The Senate Intelligence Committee approved the CISA (Cyber Information Sharing Act) bill on Tuesday to enhance cybersecurity, but it raises concerns among privacy advocates, who warn that it may give the NSA (National Security Agency) greater access to personal information of US citizens.
Devised by Senator Saxby Chambliss (R-GA) and Senate Intelligence Chairwoman Dianne Feinstein (D-CA), the Cyber Information Sharing Act or CISA bill would make it easy for the government and businesses to exchange information about cyber-attacks. Business groups have long argued that legal barriers prevent them from accessing the information they need to stop cyber-attacks.
“Every week, we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks,” Dianne Feinstein said. “This bill is an important step toward curbing these dangerous cyberattacks.”
Should it become law, it would enable companies to share private information with federal and local law enforcement agencies if there is a claim that it pertains to any type of alleged activity that can be termed as cybercrime. Also, the proposal would empower authorities to set up wiretaps without requiring a warrant through the court system.
The legislation also includes provisions aimed at privacy protection, such as making it voluntary that companies sharing information first hand over personal identifiable data of known US citizens, like social security numbers, addresses and names.
But privacy advocates are concerned that the move could encourage companies holding big data such as Facebook and Google to hand over vast batches of sensitive information to the government. The information would be shared first with the Homeland Security Department, but could be later be shared with the NSA and other intelligence agencies.
The EFF (Electronic Frontier Foundation), the American Civil Liberties Union, and dozens of privacy groups expressed their concerns in a letter to senators last month, stating that instead of reining in the issue of NSA surveillance, the bill would augment a flow of private communications information to the intelligence agency.
This could create a loophole when the government asks companies for voluntary cooperation in information sharing, including the content of communications, for the purpose of cybersecurity, which could sweep up huge amounts of personal data. CISA circumventing the warrant requirement would mean the government can approach companies directly to collect personal information, including Internet or telephonic communications, based on the statement of strengthening cybersecurity.
The new legislation is being called a counterpart to the CISPA (Cyber Intelligence Sharing and Protection Act). That act led to a major backlash from privacy activists, who feared it would make Internet privacy vulnerable. CISPA faced defamation on many discussion forms, news websites and blogs, and a White House petition against the bill received more than 100,000 signatures.
The new CISA bill also targets government whistleblowers. Instead of limiting data collection use to combat cyber threats, it allows the government to use the data to investigate and prosecute individuals for trade secret violations, economic espionage, and many other provisions under the Espionage Act.
US Senators Mark Udall (D-CO) and Ron Wyden (D-OR) made a joint statement opposing the bill as it lacks privacy protections and there are doubts that it possesses the ability to actually enhance cybersecurity.
“We agree there is a need for information-sharing between the federal government and private companies about cyber security threats and how to defend against them.”
“However, we have seen how the federal government has exploited loopholes to collect Americans’ private information in the name of security.”
While raising privacy protection concerns, the bill also covers information sharing in secrecy by exempting it from the critical transparency processes. It worryingly provides exemptions from the cumbersome local and state based laws as well as the Freedom Information Act at federal level.
All of them are powerful tools that give citizens the ability to safeguard their personal information against abuse and check government activities. NSA spying revelations from the past year with the inclusion of invasion spying programs such as Stellar Wind and PRSIM have left US citizens shocked and demanding more transparency.
The CISA bill heads to the full Senate for a voting decision, through it is facing the barrier of a shortened calendar, as well as aggressive information from the same groups and activists that prevent the passing of the similar legislation in the past two years.