GOP-led House panel accuses cybersecurity agency of violating citizens' civil liberties

The federal government agency charged with protecting critical infrastructure and guarding against cybersecurity threats is accused of "exceeding its statutory authority" in its post-2016-election efforts to monitor domestic social media for evidence of misinformation, disinformation and malinformation, according to a House Republican-led committee's interim report.

The House Judiciary Committee and Subcommittee on Weaponization of the Federal Government issued a report accusing the Critical Infrastructure and Cybersecurity Agency, or CISA, of facilitating the "censorship of Americans directly and through third-party intermediaries." The committee's investigation cites internal Department of Homeland Security emails and meeting notes. 

The core claims of the 41-page report focus on changes at the agency since the 2016 election.  A January 2017 report from the Office of the Director of National Intelligence found Russian efforts to influence the election "demonstrated a significant escalation in directness, level of activity, and scope of effort compared to previous operations."  The report did not assess "the impact that Russian activities had on the outcome of the 2016 election."  

The House Judiciary Committee's report, peppered with politically charged language, alleges that CISA expanded the monitoring of foreign "disinformation" to "all disinformation including Americans' speech." 

House Republicans say concern about CISA's expanded mandate and overwhelmingly negative backlash from DHS' Disinformation Governance Board prompted the department to begin "scrubbing CISA's website of references to domestic 'misinformation' and 'disinformation.'"

Some election officials expressed concern about the agency's involvement with domestic speech related to elections, the committee said, citing the CISA documents. According to the report, on August 2, 2022, an official with the National Association of Secretaries of State (NASS) warned "that it is important for CISA to remain within their operational and mission limits. CISA specifically should stick with misinformation and disinformation as related to cybersecurity issues."

The report also alleges that even within DHS, some were worried about how its expanded activities would ultimately be viewed. 

The report alleges a May 2022 email from Suzanne Spaulding, a former senior intelligence official who worked on the project, to a colleague about the increased public attention on the matter. According to the report, Spaulding wrote, "It's only a matter of time before someone starts asking about our work... I'm not sure this keeps until our public meeting in June."

Dr. Kate Starbird, identified in the report as the co-founder of the University of Washington's Center for an Informed Public, responded to Spaulding, writing, "Yes. I agree. We have a couple of pretty obvious vulnerabilities." 

The GOP-led committee and subcommittee take issue with attempts by the government to workshop ways to curb the domestic spread of misinformation and disinformation – led by the "Protecting Critical Infrastructure from Misinformation & Disinformation" Subcommittee. That committee, a voluntary group that served in an advisory role for CISA, was ultimately disbanded, according to the report, but not before issuing two sets of formal recommendations in June and September 2022. 

In response to the "political environment and legal risks," congressional investigators write that Starbird also noted in a May 2022 email that the MDM Committee "removed 'monitoring' from just about every place where it appeared" in their recommendations. 

In a statement to CBS News, Starbird wrote that the committee's report "grossly misrepresented" her work and that of the advisory board. 

"This report disregards clarifying information within the broader record of our subcommittee's communications and final recommendations — as well as my voluntary testimony to this Committee — to push a misleading narrative of censorship," said Starbird. "Our subcommittee played no role in censoring any speech, nor did we advocate for the social media platforms to take any action to limit the spread of speech."

CISA Executive Director Brandon Wales said in a statement, "CISA does not and has never censored speech or facilitated censorship; any such claims are patently false."

"Every day, the men and women of CISA execute the agency's mission of reducing risk to U.S. critical infrastructure in a way that protects Americans' freedom of speech, civil rights, civil liberties, and privacy," Wales continued. "In response to concerns from election officials of all parties regarding foreign influence operations and disinformation that may impact the security of election infrastructure, CISA mitigates the risk of disinformation by sharing information on election literacy and election security with the public and by amplifying the trusted voices of election officials across the nation."

The committee's report argues, "Labeling speech 'misinformation' does not strip it of First Amendment protection. That is so even if the speech is untrue, as "[s]ome false statements are inevitable if there is to be an open and vigorous expression of views in public and private conversation."

Catherine Herridge

Catherine Herridge is a senior investigative correspondent for CBS News covering national security and intelligence based in Washington, D.C.

Twitter