concerns to Congress are adequately protected from retaliation. Such a measure would certainly give Congress more information than a head's up from the White House that the White House is planning to make public information that will no doubt benefit the administration.

UPDATE: For a full summary of the anti-leak measures in the Intelligence Authorization legislation see Steven Aftergood's analysis. Key quote:

And yet there is something incongruous, if not outrageous, about the whole effort by Congress to induce stricter secrecy in the executive branch, which already has every institutional incentive to restrict public disclosure of intelligence information.

National Security Agency (NSA) whistleblower Thomas Drake testified before two congressional committees and brought his concerns massive waste, fraud, abuse, and illegality at NSA to the House and Senate Intelligence Committees, in accordance with the Intelligence Community Whistleblower Protection Act. However, that didn't stop the Obama administration from charging him under the Espionage Act and threatening him with spending the rest of his life behind bars. (The case against Drake collapsed under the weight of the truth last summer).

‘Chilling Effect’ Far-Reaching if Congress Fails to Act

(Washington, D.C.) – Today, the Government Accountability Project (GAP) is publicly denouncing the Food and Drug Administration’s (FDA) implementation of an invasive and potentially illegal surveillance system instituted against employees trying to blow the whistle on critical safety issues surrounding medical devices.

The New York Times revealed the in-depth surveillance program in an explosive piece this past weekend. That article detailed how the agency monitored and “secretly captured thousands” of email communications between the whistleblowers and members of the media, Congress, attorneys, other regulatory officials, and the White House. Many of these communications are protected by various whistleblower laws. Subsequent reports show that agency lawyers approved these measures.

Amanda Hitt, GAP Public Health Director, and Director of GAP’s Food Integrity Campaign (which aims to protect whistleblowers at the FDA), stated:

“While the outcry by Congress and regulators thus far against the FDA is encouraging, the damage may have already been done. It’s hard to imagine how this fiasco won’t have a chilling effect on future FDA whistleblowers, and employees from all sorts of government agencies.

“This foray into espionage is nothing more than a service the agency provides to its 'clients.' Simply put, the FDA is spying on its own to protect the financial interests of the very corporations it is bound to regulate.”

GAP National Security & Human Rights Director Jesselyn Radack, who monitors the federal government’s use of surveillance, stated:

The Washington Post expanded on this weekend's blockbuster New York Times article revealing the FDA's invasive surveillance on employees, reporters, and congressional staffers in an attempt to target seven scientist-whistleblowers who raised concerns about excessive radiation emitted from mammogram and colonoscopy machines.

This scandal includes an "enemies list," outsourced surveillance, spyware on dogs, and numerous other outrages.

The Washington Post reported that

Sen. Charles E. Grassley (R-Iowa) said that his staff had learned that the spying was “explicitly authorized, in writing” by the agency’s top legal office.

Learning from the now-infamous Justice Department Office of Legal Counsel and my law school classmate John Yoo, who twisted the law to justify torture, the FDA's chief counsel apparently reviewed and authorized the surveillance in a secret memo. The FDA's defense is so lame it is hard to take it with a straight face:

She said that the surveillance was limited in scope . . . The FDA acknowledged Friday that targeted surveillance of five employees began in mid-2010, but it said that was not ongoing today, . . .

The fact that FDA targeted only the whistleblowers, whose communications included legally-protected disclosures to the media, congress, and the Office of Special Counsel, makes the monitoring more problematic, not less.

An FDA spokeswoman assured WaPo that:

“We did not impede or interfere with any employee communication to Congress, their staff, media or federal investigators,” she said.

But, the very act of monitoring IS interfering with the communications. If you know the FDA is monitoring your e-mails you might think twice about revealing to government investigators or Congress or the media that the FDA is disregarding the public health and safety of Americans.

The UK's Daily Mail reports:

The Department of Homeland Security [DHS] has been forced to release a list of keywords and phrases it uses to monitor social networking sites and online media for signs of terrorist or other threats against the U.S.

The Electronic Privacy Information Center (EPIC) obtained the list of mostly-innocuous words DHS finds important enough to include in a guide for analysts whose goal is to

[identify] media reports that reflect adversely on DHS and response activities.

The list includes completely innocent words anyone would use in social networking, such as

flu
leak
incident
response
cops
exercise
sick
pork
electric
cancelled
smart
power
delays
cloud
vaccine
interstate
closure
emergency
hurricane
organization
metro
storm
virus
help