The following is the introduction to the Open Technology Institute's analysis of the Cybersecurity Information Sharing Act of 2014 (CISA, S. 2588), as approved by the Senate Select Committee on Intelligence. To download a PDF of the full analysis, [click here.](http://newamerica.net/sites/newamerica.net/files/profiles/attachments/UPDATED_OTI%20CISA%20Analysis_071114.pdf)
The Cybersecurity Information Sharing Act of 2014 (CISA) (S. 2588) takes a significant step back from the privacy protections that were included in the last cybersecurity information-sharing bill considered by the Senate, the Cybersecurity Act of 2012 (S. 3414). It also fails to address the significant concerns that have been raised over the last year as Americans have learned about the scope and breadth of the government’s surveillance and cyber operations.
In its current form, this legislation would, among other things, create an expansive new information- sharing program that would give the National Security Agency (NSA) access to vast quantities of personal information, authorize private entities to engage in an array of countermeasures that could potentially harm average Internet users, fail to adequately protect individuals’ personal information, and absolve companies of all liability for harms resulting from negligent or improper information-sharing, and legitimate the NSA’s practice of stockpiling known vulnerabilities for its own use rather than responsibly disclosing them.