Friday, 20 March 2015

Does CISA Violate Our Privacy and Civil Liberties?

By Sarah Nelson

Senior Democratic Senator Dianne Feinstein introduced the Cybersecurity Information Sharing Act of 2014 (CISA) for consideration to the Senate Select Committee on Intelligence (SSCI) on July 10, 2014 (Wired). The stated purpose of the bill is to “improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes” (ACLU). On March 12, 2015 the SSCI voted 14 to 1 to pass CISA from committee to be considered by the entirety of the Senate (Wired). The only no vote came from vocal privacy proponent Senator Ron Wyden from Oregon (Wired). Wyden was joined in his opposition with various civil liberties groups, including the American Civil Liberties Union (ACLU), the Free Press Foundation and the Electronic Frontier Foundation (Wired). Senator Wyden released a press statement stating, “If information sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill – it’s a surveillance bill by another name.” (Wyden) So, are Senator Wyden’s concerns founded? And if so, how will our privacy be violated if CISA is passed?


How CISA Compares to the Defeated CISPA


The Cyberintelligence Sharing and Protection Act (CISPA) originated in the House of Representatives in April of 2012 as a set of amendments to the National Security Act of 1947 (Default). CISPA was designed to allow the intelligence community to coordinate with private corporations to combat cybersecurity threats. The bill was passed by the House and sent to the Senate twice, once in 2012 and once in 2013, but was defeated in the Senate both times (ACLU). President Obama went on record in 2013 saying that if CISPA passed the Senate he would immediately veto it (ACLU).

The bill allows corporations to share private personal data with the government without legal justification (Default). For example, if a person were to send an email on their personal email account, that email and anything attached could be seized under this bill. So an agency like the National Security Agency (NSA) has permission to seize an individual’s private data from a company like Google without the authorization of a subpoena if the information being taken is “directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity”. Privacy organizations and civil liberties activists argue that this legal language is broad to the point of absurdity (Default).

Proponents of CISPA argue that the bill has been amended to address any substantial privacy violations. The two representatives that sponsored the bill in the House Permanent Select Committee on Intelligence, Mike Rogers and Dutch Ruppersberger, argue that the bill specifically forbids the federal government from using collected information for “any other lawful purpose unless the government already has a significant cybersecurity or national security purpose in using the information” (ACLU). Those that condemn the bill would argue that the oversight on what constitutes a “significant” purpose is virtually nonexistent (Wired). Friends of CISA also note that it has the endorsement of some of the most major tech corporations in the world today, including Facebook, Microsoft, Apple and AT&T (Default). These corporations have released statements saying that they find CISA to be a helpful piece of legislation in outlining how cyber threats are to be reported to intelligence agencies (Default).

CISPA and CISA were both created to accomplish the same mission, to secure the networks of technology companies against cyber attacks. To do this, the bill gives powers to the United States government to investigate cyber threats. The bills share virtually the same language to the point that CISA is considered to be CISPA being “resurrected from the dead” (Forbes). CISA is considered to be more of a danger to whistleblowers than CISPA, since under CISA private information given from tech companies is usable in criminal proceedings such as prosecutions under the Espionage Act (ACLU). So CISA takes everything worrisome about CISPA and expands on it.


What Will Happen?


Chairman of the SSCI Richard Burr issued a statement to the press that the SSCI had added amendments to the bill that prevented tech companies from “data dumping” vast collections of information to intelligence agencies (Wired). However, since the proceedings of the Senate Select Committee on Intelligence are classified, it is still unclear as to what amendments have been added onto the bill since the last time the text was open to the public (Wyden). We will have to wait and see what the amended version of the bill will mean for our privacy.


Works Cited

"CISA Cybersecurity Bill Advances Despite Privacy Concerns | WIRED." Wired.com. Conde Nast Digital, n.d. Web. 15 Mar. 2015.

"CISA Isn't About Cybersecurity, It's About Surveillance." American Civil Liberties Union. N.p., n.d. Web. 15 Mar. 2015.

"Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee." Forbes. Forbes Magazine, n.d. Web. 15 Mar. 2015.

"Senate Intelligence Panel Considers CISA Bill to Enhance Private-Public Threat-Sharing Capabilities." Default Podcast. N.p., n.d. Web. 15 Mar. 2015.

"Wyden: Cybersecurity Bill Lacks Privacy Protections, Doesn't Secure Networks | Senator Ron Wyden." Senator Wydens. N.p., n.d. Web. 15 Mar. 2015.

No comments:

Post a Comment