SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
(Photo: Shutterstock/wk1003mike)
CISA: A Surveillance Bill by Any Other Name Smells Just As Foul
Jul 28, 2015
An impressive coalition has formed to oppose a new surveillance bill masquerading as cybersecurity legislation.
Privacy and civil liberties organizations, free market groups, and others from across the political spectrum are joining this week in a common chorus call: Stop CISA.
Proponents of CISA -- the Cybersecurity Information Sharing Act -- claim the Senate bill would help prevent cyber-crimes by improving information sharing between the government and the private sector. But in reality, CISA only succeeds in expanding government surveillance and weakening privacy while making Americans less secure online. The bill as drafted would have done nothing to stop the high-profile breaches at Sony, Anthem, and, most recently, the Office of Personnel Management, which holds terabytes of sensitive information about millions of government employees.
For several years, certain elements of the business community and national security hawks in Congress have pressed for legislation like CISA. In April, the House passed a package of similar cybersecurity information sharing bills, which were opposed by the ACLU and bevy of other privacy and civil liberties groups, but were in some ways dramatically better than the bill now pending in the Senate.
CISA's vague language and expansive definitions will give the government new ways to collect and use the personal information and communications of innocent Americans, all without a warrant or any review by an independent court or overseer. CISA would allow companies to share information with the government relating to a "cybersecurity threat," a term defined so broadly in the bill that it could include huge swaths of emails and text messages. The handover of user information under CISA would be permitted even if otherwise prohibited by existing data privacy laws, like the Electronic Communications Privacy Act. The law would also give companies broad legal protections even if they improperly share consumer data.
And, perhaps unsurprisingly, the information shared by companies would automatically be forwarded to numerous intelligence, military, and law enforcement agencies, including the NSA and FBI.
Once in the government's hands, CISA allows for the shared information to be used in garden-variety law enforcement cases that have nothing to do with cybersecurity. For example, the government could use private emails and messages received from communications providers like Comcast, Facebook, Google, or Verizon to investigate and prosecute whistleblowers who report serious misconduct to the press. That's a serious concern given that the Obama administration has already prosecuted more national security whistleblowers than all other administrations combined.
As an added bonus for government snoopers, CISA also includes a new exemption to the Freedom of Information Act, which will make it harder for groups like the ACLU to obtain documents from the government to determine how it is using -- or misusing -- the shared information. That means, for example, that it could be nearly impossible for us to find out how much private information is flowing from companies to the government or how the government is using it.
And despite CISA's promise to open the floodgates for private information to flow to the government without any privacy protections, it fails at actually delivering better cybersecurity. As we learned with the hack at the OPM, the government is not a reliable guarantor of data security. Hackers were able to access the personal information of millions of Americans -- including Social Security numbers, birthdates, and records about citizens' finances, health, associations, and even sexual orientation--that applicants for security clearances must disclose to the government. All that additional information would make the government an even more desirable target for cybersnoops and cybercrooks.
CISA is more than just a bad solution to a serious problem. It would actually make cybersecurity worse while compromising basic democratic protections for personal privacy. The Senate must reject this surveillance bill. But if it decides to send this travesty to the president, he should veto the bill, consistent with his past threats against similarly atrocious bills.
Do your part to Stop CISA.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, The U.S. is on a fast track to authoritarianism like nothing I've ever seen. Meanwhile, corporate news outlets are utterly capitulating to Trump, twisting their coverage to avoid drawing his ire while lining up to stuff cash in his pockets. That's why I believe that Common Dreams is doing the best and most consequential reporting that we've ever done. Our small but mighty team is a progressive reporting powerhouse, covering the news every day that the corporate media never will. Our mission has always been simple: To inform. To inspire. And to ignite change for the common good. Now here's the key piece that I want all our readers to understand: None of this would be possible without your financial support. That's not just some fundraising cliche. It's the absolute and literal truth. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. Will you donate now to help power the nonprofit, independent reporting of Common Dreams? Thank you for being a vital member of our community. Together, we can keep independent journalism alive when it’s needed most. - Craig Brown, Co-founder |
© 2023 ACLU
Nathaniel Turner
Nathaniel J. Turner is a legislative assistant in ACLU's legal office in Washington, DC.
An impressive coalition has formed to oppose a new surveillance bill masquerading as cybersecurity legislation.
Privacy and civil liberties organizations, free market groups, and others from across the political spectrum are joining this week in a common chorus call: Stop CISA.
Proponents of CISA -- the Cybersecurity Information Sharing Act -- claim the Senate bill would help prevent cyber-crimes by improving information sharing between the government and the private sector. But in reality, CISA only succeeds in expanding government surveillance and weakening privacy while making Americans less secure online. The bill as drafted would have done nothing to stop the high-profile breaches at Sony, Anthem, and, most recently, the Office of Personnel Management, which holds terabytes of sensitive information about millions of government employees.
For several years, certain elements of the business community and national security hawks in Congress have pressed for legislation like CISA. In April, the House passed a package of similar cybersecurity information sharing bills, which were opposed by the ACLU and bevy of other privacy and civil liberties groups, but were in some ways dramatically better than the bill now pending in the Senate.
CISA's vague language and expansive definitions will give the government new ways to collect and use the personal information and communications of innocent Americans, all without a warrant or any review by an independent court or overseer. CISA would allow companies to share information with the government relating to a "cybersecurity threat," a term defined so broadly in the bill that it could include huge swaths of emails and text messages. The handover of user information under CISA would be permitted even if otherwise prohibited by existing data privacy laws, like the Electronic Communications Privacy Act. The law would also give companies broad legal protections even if they improperly share consumer data.
And, perhaps unsurprisingly, the information shared by companies would automatically be forwarded to numerous intelligence, military, and law enforcement agencies, including the NSA and FBI.
Once in the government's hands, CISA allows for the shared information to be used in garden-variety law enforcement cases that have nothing to do with cybersecurity. For example, the government could use private emails and messages received from communications providers like Comcast, Facebook, Google, or Verizon to investigate and prosecute whistleblowers who report serious misconduct to the press. That's a serious concern given that the Obama administration has already prosecuted more national security whistleblowers than all other administrations combined.
As an added bonus for government snoopers, CISA also includes a new exemption to the Freedom of Information Act, which will make it harder for groups like the ACLU to obtain documents from the government to determine how it is using -- or misusing -- the shared information. That means, for example, that it could be nearly impossible for us to find out how much private information is flowing from companies to the government or how the government is using it.
And despite CISA's promise to open the floodgates for private information to flow to the government without any privacy protections, it fails at actually delivering better cybersecurity. As we learned with the hack at the OPM, the government is not a reliable guarantor of data security. Hackers were able to access the personal information of millions of Americans -- including Social Security numbers, birthdates, and records about citizens' finances, health, associations, and even sexual orientation--that applicants for security clearances must disclose to the government. All that additional information would make the government an even more desirable target for cybersnoops and cybercrooks.
CISA is more than just a bad solution to a serious problem. It would actually make cybersecurity worse while compromising basic democratic protections for personal privacy. The Senate must reject this surveillance bill. But if it decides to send this travesty to the president, he should veto the bill, consistent with his past threats against similarly atrocious bills.
Do your part to Stop CISA.
Nathaniel Turner
Nathaniel J. Turner is a legislative assistant in ACLU's legal office in Washington, DC.
An impressive coalition has formed to oppose a new surveillance bill masquerading as cybersecurity legislation.
Privacy and civil liberties organizations, free market groups, and others from across the political spectrum are joining this week in a common chorus call: Stop CISA.
Proponents of CISA -- the Cybersecurity Information Sharing Act -- claim the Senate bill would help prevent cyber-crimes by improving information sharing between the government and the private sector. But in reality, CISA only succeeds in expanding government surveillance and weakening privacy while making Americans less secure online. The bill as drafted would have done nothing to stop the high-profile breaches at Sony, Anthem, and, most recently, the Office of Personnel Management, which holds terabytes of sensitive information about millions of government employees.
For several years, certain elements of the business community and national security hawks in Congress have pressed for legislation like CISA. In April, the House passed a package of similar cybersecurity information sharing bills, which were opposed by the ACLU and bevy of other privacy and civil liberties groups, but were in some ways dramatically better than the bill now pending in the Senate.
CISA's vague language and expansive definitions will give the government new ways to collect and use the personal information and communications of innocent Americans, all without a warrant or any review by an independent court or overseer. CISA would allow companies to share information with the government relating to a "cybersecurity threat," a term defined so broadly in the bill that it could include huge swaths of emails and text messages. The handover of user information under CISA would be permitted even if otherwise prohibited by existing data privacy laws, like the Electronic Communications Privacy Act. The law would also give companies broad legal protections even if they improperly share consumer data.
And, perhaps unsurprisingly, the information shared by companies would automatically be forwarded to numerous intelligence, military, and law enforcement agencies, including the NSA and FBI.
Once in the government's hands, CISA allows for the shared information to be used in garden-variety law enforcement cases that have nothing to do with cybersecurity. For example, the government could use private emails and messages received from communications providers like Comcast, Facebook, Google, or Verizon to investigate and prosecute whistleblowers who report serious misconduct to the press. That's a serious concern given that the Obama administration has already prosecuted more national security whistleblowers than all other administrations combined.
As an added bonus for government snoopers, CISA also includes a new exemption to the Freedom of Information Act, which will make it harder for groups like the ACLU to obtain documents from the government to determine how it is using -- or misusing -- the shared information. That means, for example, that it could be nearly impossible for us to find out how much private information is flowing from companies to the government or how the government is using it.
And despite CISA's promise to open the floodgates for private information to flow to the government without any privacy protections, it fails at actually delivering better cybersecurity. As we learned with the hack at the OPM, the government is not a reliable guarantor of data security. Hackers were able to access the personal information of millions of Americans -- including Social Security numbers, birthdates, and records about citizens' finances, health, associations, and even sexual orientation--that applicants for security clearances must disclose to the government. All that additional information would make the government an even more desirable target for cybersnoops and cybercrooks.
CISA is more than just a bad solution to a serious problem. It would actually make cybersecurity worse while compromising basic democratic protections for personal privacy. The Senate must reject this surveillance bill. But if it decides to send this travesty to the president, he should veto the bill, consistent with his past threats against similarly atrocious bills.
Do your part to Stop CISA.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.