The United States Congress should restrict the National Security Agency’s ability to collect “bulk data” without a warrant

2NC Information Overload Link

CISA causes major information overloads and collapses cybersecurity

A growing number of information security and hacking incidents emphasize the importance of improving U.S. cybersecurity practices. But many computer security experts are concerned that the Cybersecurity Information Sharing Act of 2015 (CISA) is unlikely to meaningfully prevent cyberattacks as supporters claim. Rather, it will provide another avenue for federal offices to extract private data without addressing our root cybersecurity vulnerabilities.  

The main premise of CISA is that cyber breaches can be prevented by encouraging private companies to share cyber threat data with the government. CISA would extend legal immunity to private entities that share sensitive information about security vulnerabilities—often containing personally identifiable information (PII) about users and customers—with federal offices like the Department of Justice (DOJ), Department of Homeland Security (DHS) and Director of National Intelligence (DNI).  

This concerns privacy advocates who point out that such data collection could serve as an alternative surveillance tool for the NSA. Section 5(A) of CISA authorizes federal agencies to “disclose, retain, and use” shared data for many purposes beyond promoting cybersecurity, like investigating terrorism, the sexual exploitation of children, violent felonies, fraud, identity theft, and trade secret violation. In other words, CISA would allow federal agencies to use data obtained under the auspices of “cybersecurity protection” in entirely unrelated criminal investigations — potentially indefinitely. Indeed,CISA is currently stalled in the Senate in deference to debate over the NSA’s controversial bulk collection programs.  

But the Senate cool-down should not let us forget that CISA does not just threaten civil liberties, it could actually undermine cybersecurity. Information security experts point out that existing information sharing measures run by private companies like IBM and Dell SecureWorks rarely prevent attacks like CISA advocates promise. One survey of information security professionals finds that 87 percent of responders did not believe information sharing measures such as CISA will significantly reduce privacy breaches. The federal government already operates at least 20 information sharing offices collaborating on cybersecurity with the private sector, as Eli Dourado and I found in our new analysis through the Mercatus Center at George Mason University.  

The Office of Management and Budget reports that many of the federal agencies that would be given large data management responsibilities through CISA, like the DOJ and DHS, reported thousands of such breaches in FY 2014. These agencies’ own information security systems are unlikely to become miraculously impervious to external hacking upon CISA’s passing. In fact, the massive amounts of new data to manage could further overwhelm currently suboptimal practices. 

The federal government must get its own house in order before such comprehensive information sharing measures like CISA could be even technically feasible. But CISA would be a failure even if managed by the most well-managed government systems because it seeks to impose a technocratic structure on a dynamic system.

Information overload prevents effective preparation

Spira 10

Jonathan, “The Christmas Day Terrorism Plot: How Information Overload Prevailed and Counterterrorism Knowledge Sharing Failed,” http://www.basexblog.com/2010/01/04/the-christmas-day-terrorism-plot-how-information-overload-prevailed-and-counterterrorism-knowledge-sharing-failed/

The tools to manage information on a massive scale do indeed exist and it is clear that the U.S. government is either not deploying the right ones or not using them correctly. The National Counterterrorism Center, created in 2004 following recommendations of the 9/11 Commission, has a mission to break “the older mold of national government organizations” and serve as a center for joint operational planning and joint intelligence. In other words, various intelligence agencies were ordered to put aside decades-long rivalries and share what they know and whom they suspect. Unfortunately, while this sounds good in theory, in practice this mission may not yet be close to be being fully carried out. In addition to the fact that old habits die hard (such as a disdain for inter-agency information sharing), it appears that the folks at the NCTC failed to grasp basic tenets of knowledge sharing, namely that search, in order to be effective, needs to be federated and contextual, that is to say it needs to simultaneously search multiple data stores and present results in a coherent manner. Discrete searches in separate databases will yield far different results compared to a federated search that spans across multiple databases. All reports indicate that intelligence agencies were still looking at discrete pieces of information from separate and distinct databases plus the agencies themselves were not sharing all that they knew. In this case, much was known about Umar Farouk Abdulmutallab, the Nigerian man accused of trying to blow up Northwest Flight 253. In May, Britain put him on a watch list and refused to renew his visa. In August, the National Security Agency overheard Al Qaeda leaders in Yemen discussing a plot involving a Nigerian man. In November, the accused’s father warned the American Embassy (and a CIA official) in Abuja that his son was a potential threat. As a result, the son was put on a watch list that flagged him for future investigation. He bought his plane ticket to Detroit with cash and boarded the flight with no luggage. Yet, almost unbelievably, no one saw a pattern emerge here. Shouldn’t a system somewhere have put the pieces of this puzzle together and spit out “Nigerian, Abdulmutallab, Yemen, visa, plot, cash ticket purchase, no luggage = DANGER!”? Information Overload is partially to blame as well. Given the vast amount of intelligence that the government receives every day on suspected terrorists and plots, it could very well be that analysts were simply overwhelmed and did not notice the pattern. Rather than being immune from the problem, given the sheer quantity of the information it deals with, the government is more of a poster child for it. Regardless of what comes out of the numerous investigations of the Christmas Day terrorism plot and the information-sharing failures of the various intelligence agencies, one thing was abundantly clear by Boxing Day: the Federal Government needs to greatly improve its ability to leverage the intelligence it gathers and connect the dots.

2NC Innovation Link

Heavy-handed government security preventions tanks private sector innovation – that solves security more effectively

CDT 10

Center for Democracy and Technology, Cybersecurity Policy Should Protect Privacy, Innovation, http://www.cdt.org/blogs/greg-nojeim/cybersecurity-policy-should-protect-privacy-innovation

In comments filed yesterday, CDT asked the Department of Commerce to take a careful, nuanced approach to cybersecurity, to favor market-based approaches over government mandates, and to ensure that its efforts are not so heavy-handed as to stifle innovation or slow the development of necessary cybersecurity measures. CDT also urged the Department to take a leading role in implementing the National Strategy for Trusted Identities in Cyberspace, now being developed by the White House. We alerted the Commerce Department to our concern about NSTIC’s current focus on the use of government credentials for private transactions: A pervasive government-run online authentication scheme is incompatible with fundamental American values, CDT’s comments said. CDT asked the Department to distinguish between various private systems and elements of the Internet as it formulates its cybersecurity policy. We pointed out that policy toward private systems should have a light touch and should seek to preserve the characteristics of the Internet that make it such a success – its open, decentralized and user-controlled nature. Policy toward government systems can be more prescriptive, the comments said. We also cautioned that cybersecurity measures should not compromise President Obama’s promise that the government’s pursuit of cybersecurity will not include government monitoring of private sector networks or Internet traffic. The comments urge the Department to resist calls to create a cybersecurity information sharing regime that would involve sharing of Internet communications traffic that would compromise the promise of privacy that underlies the laws governing electronic surveillance.

2NC Turns Democracy Adv

Turn – liberal democracy – cyber-bill collapses it

Burghardt 10

Tom, “Obama's National Cybersecurity Initiative: Privacy and Civil liberties are Damned,” http://www.globalresearch.ca/index.php?context=va&aid=17993

As long time readers of Antifascist Calling are well aware, while hacking, online thievery and sociopathic behavior by criminals is a troubling by-product of the "information superhighway," state officials and shadowy security corporations have framed the debate in terms of yet another in a series of endless "wars." Mike McConnell, a former NSA Director, Bush regime Director of National Intelligence and currently an executive vice president with the spooky Booz Allen Hamilton corporation (a post he held for a decade before signing-on for the "War on Terror") penned an alarmist screed for The Washington Post February 28. McConnell, whose firm stands to reap billions of dollars in taxpayer largesse under CNCI, claimed that "The United States is fighting a cyber-war today, and we are losing." Drawing a spurious and half-baked (though self-serving) parallel between the Cold World nuclear stand-off with the former Soviet Union and today's cybercriminals, McConnell declared that a "credible" cyber-deterrent analogous to the doctrine of Mutually-Assured Destruction (MAD) would serve the United States "well." Ever the Cold warrior, McConnell avers that the U.S. needs to "develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options." "More specifically," McConnell writes, "we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment--who did it, from where, why and what was the result--more manageable." In other words, the secret state's role in monitoring each and every electronic communication, email, text message, web search, phone conversation or financial transaction must be subject to a pervasive and all-encompassing surveillance by securocrats or we won't be "safe." Indeed, as McConnell and his shadowy firm are well aware since they helped develop them, "the technologies are already available from public and private sources and can be further developed if we have the will to build them into our systems and to work with our allies and trading partners so they will do the same." Reckless advocacy such as this is the kiss of death for any notion of privacy, let alone the constitutional right to dissent. As Wiredinvestigative journalist Ryan Singel wrote last week, "The biggest threat to the open internet is not Chinese government hackers or greedy anti-net-neutrality ISPs, it's Michael McConnell, the former director of national intelligence." Why? Singel insists, "McConnell's not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering." And during his stint as DNI, "scared President Bush with visions of e-doom, prompting the president to sign a comprehensive secret order that unleashed tens of billions of dollars into the military's black budget so they could start making firewalls and building malware into military equipment." Self-serving rhetoric by the likes of McConnell about an alleged "cyber-armageddon" are not only absurd but the height of corporatist venality. As investigative journalist Tim Shorrock revealed in his essential book Spies for Hire and for CorpWatch, Booz Allen Hamilton, a wholly-owned subsidiary of the shadowy private equity firm, The Carlyle Group, "is involved in virtually every aspect of the modern intelligence enterprise, from advising top officials on how to integrate the 16 agencies within the Intelligence Community (IC), to detailed analysis of signals intelligence, imagery and other critical collections technologies." Clocking-in at No. 10 on Washington Technology's "Top 100" list of Federal Prime Contractors, Booz Allen pulled down some $2,779,421,015 in contracts in 2009. According to Shorrock, "BAH is one of the NSA's most important contractors, and owes its strategic role there in part to Mike McConnell, who was Bush's director of national intelligence." During an earlier stretch with BAH, "McConnell and Booz Allen were involved in some of the Bush administration's most sensitive intelligence operations, including the infamous Total Information Awareness (TIA) program run by former Navy Admiral John Poindexter of Iran-Contra fame." In his Washington Post op-ed, McConnell wrote that "we must hammer out a consensus on how to best harness the capabilities of the National Security Agency," and that the "challenge" is to shape "an effective partnership with the private sector so information can move quickly back and forth from public to private--and classified to unclassified--to protect the nation's critical infrastructure." Super spook McConnell claims this will be accomplished by handing "key private-sector leaders (from the transportation, utility and financial arenas) access to information on emerging threats so they can take countermeasures." However, the "private" portion of the "public-private" surveillance "partnership" must have a quid pro quo so that private sector sharing of privileged, highly personal, network information with the secret state doesn't invite "lawsuits from shareholders and others." In other words, privacy and civil liberties be damned! As Ryan Singel points out, "the contractor he works for has massive, secret contracts with the NSA" and McConnell now proposes that NSA "take the lead in guarding all government and private networks." But McConnell, and Booz Allen's advocacy goes far further than simple advocacy in developing a defensive cyber strategy. Indeed, BAH, and a host of other giant defense and security firms such as Lockheed Martin, are actively developing offensive cyber weapons for the Pentagon. According to Washington Technology, Lockheed Martin will continue to work with the Defense Advanced Research Project Agency (DARPA) in that Pentagon agency's development of a National Cyber Range under CNCI. That program is suspected of being part of Pentagon research to develop and field-test offensive cyber weapons. According to DARPA, "the NCR will provide a revolutionary, safe, fully automated and instrumented environment for U.S. cybersecurity research organizations to evaluate leap-ahead research, accelerate technology transition, and enable a place for experimentation of iterative and new research directions." "Now the problem with developing cyberweapons--say a virus, or a massive botnet for denial-of-service attacks," Singel writes, "is that you need to know where to point them." "That's why," the Wired journalist avers, "McConnell and others want to change the internet. The military needs targets." Add to the mix a Senate bill that would hand the president "emergency" powers over the Internet and a clear pattern of where things are headed begins to emerge. With giant ISP's such as Google already partnering-up with the NSA and other secret state agencies, the question is how long will it be before an American version of China's Golden Shield enfolds the heimat within its oppressive tentacles? Described by privacy advocates as a massive, ubiquitous spying architecture, the aim of the Golden Shield is to integrate a gigantic online data base with an all-encompassing surveillance network, one that incorporates speech and face recognition, closed-circuit television, smart cards, credit records, and Internet surveillance technologies. And considering that the Empire has reportedly stood-up a giant data base of dissidents called "Main Core," whose roots lie in programs begun during the Reagan administration, assurances by the Obama administration that Americans' privacy rights will be protected as CNCI is rolled-out ring hollow. According to exposés by investigative journalists Christopher Ketchum and Tim Shorrock, writing respectively in Radar Magazine and Salon, Main Core is a meta data base that contains personal and financial data on millions of U.S. citizens believed to be threats to national security. The data, which comes from the NSA, FBI, CIA, and other secret state sources, is collected and stored with neither warrants nor court orders. The name is derived from the fact that it contains "copies of the 'main core' or essence of each item of intelligence information on Americans produced by the FBI and the other agencies of the U.S. intelligence community," according toSalon. While the total cost of CNCI is classified, rest assured it will be the American people who foot the bill for the destruction of our democratic rights.

Yüklə 1,17 Mb.

Dostları ilə paylaş: