Dec. 18, 2015
WASHINGTON, D.C. - Today, Congress passed cybersecurity information sharing legislation after over five years of debate. While New America’s Open Technology Institute (OTI) believes that information sharing can be helpful in some instances, we strongly opposed the Cybersecurity Act of 2015 (formerly called CISA), and other bills like it, because they threatened privacy and civil liberties and could actually undermine cybersecurity.
Today’s final bill represents a significant blow to online privacy, and is far worse than the bill that would have resulted if the Intelligence Committees allowed the open and robust negotiation that such a controversial bill deserved. Yesterday OTI, along with 50 other security experts and civil society groups, wrote to Congress strongly opposing the bill because of its weak privacy protections, and opposing leadership’s choice to refuse to hold a stand-alone vote and instead force it into law as part of the must-pass omnibus spending bill.
OTI hopes that now that this debate has concluded, Congress will turn its attention toward passing legislative reforms and promoting programs that will have a more meaningful and positive impact on cybersecurity, such as:
Reforming the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act to ensure that security researchers are able to identify and responsibly disclose vulnerabilities without fear of prosecution or civil liability;
Establishing a grant program that would support small businesses in implementing programs that accept and reward vulnerability reports;
Incentivizing businesses to practice better cyber hygiene; and
Creating scholarships programs for individuals in underserved communities to study computer science and software engineering.
The following quote can be attributed to Robyn Greene, Policy Counsel, at New America’s Open Technology Institute:
“We are deeply disappointed that Congress has passed CISA into law, despite our serious concerns that it will undermine privacy and cybersecurity. Hopefully, the private sector, the intelligence community, and law enforcement will construe its dangerously broad provisions as narrowly as possible, so that the impact on online privacy is minimized.
For over five years, the information sharing debate took up all of the air in the room when it came to cybersecurity policy. Now that it is over, we hope that Congress will finally turn its attention to passing legislative reforms that will improve cybersecurity while also respecting or even enhancing privacy. Congress should begin to work to ensure that security researchers can find and disclose vulnerabilities free from the threat of prosecution or civil liability, and create programs that will make cyber hygiene and tech education more accessible to and achievable by individuals and businesses.”