51 Civil Society Groups and Security Experts Tell Congress They Oppose Cyber Legislation

Groups denounce tactic of attaching the Cybersecurity Act of 2015 to must-pass omnibus spending bill
Press Release
Dec. 17, 2015

Today, 51 civil society organizations and security experts wrote to Congress, strongly opposing the Cybersecurity Act of 2015, the bill that was previously named CISA, and denouncing its inclusion in the omnibus spending bill, which is considered a must-pass measure.

The letter’s signatories caution that “[t]his bill seriously threatens privacy, civil liberties, and government accountability, and would undermine cybersecurity, rather than enhance it. As such, it should be debated pursuant to regular process, and members should have the opportunity to record their votes on this highly controversial bill.”

The coalition raises many concerns about the controversial legislation, including that it would:

  • Authorize companies to significantly expand monitoring of their users’ online activities, and permit sharing of vaguely defined “cyber threat indicators” without adequate privacy protections prior to sharing;

  • Require federal entities to automatically disseminate to the NSA all cyber threat indicators they receive, including personal information about individuals;

  • Allow companies to share information directly with the NSA or FBI;

  • Allow the president to establish the Office of the Director of National Intelligence (DNI), the FBI, and any other appropriate civilian federal entity as a portal through which companies may share information with liability protection;

  • Authorize overbroad law enforcement uses that go far outside the scope of cybersecurity; and

  • Authorize companies to engage in problematic defensive measures.

The following quote can be attributed to Robyn Greene, Policy Counsel at New America’s Open Technology Institute:

“The privacy and security communities have consistently opposed the Intelligence Committees’ information sharing bills, and are strongly opposed to this new incarnation of CISA, the Cybersecurity Act of 2015. Leaders in cybersecurity - including major tech companies like Apple and Twitter, leading security experts; and civil society - have opposed this bill as harmful to privacy and security. Despite that fact, CISA sponsors and congressional leadership are choosing to force its passage without debate or a vote by attaching it to a must-pass spending bill.

This political maneuvering highlights how controversial the bill is, and members of Congress who care about cybersecurity should oppose it and call for it to be stripped from the omnibus. Drafters need to go back to the table and reconsider legislation that will better address the cybersecurity threat, instead of pushing forward on legislation that may do little more than give companies a free pass to share personally identifiable information with the government and each other without the fear of liability.

OTI strongly opposes the Cybersecurity Act of 2015, has developed this short chart comparing its provisions with those in the three other information sharing bills that received votes this Congress.