The U.S. Senate has passed the Cybersecurity Information Sharing Act (CISA) by a vote of 74-21, despite vociferous objections from civil liberties groups who say the bill will afford the government even more powers to collect the private online data of ordinary citizens.
CISA makes it easier for big tech companies to share information about possible cyberattacks with the government. In other words, it allows tech companies to voluntarily share the private communications of their users with the government. Although the bill is ostensibly aimed at preventing cyberattacks, there are few provisions that prevent companies from sharing unrelated personal data with the government.
The bill has led to a backlash from experts and civil liberties groups. Cybersecurity and cyberlaw professors from Stanford, Harvard, Yale, and a number of other universities penned an open letter to the Senate urging them to scrap the bill. The academics warned that the bill would allow the voluntary sharing of “hitherto private information” with the government, and that targets of the bill would be unable to discover that their information had been shared, undermining the Freedom of Information Act (FOIA).
Ron Wyden, a Democrat who allied with Rand Paul to water down provisions of the Patriot Act this summer, said the bill “virtually gaurantees” that private information unrelated to cybersecurity will be shared with the government, and said that the bill was a “direct pipeline to the NSA.”
Under the bill, the Department of Homeland Security (DHS) would become a conduit between tech companies and other government agencies, including the NSA and the Department of Defense. But even the DHS has warned that the bill “could sweep away many important privacy protections.”
Five amendments to add more robust privacy protections to the bill were shot down, with bill co-sponsors Richard Burr and Dianne Feinstein discouraging their colleagues from voting for them. One of the amendments would have notified citizens when their data had been shared with the government. Another amendment, from Wyden, would have required companies to remove personal data from cyber threat indicators, unless such data was needed to properly identify the threat.
— Edward Snowden (@Snowden) October 27, 2015
Civil liberties groups, who have been opposing the bill for some time, expressed their frustration that it had been passed in its present state:
The passage of CISA reflects the misunderstanding many lawmakers have about technology and security. Computer security engineers were against it. Academics were against it. Technology companies, including some of Silicon Valley’s biggest like Twitter and Salesforce, were against it. Civil society organizations were against it. And constituents sent over 1 million faxes opposing CISA to Senators.
This bill will make our digital lives both less secure and less private. It will funnel an enormous amount of sensitive information into government hands, where it can be used in cases that have nothing to do with cybersecurity. The government will be able to use this private data for programs that look exactly like the mass NSA surveillance revealed over the past several years. We thank those senators who sought to improve the bill, and especially those who opposed it outright, but this is a bad day for civil liberties
“The Senate voted for a bill that could allow companies to transfer vast amounts of private citizens’ personal data to government databases. That’s a cybersecurity problem, not a cybersecurity solution. This bill places our privacy at needless risk while ignoring the basic security measures technologists have long advocated, such as strong encryption.”
Tech companies also sounded their opposition to the bill, with groups representing Apple, Google, Facebook, Amazon, Microsoft, and Yahoo signalling their opposition to the bill, according to CNN. Several tech companies also released individual statements, with Apple telling the Washington Post that they “don’t believe security should come at the expense of privacy.”
However, the American Banking Association and the Telecommunications Industry Association both welcomed the bill’s passage. The U.S. Chamber of Commerce also supported the bill as it passed through congress.