Posted on

MonsterMind: A Sinister Revelation and CISA

There is a revelation from Edward Snowden in a recent Wired article that points to the possibility of a new sinister reason for the construction of CISA.

In a previous post, I talked about CISA, a federal bill that would enable information sharing of cyber threats to the NSA from private corporations and local law enforcement. Due to a lot of backlash from corporations concerning our Fourth Amendment Protection Act, I assumed the protections CISA provided were just cover from prosecution of illegal search and seizure. However after reading “The Most Wanted Man in the World”, I believe it is more than just that.

The massive surveillance effort was bad enough, but Snowden was even more disturbed to discover a new, Strangelovian cyber warfare program in the works, codenamed MonsterMind. The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyber attack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country—a “kill” in cyber terminology.

Programs like this had existed for decades, but MonsterMind software would add a unique new capability: Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement. That’s a problem, Snowden says, because the initial attacks are often routed through computers in innocent third countries. “These attacks can be spoofed,” he says. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?”

In addition to the possibility of accidentally starting a war, Snowden views MonsterMind as the ultimate threat to privacy because, in order for the system to work, the NSA first would have to secretly get access to virtually all private communications coming in from overseas to people in the US. “The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows,” he says. “And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.” (A spokesperson for the NSA declined to comment on MonsterMind, the malware in Syria, or on the specifics of other aspects of this article.)

What if cyber threat information sharing is not a strategic tool, but a tactical one? What if CISA is a bill to provide cover for corporations and local law enforcement agencies that intend to use information as a weapon?

Protected entities may use “cybersecurity systems” to identify and obtain cyber threat information without “any provision of law.” Cleared individual(s) from protected entities provides this information to DHS. This information will then be shared among multiple federal agencies. If one entity doesn’t have a tactical means of to fight back against a cyber threat, CISA enables federal agencies to pass cyber threat information on to other protected entities that may have tactical means to kill a cyber threat.

Why weaponize corporations at all? Snowden said the idea is to get “all private communications coming in from overseas” to tackle threats from abroad. Most Internet traffic around the world flows back through the US and is then sent to its intended destination by means of American communications and tech providers.

So, how do you get corporations on board with this tactical and dangerous cyber threat tool? Simple, CISA provides a good faith clause.

“No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith.

Corporations and local law enforcement agencies may be provided cybersecurity systems like MonsterMind. Currently, DHS provides local, state, and municipal police agencies with military gear such as M16s and MRAPs. It is not too far-fetched that DHS would provide a security system, that attacks malware. As Snowden said, malware identifiers are not uncommon.

So, why do you need a good faith clause? MonsterMind has an error rate, and the system may fire at an innocent entity. There is no individual watching what threat the program is firing back on. In fact, there is no need to train anyone in a company that the threat identifier tool that fires back even exists. Disturbingly, not every corporation or law enforcement agency would need a tool like MonsterMind. Easily, DHS can pass threat information to another protected entity that has attack capability. Due to the good faith clause there will be no investigation of who fired back or why.

Most importantly, public knowledge of such activity is prohibited.

if shared with the Federal Government–

(i) shall be exempt from disclosure under section 552 of title 5, United States Code (commonly known as the `Freedom of Information Act’);

(ii) shall be considered proprietary information and shall not be disclosed to an entity outside of the Federal Government except as authorized by the entity sharing such information;

(iii) shall not be used by the Federal Government for regulatory purposes;

(iv) shall not be provided by the department or agency of the Federal Government receiving such cyber threat information to another department or agency of the Federal Government under paragraph (2)(A) if–

(I) the entity providing such information determines that the provision of such information will undermine the purpose for which such information is shared; or

(II) unless otherwise directed by the President, the head of the department or agency of the Federal Government receiving such cyber threat information determines that the provision of such information will undermine the purpose for which such information is shared; and

(v) shall be handled by the Federal Government consistent with the need to protect sources and methods and the national security of the United States; and

(E) shall be exempt from disclosure under a State, local, or tribal law or regulation that requires public disclosure of information by a public or quasi-public entity.

CISA is more than just an enabler of NSA’s illegal search and seizure. It protects a company or law enforcement agencies from any and all civil or criminal prosecution from cyber friendly fire, it can blind companies to true purpose of cybersecurity threat tools, it gags the public from evening knowing about abuses of the tool, and at the same time militarizes the Internet.

Leave a Reply

Your email address will not be published.