57.2 F
The Villages
Saturday, January 18, 2025

Keep an eye on bills on government computer surveillance

U.S. Rep. Rich Nugent
U.S. Rep. Rich Nugent

Couple bills this past week which didn’t receive much attention in the press, but that I very much think you all should be aware of: H.R 1560 – Protecting Cyber Networks Act and H.R. 1731 – National Cybersecurity Protection Advancement Act. Both bills (which are very closely related to one another) are seeking to improve longstanding shortfalls in our nation’s ability to respond to cyber attacks.

Anytime the government starts talking about anything close to computer surveillance, I get very serious heartburn and a very skeptical look on my face. Having watched previously how some in Congress have tried to mislead and brush off concerns about the NSA’s warrantless surveillance and so forth, I don’t believe a word people say until I see the text myself. And furthermore, it’s important to keep an eye on that text right up until the moment it’s passed because bills have a mysterious habit of changing at the last minute without much notice. And it’s also important to continue keeping a close eye on these bills until the Senate has passed its version and the two have been fused into a “conference report”. And once you’ve kept an eye on all of that, it’s continually important to keep an eye on how the lawyers interpret the statute and how the agencies implement it.

It’s not so much that I believe that there is nefarious intent. It’s just extremely uncomfortable for me, and I think a lot of Americans, to know the inherent power that comes from today’s digital surveillance capabilities. At the same time, we also have a serious dilemma with the rapid increase in criminal cyber attacks which are devastating everyday Americans as well as the growing threat potential of our enemies to attack military targets and civilian infrastructure.

So how do we know when we’re striking a good constitutional balance between privacy and security?

I think this week’s bills provide a good lens through which we can consider that question. Right now, partly because of laws, partly because of commercial and government policies, and partly because of unclear organizational leadership, there is very little coordination when a cyber attack occurs – first between private companies who may be facing simultaneous attacks and also between private companies and the government when those private entities need the government’s help defending themselves. In other words, it’s far too “every man for himself” right now in cyber defense.

If Target realizes that it’s being attacked, for instance, certainly the first step is to respond to the breach, shut it down quickly and notify customers as quickly as possible. Oftentimes, companies as big as Target have large in-house and contractor cyber teams that can handle much of the threat on their own. But if Target knows it’s being hacked and it’s not in a position to respond quickly, what does it do? Furthermore, if there is reason to believe other companies may be getting hacked in the same way, how does it go about asking the government for help in warning other companies about a specific threat? Basically, to a large degree, it can’t. Given the rate at which these attacks are increasing and the rate at which Americans’ credit cards, social security numbers, health records, etc are being stolen, this isn’t a good position for the American people to be in.

That inability to share specific, real-time threat information is a serious vulnerability. So how do you create a system in which companies can share attack information in real time – both with our government’s cyber defenses and with each other – while not inadvertently opening up the potential for more government surveillance?

It’s tough. Step one, in my opinion, is that it should be a bottom-up system and not a top-down system. In other words, I would have a serious problem with DHS or NSA constantly monitoring private networks in an effort to preemptively detect an attack. But I have substantially less heartburn with a private network going to DHS and saying, “Hey, we’re under attack over here and we need your help”.

I liken it to a basic police response. I think all of us would have a serious problem with the police installing cameras in our homes to monitor them all the time in case a break-in occurred. But when a break-in does occur, it’s perfectly normal to call the police and ask them to rush in and help. It’s also perfectly normal to tell our neighbors what the perpetrator looks like or that he’s been using garage doors to gain entry.

That’s the basic standard that I am looking for in cyber coordination. I also want to see explicitly laid out privacy protections about how data will be handled, who has access to it, when it must be destroyed and so forth. Just because I invite the police into my home to investigate does not mean that they get to leave cameras behind or come back whenever they please.

While many of my usual allies in the privacy battle had some reflexive concerns with this legislation (and given the government’s track record and current authorities, I completely understand where they are coming from) I do think this bill is a reasonable and balanced step in the right direction.

This is not the same thing as the NSA’s warrantless wiretapping. Far from it. And without putting too fine a point on it, as long as that “Section 215” NSA stuff is out there, the government has far more power than it should to gather data on Americans. That basic issue needs to be dealt with and it’s scheduled to be up for reauthorization soon.

Furthermore, as I said at the beginning, although these two things are very different, I think we need to keep a very close eye on where this week’s legislation goes. My understanding is that the Senate’s version of these bills does NOT have the same level of explicit protections written into it. If there is an attempt to remove or water down those protections, it quickly becomes a dealbreaker for me and a lot of my colleagues.

And while I may be highly sensitive to this privacy issue and willing to go to the mat over it, not everybody feels as strongly as I do. That’s how the previous NSA “reform” bills (which didn’t include sufficient reforms) passed. We need to remain vigilant – both on the cyber threat from criminals and foreign nations, but also the inherent threat of giving our government too much power. It’s a balancing act and we need to keep our copies of the Constitution close at hand and our eyes wide open.

As a general matter, even for the government’s own cyber defenses, there is a disastrous and well-acknowledged lack of coordination between the various cyber agencies – DHS, DOD, NSA and so forth. Right now, they can’t figure out how to get their act together on job number one – defending the homeland from external threats. So the idea that they are engaged in massive secondary and nefarious plot to monitor Americans isn’t realistic on practical grounds. But for me, that’s not the point. It’s that they shouldn’t have the capability or anything short of a clear and unambiguous legal prohibition against it. I intend to see that capability appropriately limited and the prohibition strengthened far beyond its current scope.

Congressman Rich Nugent represents The Villages in the U.S. House of Representatives.

So what is President Biden’s legacy?

What will President Biden’s legacy be? A Village of Winifred resident has a few suggestions.

I would love to have a Trader Joe’s in The Villages

A Village of Piedmont woman adds her voice to the chorus calling for a Trader Joe’s in The Villages. Read her Letter to the Editor.

Why do people assert that the GOP/MAGA are stupid for supporting Trump?

A Village of St. Charles woman, in a Letter to the Editor, wonders how anyone could support President-elect Trump.

There’s more to the story about ‘adult children’ in The Villages

A Village of Collier resident responds to a previous letter writer who complained about adult children living in The Villages and committing crime. The Collier resident says there’s more to the story.

Congressional widow denies existence of slush fund

A Village of Bonita resident, who is the widow of a Congressman, angrily responds to a letter writer’s claim there is a special slush fund in Congress to coverup extramarital affairs.