Civil libertarians slam McCain cybersecurity bill

[WestVirginiaRebel]

Yahoo News:

SAN FRANCISCO (Reuters) - A cybersecurity bill introduced by Republican Senator John McCain could dramatically expand the domestic reach of U.S. intelligence agencies and potentially give them massive troves of emails, civil liberties advocates said.

"This is a privacy nightmare that will eventually result in the military substantially monitoring the domestic, civilian Internet," said Michelle Richardson of the American Civil Liberties Union.

Unlike the Democratic-led alternative supported by Majority Leader Harry Reid, the McCain bill stresses voluntary information sharing instead of regulation of critical industries by the Department of Homeland Security. McCain's bill was introduced last week.

But the types of information that could be shared are broad, and the data would go to "cybersecurity centers" that specifically include the National Security Agency's Threat Operations Center and the U.S. Cyber Command Joint Operations Center.

McCain spokesman Brian Rogers said such concerns were both overblown and premature.

"Senator McCain's priority in crafting this bill has been to make sure it strengthens our security while continuing to safeguard the privacy of consumers," Rogers said. "He remains open to addressing legitimate concerns as this process moves forward."

The bill says private companies such as Internet service providers could send the defense agencies evidence such as "network activity or protocols known to be associated with a malicious cyber actor or that may signify malicious intent."

Neither "network activity" nor "malicious intent" are defined in the bill, and they could theoretically encompass ordinary emails containing legal protest speech, the ACLU's Richardson said.

"It does appear it includes a hole through which the NSA may be able to drive a freight train," blogged Jerry Britto, a senior research fellow at George Mason University's Mercatus Center and an adjunct law professor at the university.

________

 

Cyber security overreach?