For years lawmakers and civil liberties advocates have sparred over cybersecurity legislation that would allow companies to share information with government agencies and each other.
Now the Cybersecurity Information Sharing Act, better known as CISA, is back. Despite recent amendments intended to bolster protection of consumers’ personal information, privacy advocates worry that political pressure arising from a recent string of high-profile cyberattacks on companies such as Sony could result in Congress pushing through a bill, as ACLU legislative counsel/policy advisor Gabe Rottman said, “recklessly.”
“This is a surveillance bill by another name,” said Rottman, who said the bill would create exceptions to privacy law and too broadly defines what the government can do with information it collects under CISA.
Last year CISA failed to reach the floor after civil liberties advocates denounced the bill, and the White House promised to veto it. But after a closed mark-up session this week, the bill sailed through the Intelligence Committee with a 14-1 vote of support.
Intelligence Committee chairman Senator Richard Burr yesterday praised the adjusted bill, which could see a vote as early as April.
“This legislation protects the privacy rights of Americans while also minimizing our vulnerability to cyberattacks,” he said. “Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes.”
The lone dissenting vote came from Senator Ron Wyden, who said in the wake of its passage out of committee that the bill would “have a limited impact on U.S. cybersecurity,” while at the same time lacking “adequate protections for the privacy rights of American consumers.” The bill was amended and passed in a closed committee session, which Rottman pointed to as a sign of a lack of transparency.
Despite the concern of Wyden and privacy advocates, the bill may mark a change of heart from the White House. Diane Feinstein told The Hill that she talked to the White House chief of staff and believes the administration will come around to the new bill.
The core thrusts of the bill include the sharing of data relating to cybersecurity, and the legal protection of private corporations who do so. The context of the bill is twofold in that it is predicated on an increasingly dangerous digital threat climate, buttressed by the fact that American corporations are hacking targets. Last year produced a litany of hacks, including the sensational Sony compromise, keeping the issue at the top of the White House’s policy agenda this year.
Those in favor of the bill claim it will bolster the ability of private entities and the government to share data among themselves that could improve protection from data breaches.
But civil liberties advocates say the bill needs more safeguards to protect consumer information that is being shared with government entities. If corporations are legally protected when they share data into the government, where does the individual user look for recourse?
Rottman noted this year there have been many cybersecurity bills proposed in the wake of the hacks from Sony to Home Depot. He said although laws need to be passed to protect consumers and businesses, acting too quickly may jeopardize privacy rights.