S.754 FULL TEXT on Congress.gov: Cybersecurity Information Sharing Act
This week US Senate passed a CISA bill that allows the Federal government and businesses to gather and share sensitive personal information on the citizens “notwithstanding any other provision of law.” The Bill is designed to encourage data-sharing by protecting private sector from lawsuits in cases when they voluntarily assist the government or partner companies on “cybersecurity” matters.
Privacy advocates argue against CISA claiming that it doesn’t protect private information and “cybersecurity” is a very broad definition that can apply to everything. In 2013 Congress has been trying to pass CISPA, a predecessor to CISA, but it didn’t gather enough votes back then. So to ensure that it passes this time, they included it into the Omnibus $1.1 trillion Spending Plan that will most definitely pass. “They’re kind of pulling a Patriot Act,” said Robyn Greene, policy counsel for the Open Technology Institute. “They’ve got this bill that’s kicked around for years and had been too controversial to pass, so they’ve seen an opportunity to push it through without debate. And they’re taking that opportunity.”
Certain privacy organizations argue that, especially because the bill originated in the Senate Intelligence Committee, instead of increasing our cyber defense, the legislation is meant to secretly advance government surveillance.
According to the EFF: “The [CISA] bill is fundamentally flawed due to its broad immunity clauses, vague definitions, and aggressive spying authorities. The bill now moves to a conference committee despite its inability to address problems that caused recent highly publicized computer data breaches, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.”
Snowden twitted: “a vote for Cisa is a vote against the internet.”
Apple, DropBox, Wikimedia, Reddit, Salesforce also do not support a controversial cybersecurity bill.
CCIA members (Google, Facebook, Yahoo, Netflix, Amazon, CloudFlare etc) commented: “the mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government. In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties.”
Professors from the Princeton Center for Information Technology Policy, sent a letter to the Senate that outlines their stance against the Bill that would effectively neutralize the Freedom of Information Act.
Senator Ron Wyden who also voted against the bill released an official statement: “If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill—it’s a surveillance bill by another name…It makes sense to encourage private firms to share information about cybersecurity threats. But this information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens.”
As CISA was getting closer to being passed, notwithstanding criticisms from academic community and technology sector, the Congress further modified it stripping the Bill from whatever was left to protect our privacy. “They took a bad bill, and they made it worse,” stated Robyn Greene.