Former National Security Agency head Keith Alexander said Congress should grant the Pentagon the same sort of surveillance powers it is seeking to bestow upon the Department of Homeland Security in the Cyber Information Sharing Act (CISA).
On Tuesday, Alexander urged the House and Senate to grant the Defense Department access to information CISA will allow DHS to glean from Americans at “network speed.”
“When there’s a military response required from actions, that has to go immediately to the Defense Department,” he told Senate Armed Services committee chair John McCain (R-Ariz.).
Alexander also said that sharing protocols for metadata, or records of communications, could allow for the information to be passed between DHS and the Pentagon “automatically.”
“DHS and other entities can receive this information at the same time, but information relevant to the defense of this country should not be delayed by another department or agency,” he also said, in an opening statement before the senate panel.
“It is critical that as the two Houses confer on the final bill, members should keep in mind the critical importance of speed and flexibility for protecting the nation against threats that morph rapidly and in real-time,” Alexander added.
CISA legislation already passed by the chambers differ, but all versions advanced thus far force tech companies participating under the law to give all “cyber threat” information to DHS. The War on Terror-era department will then decide to send pertinent data to relevant departments and agencies.
The White House strongly opposes the sending of information under a CISA-framework to any agency other than DHS.
“The Administration supports Senate passage of [CISA]” it said while the bill was still being deliberated in the upper chamber, “including, but not limited to, preserving the leadership of civilian agencies in domestic cybersecurity.”
Despite his criticisms, Alexander did praise the bill for incentivizing cooperation between US spooks and Corporate America.
“They’re very concerned about what they share with the government because of liability,” he said of the business community, in response to another question from McCain.
Alexander, head of the NSA from 2005 until 2013, himself joined the private sector after retiring from government. The Wall Street Journal reported last week that his start-up, IronNet Cybersecurity Inc., received a $32.5 million investment from a “prominent venture-capital firm,” Kleiner Perkins Caufield & Byers.
Alexander received unusual amounts of scrutiny while head of the NSA thanks to 2013 disclosures about the agencies’ mass surveillance programs made by Edward Snowden.
Privacy advocates, including Sen. Ron Wyden (D-Ore.), have decried CISA as a “surveillance bill” masquerading as cybersecurity law.
Wyden was among a few senators who sought to rein in CISA’s more invasive provisions. The last of those efforts failed just before the bill’s final passage.
CISA’s defenders have countered civil libertarian arguments by saying that participation in the information-sharing regime is voluntary, and that data passed from private to public sector will be scrubbed of sensitive, personally-identifiable material.
Detractors, however, say that the “voluntary” spying program creates a strong incentive for companies to give information to the federal government—particularly if they are likely targets of cyber attacks.
Critics have also said that the statutory threshold for requiring firms to protect users’ privacy is far too low. If companies “know at the time of sharing” that information is personal and identifiable, they are prohibited from passing it to DHS under CISA. Some have said the bar should be raised to a “reasonable belief” prerequisite—one that would force the private sector to take greater precaution.