Reviews are in: Cyber Bill Fails Security, Expands Spying on Americans

by Communications Office

Privacy and security experts agree: the Cybersecurity Information Sharing Act doesn’t make us safer and flings open the door for even more surveillance of law-abiding American citizens. It is a surveillance bill by another name.

“All of those vague terms, Greene argues, widen the pipe of data that companies can send the government, expanding CISA into a surveillance system for the intelligence community and domestic law enforcement”

“A coalition of nearly 50 technologists, privacy groups and campaigners wrote to the committee earlier this month urging rejection of a bill that would “significantly undermine privacy and civil liberties” and potentially permit corporations to “hack back” at perceived network intrusions.”

“The bill also allows companies to bypass DHS and share the information immediately with other agencies, like the intelligence agencies, which ensures that DHS's current privacy protections won’t be applied to the information. The provision is ripe for improper and over-expansive information sharing.”

“Instead of focusing on ways to make our data (and the devices we store it on) more secure, Washington keeps offering up "cybersecurity" proposals that would poke huge holes in privacy protections and potentially funnel tons of personal information to the government, including the NSA and the military.”

“Jake Laperruque, a privacy and surveillance fellow at the Center for Democracy & Technology, said that, despite the revisions, CISA still amounted to a "cybersurveillance measure." Of particular concern, Laperruque said, was that the committee-passed legislation "required real-time 'insta-sharing' with the NSA" once data is handed over to the government—a mandated scheme that he said gained even more authority under the amended language.”

“But civil liberties advocates say the bill needs more safeguards to protect consumer information that is being shared with government entities. If corporations are legally protected when they share data into the government, where does the individual user look for recourse?”

"Reading through the latest publicly available draft of the bill, CISA’s provisions seem unusually broad and designed to allow future invasions of privacy. Although the bill says its purpose is to prevent hacker attacks, it encourages the sharing of all sorts of user information with wide swaths of the federal government. The bill's language is extremely vague, and could include everything from user account information to IP address login history to geolocation and even what type of phone a customer uses."