Posts

Congress Fails to Limit NSA Surveillance Using Patriot Act Loophole

,

NSA Surveillance includes the collection of your phone and email records for the sake of detecting and disrupting terrorism. The practice has proven effective, but the scope of the data collected (every phone call and email available, even if you are innocent) has raised eyebrows.

Congress, in a rare show of bipartisan agreement, may be leaning toward limiting the amount of data the NSA can collect.

Rep. Justin Amash, R-Mich., backed by Rep. John Conyers, D-Mich., put forth an amendment that would restrict the NSA’s ability to collect data under the Patriot Act on people not connected to an ongoing investigation.  The action was initiated after Edward Snowden, a government contract worker, leaked highly classified data to the media, revealing that the NSA has secretly collected phone and email records on millions of Americans without their knowledge or consent.

The bipartisan support was counterbalanced by a bipartisan effort to defeat it, with both House Speaker John Boehner and House Democratic Leader Nancy Pelosi opposing it.  In the end, the amendment to a defense spending bill was narrowly defeated by a vote of 217-205.

Still, the close vote may be indicative of a changing viewpoint in Washington: that NSA Surveillance should have oversight.  As Rep. Jim Himes, D-Conn., an Intelligence Committee member stated, “I think as more and more people come to understand the breadth of the authorizations that the NSA and other intelligence agencies have, they start to get a little worried about the encroachment on their privacy, and that’s absolutely fair.”

Himes stressed that the NSA is not out of bounds with their actions. “They are acting pursuant to very clear authority under Section 215 of the Patriot Act,” Himes said.   (215 provides authority for the surveillance programs.) But, he said, “that law is too broadly worded and being interpreted a little broadly.”

When the Patriot Act was introduced, there was an implicit understanding that the bill would come with a sunset period. In other words, the Act would be rolled back as the threat diminished. That rollback has never really taken place, and the NSA continues to exploit our short term memories by utilizing 215 to gather more information than the average American, heck, the average Congressperson, would be comfortable with. Once power is given, it’s exceptionally difficult to take it back. But Congress may be moving in the right direction.

Will Adams, Amash’s press secretary pointed out, “It was the first time that either house of Congress has gone on the record concerning NSA’s blanket surveillance since the NSA leaks started coming out.” He continued, “We got 205 votes despite the fact that we were up against the entire establishment in Washington…The civil liberties of Americans is not a partisan issue.”

Bill sponsor Conyers said in a statement to reporters, “This discussion is going to be examined continually … as long as we have this many members in the House of Representatives that are saying it’s ok to collect all the records you want just as long as you make sure you don’t let it go anywhere else. That is the beginning of the wrong direction in a democratic society.”

Despite the defeat, the debate has led to talk of cutting funding and denying the NSA the authority to continue its data collection. Talk in Washington, however, seems to be fairly cheap. Rep. James Sensenbrenner, R-Wis., cautioned the administration that if it “continues to turn a deaf ear to the American public’s outcry, Section 215 will not have the necessary support to be reauthorized in 2015.”  He further stated, “The proper balance between privacy and security has been lost.”

I’m not suggesting that the entire NSA program be scrapped, I’m simply asking for more transparency as to what is being gathered, and a certain assurance that private data is only being collected and retained on suspects actually under suspicion, not on every American citizen.

John Sileo is a cyber security keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable.

2 Truths & a Lie: Venture Capital Frenzy Misses Cyber Security Mark

,

Cyber Security Venture CapitalUSA Today recently opined that the venture capital flooding into the cyber security marketplace is justified. Unlike the dotcom boom and bust cycle of the late 90s, it says, the current spending on securing information capital is justified, as the Internet and corporate networks are in dire need of better protection. Without even a moment’s hiccough, this is undeniably true.

Take some recent cases in point: China hacking into the New York Times and Wall Street Journal, or the Syrian Electronic Army cracking into the Associated Press and 60 Minutes. If you’re looking for corporate examples, look no further than the $45 million stolen by cyber thieves via MasterCard pre-paid debit cards. Cyber security is the new darling of the Obama administration, the media and Sandhill Road because all three are finally learning how much they have to lose (or in the case of VCs, gain) by ignoring cyber security.

To the venture capitalists’ credit, many of the newly minted information security startups in Silicon Valley, the DC Beltway and elsewhere will in fact make huge profits. After all, nothing sells like fear. The mission of a venture capitalist is almost soley to make money. Acknowledged and forgiven. But making money doesn’t solve cyber crime. So what does? That’s where we encounter the lie. So far we have two truths: 1. spending on cybersecurity is justified and 2. VCs aim to make money. Now for the lie. 

The Lie: Technology is the Rosetta-Stone-Solution that solves cyber security threats.

If you look at the recent funding frenzy described in the USA Today article, a majority of the VC investments target hardware and software companies that solve one (or maybe several aspects) of our new cyber reality. Some make firewalls, other protect the cloud. This one targets malware and that one WiFi encryption. These are all important pieces of the virtual puzzle. And yet, none of the startups I have seen incorporate solutions for the common denominator of nearly all cyber security breaches: we humans.

Behind every great firewall is an employee who brings their own unauthorized device into the company network (ever emailed a business file using your personal account?). At the heart of many a great hack are usernames and passwords that are identical for a user’s Facbook account, bank account and workplace login. Steal the Facebook login and voila, you are into the corporate network as a privileged user.

Security does not exist in a technological vacuum. It lives in the gaps between innovative tools like firewalls and the humans that configure, update and utilize them. If you don’t properly train the humans on cyber security, identity protection, fraud prevention, social engineering and the like, the technology becomes useless.

And the company that finds a solution to the human problem and incorporates it into the technology won’t just make a load of profits, they will make a world of difference.

John Sileo is the CEO of The Sileo Group and an advisor on the human element of cyber security, social engineering and fraud prevention. His body of work includes engagements with the Department of Defense, Visa, Homeland Security and hundreds of businesses of all sizes. View John’s client testimony, interactive keynotes & national media coverage.