On Tuesday, the Senate Intelligence Committee met in secret and approved the Cybersecurity Information Sharing Act of 2014 (CISA)(S. 2588). The bill started out in bad shape, and privacy advocates across the country spoke out about our concerns (OTI’s analysis here; and coalition letters in opposition here and here). And it doesn’t look like things are getting better.
Despite over a year of major disclosures about how the NSA violates Americans’ privacy and engages in cyber operations that make the Internet less secure, there seems to be little appetite for meaningfully improving privacy protections. CISA is a huge step back on privacy from the cyber legislation last taken up by the Senate, the Cybersecurity Act of 2012, and it raised many of the same alarms as CISPA.
Tuesday’s markup didn’t help things at all. The Committee adopted a version of the bill that included minor changes from the draft version, but none of those changes addressed OTI and other privacy experts’ most significant concerns. As adopted, the bill would still:
- Authorize automatic sharing of Americans’ cyber threat information information, including the content and metadata associated with their online communications, with the NSA;
- Allow excessive information sharing, countermeasures, and monitoring of users’ activities;
- Permit companies to share information without making an affirmative effort to find and remove irrelevant personally identifiable information;
- Leave customers with no recourse if they are wrongly harmed by monitoring, information sharing, or countermeasures; and
- Threaten whistleblowers and undermine transparency.
(See our updated analysis here)
The Senate has a full plate leading into the August recess: in addition to its other work, there is effective surveillance reform to pass, and elections on the horizon. Now is not the time to pick a fight on privacy – especially not over a bill that so closely mirrors CISPA, which the President threatened to veto twice because of similar privacy concerns. By authorizing dangerous and overbroad information-sharing legislation like CISA, Congress would further undermine Americans’ privacy and civil liberties.