CISA Moves: A Summary

This afternoon, Aaron Richard Burr moved the Cyber Intelligence Sharing Act forward by introducing a manager’s amendment that has limited privacy tweaks (permitting a scrub at DHS and limiting the use of CISA information to cyber crimes that nevertheless include to prevent threat to property), with a bunch of bigger privacy fix amendments, plus a Tom Cotton one and a horrible Sheldon Whitehouse one called as non-germane amendments requiring 60 votes.

Other than that, Burr, Dianne Feinstein, and Ron Wyden spoke on the bill.

Burr did some significant goalpost moving. Whereas in the past, he had suggested that CISA might have prevented the Office of Public Management hack, today he suggested CISA would limit how much data got stolen in a series of hacks. His claim is still false (in almost all the hacks he discussed, the attack vector was already known, but knowing it did nothing to prevent the continued hack).

Burr also likened this bill to a neighborhood watch, where everyone in the neighborhood looks out for the entire neighborhood. He neglected to mention that that neighborhood watch would also include that nosy granny type who reports every brown person in the neighborhood, and features self-defense just like George Zimmerman’s neighborhood watch concept does. Worse, Burr suggested that those not participating in his neighborhood watch were had no protection, effectively suggesting that some of the best companies on securing themselves — like Google — were not protecting customers. Burr even suggested he didn’t know anything about the companies that oppose the bill, which is funny, because Twitter opposes the bill, and Burr has a Twitter account.

Feinstein was worse. She mentioned the OPM hack and then really suggested that a series of other hacks — including both the Sony hack and the DDOS attacks on online banking sites that stole no data! — were worse than the OPM hack.

Yes, the Vice Chair of SSCI really did say that the OPM hack was less serious than a bunch of other other hacks that didn’t affect the national security of this country. Which, if I were one of the 21 million people whose security clearance data had been compromised, would make me very very furious.

DiFi also used language that made it clear she doesn’t really understand how the information sharing portal works. She said something like, “Once cyber information enters the portal it will move at machine speed to other federal agencies,” as if a conveyor belt will carry information from DHS to FBI.

Wyden mostly pointed out that this bill doesn’t protect privacy. But he did call out Burr on his goalpost moving on whether the bill would prevent (his old claim) or just limit the damage 0f (his new one) attacks that it wouldn’t affect at all.

Wyden did, however, object to unanimous consent because Whitehouse’s crappy amendment was being given a vote, which led Burr to complain that Wyden wasn’t going to hold this up.

Finally, Burr came back on the floor, not only to bad mouth companies that oppose this bill again (and insist it was voluntary so they shouldn’t care) but also to do what I thought even he wouldn’t do: suggest we need to pass CISA because a 13 year old stoner hacked the CIA Director.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

13 replies
  1. Teddy says:

    Corporations are people, my friend!
    /Mitt Romney

    Corporations are more important than people who risk their lives for the US!

  2. orionATL says:

    senator burr ” suggest we need to pass CISA because a 13 year old stoner hacked the CIA Director.”



    no sad story about how,

    one beaurtiful fall sunday after church (natch), little cynthia target went walking through the woods to gramma’s house when a hacker with really big teeth, hairy ears, slanty yellow eyes, and an accent that sounded like “so solly” stole her credit cards, ate her cookies, and stomped on her little basket ?

    what a lost opportunity.

    fbi director james “big scare” comey needs to sit this senator down and give him some lessons in how to tell a really scarey bogey-storey, one that will move congressgoobers to vote blindly and mediamorons to laptop it up.

  3. orionATL says:

    i’m very curious about this matter:

    what has happened to that 13yr old stoner who broke into the cia director’s computer? will he spend the rest of his life at supermax in florence? or will common decency and good judgement prevail and the kid be congratulated on his cleverness and skills, told “not a good idea, son” and left to grow up?

  4. jerry says:

    “Burr even suggested he didn’t know anything about the companies that oppose the bill, which is funny, because Twitter opposes the bill, and Burr has a Twitter account.”
    I suggest he take a look at that local DC paper:
    Or is he possibly saying that he ‘knows nothing’ about Apple as in he has never heard of them? Trying to translate from the original gibberish is confusing.

  5. orionATL says:

    so what will cisa be once enacted,?

    my prediction, these and only these:

    – a get-out-of-court-free card for corporations who avail

    – a get-some-corp-to-spy-for-us card for our federal natsec policeria.

    question: where is the legislation to study, to discuss communally, and to recommend reasonable preventive measures, which is the traditional american approach to final federal legislation?

    at this moment in our history, all the legislation is top-down, hurry-up-the-house-is-burning legislation.

    foolish, and highly likely to be ineffective.

    but what the hell, it takes political pressure, e.g., chamber of commerce dollars-donar pressure, and media pressure off of congressgoobers.

    next up: our morally challenged president who spoke of such matters when he was trying to sucker us into voting for him – kinda like the congresshoobers are now.

  6. orionATL says:

    e.w. writes

    […Feinstein was worse. She mentioned the OPM hack and then really suggested that a series of other hacks — including both the Sony hack and the DDOS attacks on online banking sites that stole no data! — were worse than the OPM hack…]

    the sony hack, one of the most trivial computer intrusion events in history, is/was very important to the well-being of american society?

    why might the senator from california say something as inane as that?

    well, it’s money-raising time back at the dem hacienda and dems traditionally raise a lot of money from hollywood.

  7. orionATL says:

    it wouldn’t, couldn’t, be true could it, that john the drone-butcher’s use of his verizon phone line was the functional equivalent of a private server, a la secretary clinton?

    it wouldn’t, couldn’t be true could it, that john the drone-butcher sent important government documents, maybe unclassified just for the occasion, home?

    well, well. thank god for the capacity of smart kids to reveal official hypocrisy in spades.

  8. orionATL says:

    apparently what the kids who accessed john brennan’s e-mail account did to gain to that access that account was

    phishing, aka, the chinese basket trick.

    how would the cisa legislation stop, not discover who, but protectively stop, phishing?


    it seems that the cisa legislation is retroactive, historically backwards-pointing legislation.

    what the hell protection does one get from figuring out who busted into target or home depot? as soon as it happens, it’s all old history.

    for phishing especially, which seems to be the major technique used, everywhere (although h.d. was entered thru its self-help kiosks), the specific set of steps successfully used was, i assume, unique to each computer system breeched. and, i assume, the group involved may have been very different in each case.

    so how does cisa help this situation?

    haystacks, folks. haystacks.

    technological muscle, folks.

    with little regard for imaginative, creative, or analytical brain power.

  9. bloopie2 says:

    How old is DiFi? She’s starting to sound like my spouse’s previous boss, who was going senile (but wouldn’t admit it) on the job.

    • P J Evans says:

      She’s 82. And should have retired at the end of last term, if not before. (My most-senior-aunt is more in touch with reality. She’s also nearly 20 years older than DiFi.)

  10. JohnT says:

    Even though I’m not even close to being smart enough to be a lawyer, here’s my take on Kennedy vs the City of Biloxi
    Click my name, it’ll be on top

Comments are closed.