Secret surveillance bill? Senate could pass CISA info-sharing bill with barely any debate
On Thursday, Senate Majority Leader Mitch McConnell (R-Kentucky) said that if the chamber cannot move forward on a vote to defund Planned Parenthood – an effort that is likely doomed by opposition from Democrats – it will look to pass the Cybersecurity Information Sharing Act (CISA), the National Journal reported. The bill would grant companies more protections when it comes to gathering potentially threat-related data and allow them to share that information with government departments like the National Security Agency.
McConnell’s comments were something of a surprise considering that just two days earlier, reports suggested consideration of CISA would slip past recess and be delayed for at least another month.
Following the majority leader’s comments, Senator Patrick Leahy (D-Vermont) attacked the plan, saying any movement on CISA, and cybersecurity in general, “requires a thoughtful and bipartisan response from Congress.”
"If the Majority Leader is serious about improving our nation's cybersecurity,” Leahy added, he will allow for a “meaningful amendment process.” Such a move would allow critics a chance to strengthen the bill’s privacy protections.
"If [McConnell] wants yet another political stunt, he will try to jam this bill through the Senate just days before the August recess. That is not the responsible way to legislate about our nation's cybersecurity."
Passage of some kind of cybersecurity bill has been on the minds of lawmakers, as well as President Barack Obama, ever since hackers breached the internal networks of Sony last year. The most recent hack, against the federal Office of Personnel Management, saw the records of more than 21 million government workers pilfered by hackers.
Obama has specifically called for more information sharing between the public and private sectors, and supporters of CISA say it will help officials detect cyber threats and potentially stop them before they hit.
Yet critics of the bill have come up with a litany of objects. Senator Ron Wyden (D-Oregon) has led the charge, arguing recently that “CISA will do little to protect you from hackers, and it may even make things worse."
In a clear reference to the OPM hack, Wyden said, “The government can’t keep its own data safe. Giving more of your information to the government creates a huge new target for hackers.”
Government access to information that could potentially identify Americans has been a major concern for privacy advocates. Although CISA orders companies to look over “threat indicators” and remove personal information before turning over that information to the government, critics say there’s nothing in the law that sets any standards or tells corporations what to look for.
Additionally, companies would be told only to remove personal information on individuals that it knows are “not directly related to a cybersecurity threat,”according to a letter sent to the Senate by security experts and organizations such as the American Civil Liberties Union and the Electronic Frontier Foundation. If companies aren’t sure someone is related to a threat, or simply don’t want to risk being wrong, they could choose to leave identifiable information as they share data with the government.
Meanwhile, privacy advocates note that CISA also grants the NSA automatic access to shared information, while data can be passed down to local law enforcement agencies to be used in investigations that are unrelated to cybersecurity. On top of this, CISA exempts disclosures about personal information from the Freedom of Information Act.
“CISA is an out and out surveillance bill masquerading as a cybersecurity bill. It won’t stop hackers,”wrote Evan Greer and Donny Shaw of the Fight for the Future advocacy group. “Instead, it essentially legalizes all forms of government and corporate spying.”