New cybersecurity legislation cleared the Senate Intelligence Committee on Tuesday during a closed session. Critics fear it may broaden the NSA’s already formidable access to Americans’ data.
Written by Senate Intelligence Chair Dianne Feinstein (D-CA) and Senator Saxby Chambliss (R-GA), CISA – or Cybersecurity Information Sharing Act – is widely seen as a redux of last year’s CISPA bill, which was widely protested by online privacy watchdogs and ultimately defeated in Congress.
A draft of the bill circulated in June granted permission by government agencies to retain and share data for “a cybersecurity purpose,” which was defined as “the purpose of protecting an information system or information that is stored on, processed by or transiting an information system from a cybersecurity threat or security vulnerability.” According to the Guardian, that language would likely lead the NSA to stockpile weaknesses in digital security.
The legislation, which was approved by the committee by a vote of 12 to 3, would allow private firms to share information regarding cyber-attacks “in real time.” It would also shield those firms from lawsuits by individuals against those companies for sharing data with each other, and with the US government, regardless of terms of service contracts that may prevent such actions without a customer’s consent.
According to the American Civil Liberties Union, which is joined by like-minded watchdogs such as the Electronic Frontier Foundation in panning CISA, the legislation’s “catch-all provisions” would seem to allow the collection of the content of communications, rather than just malicious code. “That's one of the biggest concerns," Gabriel Rottman, an attorney with the ACLU, told the Guardian.
CISA now heads to the full Senate for a vote, though it faces the hurdle of a shortened legislative calendar, as well as mounting opposition by the same groups that prevented passage of similar legislation over the past two years.