CISA Isn't About Cybersecurity, It's About Surveillance

They say the first step is admitting you have a problem. But sometimes that's the easy part.

When it comes to cybersecurity, it seems everyone in Washington admits we have a problem. It's in the solutions phase where things really start to fall apart for policymakers.

Instead of focusing on ways to make our data (and the devices we store it on) more secure, Washington keeps offering up "cybersecurity" proposals that would poke huge holes in privacy protections and potentially funnel tons of personal information to the government, including the NSA and the military.

Thursday, the Senate Intelligence Committee met behind closed doors to mark up the Cybersecurity Information Sharing Act of 2015. They voted 14–1 to advance the bill, with Senator Wyden offering the lone no vote.

Unfortunately, by all accounts, CISA is one of those privacy-shredding bills in cybersecurity clothing.

If you remember CISPA, the information-sharing bill that fell under the weight of its privacy failings last Congress and even drew a veto threat from President Obama, the problems with CISA might sound a little too familiar. This bill is arguably much worse than CISPA and, despite its name, shouldn't be seen as anything other than a surveillance bill – think Patriot Act 2.0.

The bill could also pose a particular threat to whistleblowers – who already face, perhaps, the most hostile environment in U.S. history – because it fails to limit what the government can do with the vast amount of data to be shared with it under this proposal. CISA would allow the government to use private information, obtained from companies on a voluntary basis (and so without a warrant) in criminal proceedings – including going after leakers under the Espionage Act.

If you are wondering how giving companies a free pass to share our personal information with the government will make our data more secure, you aren't alone. We've already written about why real cybersecurity doesn't need to sacrifice our privacy.

The ACLU also recently joined with a broad coalition to remind the committee about some of these problems – problems which have not been adequately addressed in the Senate's proposal.

The letter reads, in part:

We now know that the National Security Agency (NSA) has secretly collected the personal information of millions of users, and the revelation of the programs has created a strong need to rein in, rather than expand, government surveillance. CISA disregards the fact that information sharing can – and to be truly effective, must – offer both security and robust privacy protections. The legislation fails to achieve these critical objectives by including: automatic NSA access to personal information shared with a governmental entity; inadequate protections prior to sharing; dangerous authorization for countermeasures; and overbroad authorization for law enforcement use.

You can read the full letter, and view the full list of signatories, here.

Learn more about cybersecurity and other civil liberty issues: Sign up for breaking news alertsfollow us on Twitter, and like us on Facebook.

Add a comment (4)
Read the Terms of Use

Anonymous

More anti-American, anti-human domestic spying coming from the traitors and globalist agents who've infiltrated and hijacked the "US" government.

Alex Jennings

Cybersecurity is a pandemic problem, and it is ubiquitous in the age of technology. I think it's important that governments contract to third party companies to regulate their security protocols—ensuring safety on all levels. I'm not familiar with CISPA, could you elaborate more on that, please?

Alex Jennings | http://www.securedbytriton.com/products.html

Aaron Schoenberger

Excellent article! I agree 100% that true cybersecurity does not need to infringe on privacy.

Anonymous

Earlier this month, the Senate Intelligence Committee approved the Cyber security Information Sharing Act of 2014 (CISA) by a 14–1 vote. Senator Ron Wyden (D-Ore.) stood alone against the bill, saying in a statement March 13 that it "does not include adequate privacy protections" and is simply another "surveillance bill by another name."

The bill is supposed to encourage data collecting and sharing between private companies and government agencies in an effort to prevent cyber attacks on American IT infrastructures. Opponents, however, are arguing that the legislation's true mission is to forge a legal framework that makes it easier for the state, along with corporate entities, to surveil internet users and record their communications. academy.ehacking.net/

Sign Up for Breaking News