On October 19, 2015, a “13-year-old stoner” by the Twitter tag of @phphax successfully hacked into the private account of Central Intelligence Agency Director John Brennan. Phphax used a very common but efficient hack called social engineering to access private emails on the Director’s American Online account. Some of the data Phphax acquired was the personal info of many of the CIA’s top officials, including the head of the Department of Homeland Security. It brings up the question of why the CIA chief keeps valuable information about officials within the agency inside an unencrypted non-government server through AOL, a server that a 13-year-old can hack into? (Also, it brings into question if our CIA director is incompetent, since he was susceptible and unfamiliar to a fairly popular hacking technique).
If Phphax is caught, it is very likely that Brennan will make an example of him. However, the consequences stretch farther than that. It is likely that these incidents will incite further support for the Cybersecurity Information Sharing Act (CISA), a bill recently passed by the Senate, giving the intelligence agencies greater access to mass domestic surveillance under a vague label: “cybersecurity.” American Express’s Marc. D Gordan and Microsoft’s Scott Charney both make a good argument that “companies should be required to strip unnecessary personal information before engaging in sharing, and that the government should not be able to use information it receives for law enforcement or national security objectives, absent judicial authorization.” According to Greg Nojeim, a privacy expert from the Center of Democracy and Technology, CISA does not adequately address privacy and civil liberties by giving intelligence agencies unwarranted access to the online activity of the normal American citizen. Because this bill could be passed, it is within the capacity of the government to observe most day-to-day activities of Americans.
The issue of the government spying on its own citizens has been addressed by many, and people have become more aware due to Edward Snowden. The main reason supporters of CISA want this act to pass is because they want more information to stop cyberattacks and cyberterrorism.
Unfortunately, pursuing this avenue to stop cyberattacks is not only immoral, but costly, redundant and inefficient. Security experts in the House, Space and Technology Subcommittee and the Chief Executive Officer of the Information Technology Industry Council both agree that the easiest way to prevent unwanted access into our government’s and industries’ servers is not to go through surveillance, but to adopt a sense of “cyber hygiene.” The House Space and Technology Subcommittee said that 80 to 90 percent of all cyber threats can be prevented using simple practices such as encrypting data, updating software and creating passwords. I concur with the experts, since it eliminates so much of malicious cyber activity without violating the rights of Americans.
When it comes to the drive of our country’s intelligence agencies, some would say that it would be commendable. What is even crazier is that their justification for using said techniques is just as ridiculous as the techniques implemented themselves.
A main force that drove Washington to attempt to pass CISA is similar to bills in the past that stemmed from American fear. Because of a few extreme cases of hackers like Albert Gonzalez (the hacker that stole 170 million dollars from credit card theft in 2005), the paranoia that CISA thrives from is comparable to the paranoia from the Red Scare of the 1950’s or the passing of the Patriot Act just after 9/11. Though fear is a natural part of being human, allowing fear to be the driver in such actions should not be the case.
The pursuit for passing CISA is simply a way for intelligence organizations to have the authority to track down American citizens. They use paranoia to get the authority they need, and once the intelligence agencies do, they will go through the private information of every American citizen to “catch” anyone who has the potential to embarrass them in that same manner. Passing CISA is inefficient, a waste of resources, immoral and driven by the fear of cyber activity.