55 Civil Society Groups, Security Experts, and Academics Strongly Oppose Intelligence Committees’ Cybersecurity Information Sharing Bills

Washington, DC – Yesterday, a coalition of 55 civil society groups, security experts, and academics sent two letters to Congress: one letter strongly opposing the House Intelligence Committee’s cybersecurity information sharing bill, the Protecting Cyber Networks Act (PCNA, H.R. 1560); and a second letter strongly opposing the Senate Intelligence Committee’s companion bill, the Cybersecurity Information Sharing Act (CISA, S. 754).

Both bills would seriously undermine privacy and civil liberties, and could even undermine Internet security rather than enhance it. As the coalition letters state, the bills would “significantly increase the National Security Agency’s (NSA) access to personal information, and authorize the federal government to use that information for a myriad of purposes unrelated to cybersecurity. The revelations of the past two years concerning the intelligence community’s abuses of surveillance authorities and the scope of its collection and use of individuals’ information demonstrates the potential for government overreach, particularly when statutory language is broad or ambiguous.”

Both PCNA and CISA would:

• Increase government access to innocent Americans’ personal data by authorizing companies to share vaguely-defined “cyber threat indicators” that could include private communications content and sensitive, personally identifiable information, even when that data is unnecessary to identify or respond to a threat;

• Enhance the NSA’s access to Americans’ private information and undermine civilian control of domestic cybersecurity by requiring that all information shared with other federal agencies be immediately and indiscriminately shared with NSA;

• Undermine Americans’ rights to privacy and due process by allowing the FBI and other federal, state, and local law enforcement agencies to use information they receive for investigations that have nothing to do with cybersecurity;

• Permit companies to monitor all of Americans’ online communications and activities by authorizing companies to look for threats to any network anywhere; and

• Authorize vaguely-defined cybersecurity “defensive measures”, previously described as “countermeasures,” that could harm the computer systems of innocent third parties.

A deep-dive analysis of PCNA is available here, and a deep-dive analysis of CISA is available here.

“Members of Congress should vote “NO” on both of these fatally flawed bills. Both bills would authorize companies to share excessive amounts of Americans’ personal information with the government, and allow the government to use that information in investigations that have nothing to do with cybersecurity. These bills are wolves in sheep’s clothing, doing at least as much to enable cyber-surveillance as to enhance cybersecurity-related information sharing,” says Robyn Greene, Policy Counsel at New America’s Open Technology Institute. “It’s remarkable that even before it has acted to end the NSA’s bulk collection of Americans’ records, Congress is voting on bills that would dangerously expand NSA access to our personal information. Cybersecurity need not and should not come at the expense of Americans digital privacy,” she continues.

The House of Representatives is expected to vote on PCNA on Wednesday or Thursday of this week, and the Senate will likely begin consideration of CISA later this month.

The coalition letter opposing PCNA is available here, and the coalition letter opposing CISA is available here.