Beware the Dangers of Congress' Latest Cybersecurity Bill
A new cybersecurity bill poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws.
The Cybersecurity Information Sharing Act of 2014 ("CISA") was scheduled to be marked up by the Senate Intelligence Committee yesterday but has been delayed until after next week's congressional recess. The response to the proposed legislation from the privacy, civil liberties, tech, and open government communities was quick and unequivocal - this bill must not go through.
A new cybersecurity bill poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws.
The Cybersecurity Information Sharing Act of 2014 ("CISA") was scheduled to be marked up by the Senate Intelligence Committee yesterday but has been delayed until after next week's congressional recess. The response to the proposed legislation from the privacy, civil liberties, tech, and open government communities was quick and unequivocal - this bill must not go through.
The bill would create a massive loophole in our existing privacy laws by allowing the government to ask companies for "voluntary" cooperation in sharing information, including the content of our communications, for cybersecurity purposes. But the definition they are using for the so-called "cybersecurity information" is so broad it could sweep up huge amounts of innocent Americans' personal data.
The Fourth Amendment protects Americans' personal data and communications from undue government access and monitoring without suspicion of criminal activity. The point of a warrant is to guard that protection. CISA would circumvent the warrant requirement by allowing the government to approach companies directly to collect personal information, including telephonic or internet communications, based on the new broadly drawn definition of "cybersecurity information."
While we hope many companies would jealously guard their customers' information, there is a provision in the bill that would excuse sharers from any liability if they act in "good faith" that the sharing was lawful.
Collected information could then be used in criminal proceedings, creating a dangerous end-run around laws like the Electronic Communications Privacy Act, which contain warrant requirements.
In addition to the threats to every American's privacy, the bill clearly targets potential government whistleblowers. Instead of limiting the use of data collection to protect against actual cybersecurity threats, the bill allows the government to use the data in the investigation and prosecution of people for economic espionage and trade secret violations, and under various provisions of the Espionage Act.
It's clear that the law is an attempt to give the government more power to crack down on whistleblowers, or "insider threats," in popular bureaucratic parlance. The Obama Administration has brought more "leaks" prosecutions against government whistleblowers and members of the press than all previous administrations combined. If misused by this or future administrations, CISA could eliminate due process protections for such investigations, which already favor the prosecution.
While actively stripping Americans' privacy protections, the bill also cloaks "cybersecurity"-sharing in secrecy by exempting it from critical government transparency protections. It unnecessarily and dangerously provides exemptions from state and local sunshine laws as well as the federal Freedom of Information Act. These are both powerful tools that allow citizens to check government activities and guard against abuse.
Edward Snowden's revelations from the past year, of invasive spying programs like PRSIM and Stellar Wind, have left Americans shocked and demanding more transparency by government agencies. CISA, however, flies in the face of what the public clearly wants.
(Two coalition letters, here and here, sent to key members of the Senate yesterday detail the concerns of a broad coalition of organizations, including the ACLU.)
Urgent. It's never been this bad.
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission from the outset was simple. To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It’s never been this bad out there. And it’s never been this hard to keep us going. At the very moment Common Dreams is most needed and doing some of its best and most important work, the threats we face are intensifying. Right now, with just four days to go in our Spring Campaign, we are not even halfway to our goal. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Can you make a gift right now to make sure Common Dreams not only survives but thrives? There is no backup plan or rainy day fund. There is only you. —Craig Brown, Co-founder |
A new cybersecurity bill poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws.
The Cybersecurity Information Sharing Act of 2014 ("CISA") was scheduled to be marked up by the Senate Intelligence Committee yesterday but has been delayed until after next week's congressional recess. The response to the proposed legislation from the privacy, civil liberties, tech, and open government communities was quick and unequivocal - this bill must not go through.
The bill would create a massive loophole in our existing privacy laws by allowing the government to ask companies for "voluntary" cooperation in sharing information, including the content of our communications, for cybersecurity purposes. But the definition they are using for the so-called "cybersecurity information" is so broad it could sweep up huge amounts of innocent Americans' personal data.
The Fourth Amendment protects Americans' personal data and communications from undue government access and monitoring without suspicion of criminal activity. The point of a warrant is to guard that protection. CISA would circumvent the warrant requirement by allowing the government to approach companies directly to collect personal information, including telephonic or internet communications, based on the new broadly drawn definition of "cybersecurity information."
While we hope many companies would jealously guard their customers' information, there is a provision in the bill that would excuse sharers from any liability if they act in "good faith" that the sharing was lawful.
Collected information could then be used in criminal proceedings, creating a dangerous end-run around laws like the Electronic Communications Privacy Act, which contain warrant requirements.
In addition to the threats to every American's privacy, the bill clearly targets potential government whistleblowers. Instead of limiting the use of data collection to protect against actual cybersecurity threats, the bill allows the government to use the data in the investigation and prosecution of people for economic espionage and trade secret violations, and under various provisions of the Espionage Act.
It's clear that the law is an attempt to give the government more power to crack down on whistleblowers, or "insider threats," in popular bureaucratic parlance. The Obama Administration has brought more "leaks" prosecutions against government whistleblowers and members of the press than all previous administrations combined. If misused by this or future administrations, CISA could eliminate due process protections for such investigations, which already favor the prosecution.
While actively stripping Americans' privacy protections, the bill also cloaks "cybersecurity"-sharing in secrecy by exempting it from critical government transparency protections. It unnecessarily and dangerously provides exemptions from state and local sunshine laws as well as the federal Freedom of Information Act. These are both powerful tools that allow citizens to check government activities and guard against abuse.
Edward Snowden's revelations from the past year, of invasive spying programs like PRSIM and Stellar Wind, have left Americans shocked and demanding more transparency by government agencies. CISA, however, flies in the face of what the public clearly wants.
(Two coalition letters, here and here, sent to key members of the Senate yesterday detail the concerns of a broad coalition of organizations, including the ACLU.)
A new cybersecurity bill poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws.
The Cybersecurity Information Sharing Act of 2014 ("CISA") was scheduled to be marked up by the Senate Intelligence Committee yesterday but has been delayed until after next week's congressional recess. The response to the proposed legislation from the privacy, civil liberties, tech, and open government communities was quick and unequivocal - this bill must not go through.
The bill would create a massive loophole in our existing privacy laws by allowing the government to ask companies for "voluntary" cooperation in sharing information, including the content of our communications, for cybersecurity purposes. But the definition they are using for the so-called "cybersecurity information" is so broad it could sweep up huge amounts of innocent Americans' personal data.
The Fourth Amendment protects Americans' personal data and communications from undue government access and monitoring without suspicion of criminal activity. The point of a warrant is to guard that protection. CISA would circumvent the warrant requirement by allowing the government to approach companies directly to collect personal information, including telephonic or internet communications, based on the new broadly drawn definition of "cybersecurity information."
While we hope many companies would jealously guard their customers' information, there is a provision in the bill that would excuse sharers from any liability if they act in "good faith" that the sharing was lawful.
Collected information could then be used in criminal proceedings, creating a dangerous end-run around laws like the Electronic Communications Privacy Act, which contain warrant requirements.
In addition to the threats to every American's privacy, the bill clearly targets potential government whistleblowers. Instead of limiting the use of data collection to protect against actual cybersecurity threats, the bill allows the government to use the data in the investigation and prosecution of people for economic espionage and trade secret violations, and under various provisions of the Espionage Act.
It's clear that the law is an attempt to give the government more power to crack down on whistleblowers, or "insider threats," in popular bureaucratic parlance. The Obama Administration has brought more "leaks" prosecutions against government whistleblowers and members of the press than all previous administrations combined. If misused by this or future administrations, CISA could eliminate due process protections for such investigations, which already favor the prosecution.
While actively stripping Americans' privacy protections, the bill also cloaks "cybersecurity"-sharing in secrecy by exempting it from critical government transparency protections. It unnecessarily and dangerously provides exemptions from state and local sunshine laws as well as the federal Freedom of Information Act. These are both powerful tools that allow citizens to check government activities and guard against abuse.
Edward Snowden's revelations from the past year, of invasive spying programs like PRSIM and Stellar Wind, have left Americans shocked and demanding more transparency by government agencies. CISA, however, flies in the face of what the public clearly wants.
(Two coalition letters, here and here, sent to key members of the Senate yesterday detail the concerns of a broad coalition of organizations, including the ACLU.)