Nineteen civil liberties groups, including Fight for the Future, Demand Progress, American Library Association, FreedomWorks, and others, sent an open letter to the White House and Congress, asking them to reject the final version of a cybersecurity bill known as “CISA” in the U.S. Senate.
The groups were already opposing the bill because as Ron Wyden, a senator and member of the Senate Intelligence Committee, once said, it’s a surveillance bill disguised as a cybersecurity bill. The bill already had weak privacy provisions in it, but the final version has been modified to eliminate even those. This seems to confirm that the bill was never really about cybersecurity, but about giving the U.S. government even more methods of getting people’s data in bulk, with little to no oversight.
The civil liberties organizations have the following concerns with the new bill:
Create a loophole that would allow the President to remove the Department of Homeland Security, a civilian agency, as the lead government entity managing information sharing;Reduce privacy protections for Americans’ personal information;Overexpand the term “cyber threat" to facilitate the prosecution of crimes unrelated to cybersecurity;Expand already broad liability protection for information disclosure;Preempt state, local or tribal disclosure laws on any cyberthreat information shared by or with a State, tribal, or local government; andEliminate a directive to ensure data integrity.
The DHS was supposed to be the “lead” organization when taking the data from companies, because it’s a civil agency that’s somewhat more transparent than the secretive NSA. The DHS was also supposed to “scrub” the data from personally identifying information before it goes to the NSA.
As a reminder, this bill was supposed to be about sharing cyber threat information, such as software vulnerabilities, which could cause its own problems because the DHS and NSA can then use those vulnerabilities to hack people, before they are fixed. It was not meant to be a surveillance law such as the Patriot Act or the FISA Amendments Act.
The bill will also allow companies to transfer data to the government without any accountability. The companies will even get legal protections for doing that, just in case someone may decide to sue them for sharing their sensitive data with the government, in breach of their own contracts.
While the U.S. seems more interested in passing yet another surveillance bill, the EU seems to be much more serious about ensuring actual cybersecurity for its member states.
Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.