A funding deal approved by the House today and set to clear Congress within days positions the Department of Homeland Security as the front door for hack surveillance intelligence arriving from private industry. The back door, to the chagrin of some privacy activists, is the intelligence community.
The 2,000-page $1.1 trillion spending bill rife with unconnected policy measures creates an instant information-sharing regime housed at DHS.
One of the provisions aligns very closely with a controversial, years-in-the-making bill called the Cybersecurity Information Sharing Act, or CISA.
A separate, related measure empowers Homeland Security to scan data from any agency for telltale signs of hacker operations.
Companies within six months will receive procedures for voluntarily sharing with DHS details about malicious network activities, including email data that sometimes could contain personal information.
Organizations also can choose to receive details, also known as “indicators” or “signatures,” from DHS that are collected from federal agencies and other participating firms.
The hotline system must be able to ferry submissions to the Director of National Intelligence, Pentagon, Justice Department and several other relevant agencies — a key concern among privacy advocates wary of surveillance overreach.
The bill sets out a number of deadlines:
Within three months after enactment, Homeland Security must develop a tool capable of accepting computer records from industry via email, a website form, or another means of instant machine-to-machine interaction. Within six months, the two departments must publish the steps and rules for receiving the intelligence, some of which will be classified.…