Today, the Brennan Center, along with more than 70 civil liberties groups and cyber security experts, urged President Obama to veto the Cybersecurity Information Sharing Act (CISA), a cybersecurity sharing bill now before the Senate. The bill would sweep up vast amounts of Americans’ private information which could then be shared with military and intelligence agencies, including the NSA.
Specifically, the bill falls short in several key areas:
- CISA fails to protect users’ personal information. It allows vast amounts of personal data to be shared with the government, even that which is not necessary to identify or respond to a cybersecurity threat.
- Authorizes the use information in investigations unrelated to cybersecurity. CISA authorizes federal, state, and local governments to use cyber threat indicators to investigate crimes that have nothing to do with cybersecurity, such as robbery, arson, and carjacking, as well as identity theft and trade secret violations.
- CISA would give immunity to companies and allow broad information sharing: CISA pre-empts all law and enables companies that operate in the civilian sector to share cyber threat indicators with any agency of the federal government, including the NSA.
- CISA undermines Internet security with “countermeasures”: CISA could undermine Internet security because it authorizes companies to deploy “defensive measures” (also commonly referred to as “countermeasures”), even when the countermeasure would be otherwise illegal under the Computer Fraud and Abuse Act.
“CISA threatens to undermine privacy and civil liberties, and increase cyber-surveillance,” the groups said in a letter. “We strongly oppose CISA and we urge [President Obama] to again defend privacy and civil liberties by voicing opposition and [his] intention to veto it.”