In April, the House of Representatives passed its preliminary version of the Cybersecurity Information Sharing Act (CISA). CISA is a controversial cybersecurity bill that many pro-privacy activists firmly believe would severely damage US citizens right to privacy. Organisations such as Electronic Frontier Foundation say the bill would grant corporations undue powers to access US citizens’ private communications without a warrant. In effect making it legal for corporate entities to spy on innocent US citizens without ever having to face the possibility of a lawsuit.
Unfortunately, the controversial bill is supported by a large number of business and industry groups, including the US Chamber of Commerce. Those groups believe that the legislation is urgently needed to allow government agencies and corporations to cooperate more efficiently in their battle against cyber attacks.
On Tuesday, the US Senate started deliberating over the preliminary copy of the legislation, with the aim of agreeing on a version to pass back to the House of Representatives as quickly as possible. During the session, Senators put forward 20 suggested amendments to the bill. In addition, the top Republican and Democrat Senators on the Senate Intelligence Committee presented a fact sheet that contentiously dismissed the idea that the bill would create undue state surveillance. Senator Richard Burr from the committee said,
‘It’s time to take action to keep Americans safe and to reinforce our defenses against adversaries that we cannot see before we fall further behind on this new battlefront.’
The Securities Industry and Financial Markets Association (SIFMA) also presented a letter to the Senate in favour of the bill. That letter concurred with the Intelligence Committee’s view that the Senate should pass CISA quickly so that it may be reconciled with the House and handed to President Obama’s as soon as possible. From the letter:
‘A large-scale cyber attack is likely the most significant and systemic threat facing our economy today so it is appropriate that so much time and energy is being focused on identifying solutions to mitigate that risk, both within the government and within the private sector. For SIFMA and its member firms, our mission is to improve the collective ability of our sector to defend against a diverse set of cyber threats and be proactive in protecting our firms’ clients and trading partners in addition to their data and networks from theft, disruption or destruction.’
‘We simply cannot wait for the next attack to get a bill to the President’s desk and so SIFMA calls on the Senate to act on CISA and for the House and Senate to reach a quick agreement. Congress must remain vigilant and proactive and provide the private sector with laws that will enable us to better protect ourselves and collaborate with our government partners.’
Some lawmakers oppose the bill. Republican Senator Rand Paul and Democratic Senator Ron Wyden have both expressed concerns. Important technology firms are fighting it too – saying that it invades privacy way too much – and would stop cyber attacks way too little to be even close to being considered reasonable.
One of those firms – Apple inc. – has released a statement that says ‘The trust of our customers means everything to us, and we don’t believe security should come at the expense of their privacy.’ That press release goes hand in hand with Apple CEO Tim Cook’s view that ‘No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution.’
The Computer and Communications Industry Association (CCIA) – an organisation that represents companies like Google, Facebook, Microsoft, and Amazon – is also against the current version of the bill. CCIA urged the Senate to make vital changes to the law before passing it, lest it becomes another entirely unreasonable US surveillance law. From the CCIA’s statement:
‘CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government. In addition, the bill authorises entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties.’
The CCIA does not deny that corporations and government agencies need to find a way to deal better with sharing information. Stopping cyber attacks is critical and finding robust ways of combating it efficiently and coherently should be a priority says the CCIA. CISA as it stands, however, is not the answer it says,
‘CCIA looks forward to working with Congress to improve CISA and other related cybersecurity information sharing bills, with the hope that a limited and efficient voluntary information sharing regime, with robust privacy protections and use restrictions, will result.’
“We intend to pass the cybersecurity bill, hopefully by early next week.”
EFF is urging US citizens to take the time to contact their local senators to petition them to stand against the bill. On the blog on its website, EFF explains that the Senate is also planning to add an amendment to the Computer Fraud and Abuse Act (CFAA) during this debate.
The CFAA ‘makes it illegal to intentionally access a computer without authorization or in excess of authorization.’ EFF rightly points out that ‘much of what we do online every day—from storing photos in the cloud to watching movies to using social networks to buying a plane ticket—involves accessing other people’s computers, often with a password. The CFAA does not explain what “without authorization” actually means.’
The amendment ‘proposed to the CFAA by Sen. Whitehouse would give the government and corporations even more ways to abuse the law,’ the EFF warns.
If you are a US citizen now may be the last chance you have to encourage your local Senator to stand up to these draconian surveillance measures. For that reason, if you care about the privacy of you and your fellow citizens you are actively encouraged to join the EFF in it’s last few attempts to stop the Senate from making the wrong decision. For details on how to do so visit the EFF’s website at once.