'Privacy killer': Senate panel quitely passes CISA 'cybersecurity' bill amid fresh surveillance fears
The Senate Intelligence Committee voted overwhelmingly to advance a cybersecurity bill meant to expand information-sharing between the private sector and the government, though privacy advocates contend it only strengthens domestic surveillance programs.
Dubbed the Cybersecurity Information Sharing Act (CISA), the bill cleared the Senate Intelligence Committee by a 14-1 vote, with outspoken civil liberties advocate Sen. Ron Wyden (D-Ore.) casting the lone vote against the proposal. It’s not clear when the bill will come up for a full vote in the Senate, but it could happen as soon as April.
READ MORE: Obama touts cyber plan, but is Silicon Valley ready?
If passed into law, CISA would implement further protections for companies to gather threat-related data from their customers and allow them to share that information directly with federal intelligence agencies, including the National Security Agency.
U.S. Senate Intelligence Committee passes privacy-killing CISA. Let's take the fight to the Senate floor. pic.twitter.com/Jz2JHKK0E2
— Access (@accessnow) March 12, 2015
Ever since hackers breached Sony’s internal networks last year, encouraging information-sharing between corporations and the government has become a top priority. Supporters say the bill would allow the two sides to better coordinate, detect and potentially stop cyber threats before they cause serious damage.
Senate Intelligence Committee Chairman Richard Burr (R-N.C.) acknowledged that the bill “will not prevent [all cyber attacks] from happening,” according to the National Journal, but added that it’s an important step that would improve security.
However, privacy and civil liberties advocates have railed against the bill since its inception, arguing that without reforming and scaling back the NSA’s current domestic surveillance program, CISA would only expand the breadth and power of its spying activities.
Sen. Wyden was sharply critical of the bill following the committee vote, calling it “a surveillance bill by another name.”
Cybersecurity bill is bad for Americans’ privacy. Why I voted no: http://t.co/1aNHIVjSHX
— Ron Wyden (@RonWyden) March 12, 2015
Wyden on #CISA: If it doesn’t have enough privacy protections then it’s "not a cybersecurity bill–it’s a surveillance bill by another name"
— CSMPasscode (@CSMPasscode) March 12, 2015
“This information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens,” he said. “I am concerned that the bill the US Senate Select Committee on Intelligence reported today lacks adequate protections for the privacy rights of American consumers, and that it will have a limited impact on US cybersecurity.”
Wyden said that Congress needs to take action by requiring network owners to be responsible for their own security. He added that Congress should prohibit government agencies from ordering technology companies to build products with weak protections in order to better facilitate surveillance.
Whether CISA has enough support to clear the Senate and become law remains unclear. A similar proposal, known as CISPA, passed the House of Representatives in 2013 but died in the Senate after public opposition ramped up and President Barack Obama threatened to veto the legislation.
READ MORE: Yahoo exec grills NSA director over ‘backdoor’ access to private data
The White House has issued its own guidelines for an information-sharing bill that would funnel information through the Department of Homeland Security (DHS) rather than intelligence agencies. A proposal that follows much of the Obama administration’s preferences has been introduced, but has not gained momentum.
Hoping to quell concerns, Sen. Dianne Feinstein (D-Calif.), who worked with Burr on the bill, said that Democrats have introduced 15 amendments on privacy and 12 of them made it into the final bill. Notably, one of the changes includes first filtering the information through the DHS.
Others, according to Burr, narrowly define the term “cyber threat indicator” to limit the data shared by companies and also require that personal information is removed before being turned over to the government.
Senate Intelligence Committee moves forward with terrible CISPA-like zombie bill. Tell your Senator to oppose it: https://t.co/ZkB7rfsNLe
— EFF (@EFF) March 12, 2015
Feinstein added that the amendments will potentially sway the White House to come around and support the bill.
“I talked to the president’s chief of staff [Denis McDonough] yesterday,” Feinstein said, according to The Hill. “I think he believes that a number of improvements have been made in the bill.”
Yet privacy advocates still blasted the legislation.
"This isn't an information sharing bill at all," said Gabe Rottman, a legislative counsel with the American Civil Liberties Union, according to the National Journal. "It's a new and vast surveillance authority that might as well be called Patriot Act 2.0 given how much personal information it would funnel to the NSA," he added, referring to legislation that agencies like the NSA use to justify their surveillance practices.
Meanwhile, the Electronic Frontier Foundation (EFF) called CISA “particularly dangerous” to privacy and urged Americans to contact their senators and ask them to oppose the measure. The EFF added that the bill “also gives companies broad immunity to spy on – and even launch countermeasures against – potentially innocent users.”