Politicians are still trying to hand over your data behind closed doors, under the guise of 'cybersecurity' reform. Have we learned nothing?
by Trevor Timm
Saturday 12 July 2014 09.43 EDT
Senator Dianne Feinstein says a new cyber security bill helps share information 'through a purely voluntary process and with significant measures to protect private information.' Did you volunteer your information? Photograph: KylaBorg / Flickr via Creative Commons
One of the most underrated benefits of Edward Snowden's leaks was how they forced the US Congress to shelve the dangerous, privacy-destroying legislation– then known as Cispa – that so many politicians had been so eager to pass under the guise of "cybersecurity". Now a version of the bill is back, and apparently its authors want to keep you in the dark about it for as long as possible.
Now it's called the Cybersecurity Information Sharing Act (Cisa), and it is a nightmare for civil liberties. Indeed, it's unclear how this kind of law would even improve cybersecurity. The bill was marked up and modified by the Senate intelligence committee in complete secrecy this week, and only afterward was the public allowed to see many of the provisions passed under its name.
Cisa is what Senator Dianne Feinstein, the bill's chief backer and the chair of the committee, calls an "information-sharing" law that's supposed to help the government and tech and telecom companies better hand information back and forth to the government about "cyberthreat" data, such as malware. But in reality, it is written so broadly it would allow companies to hand over huge swaths of your data – including emails and other communications records – to the government with no legal process whatsoever. It would hand intelligence agencies another legal authority to potentially secretly re-interpret and exploit in private to carry out even more surveillance on the American public and citizens around the world.
Under the new provisions, your data can get handed over by the tech companies and others to the Department of Homeland Security (not exactly a civil liberties haven itself), but then it can be passed along to the nation's intelligence agencies … including the NSA.
And even if you find out a company violated your privacy by handing over personal information it shouldn't have, it would have immunity from lawsuits – as long as it acted in "good faith". It could amount to what many are calling a "backdoor wiretap", where your personal information could end up being used for all sorts of purposes that have nothing to do with cybersecurity.
But it's not just privacy advocates who should be worried: transparency also takes a huge hit under this bill. Cisa would create a brand-new exception to the Freedom of Information Act (which is already riddled with holes), all the better to ensure everything in this particular process remains secret.
In typical intel-committee fashion, the Foia amendment wasn't even made public until after it was passed by committee.
And despite the current administration's unprecedented use of the Espionage Act to go after sources and whistleblowers, the intelligence committee apparently wants to give the government even more power to go after journalists' sources, indicating in the bill that the government could use data obtained beyond anything to do with actual cybersecurity to go after anyone charged under the Espionage Act. That's why the Sunshine in Government coalition sent a letter to the intelligence committee, calling on Senators to reject the bill as a clear danger to press freedom.
Given how much we've learned about the US government's willingness to re-interpret the law in secret, these two secrecy provisions don't exactly inspire confidence that Cisa won't turn into yet another mass surveillance vehicle. This is why civil liberties groups are already mobilizing against it, imploring constituents to call their representatives before the bill gets any further. Last time Cispa came around the even the White House issued a veto threat based on privacy protections. But will they have the courage to do it again?