Homeland Security admits CISA info-sharing bill could 'sweep away' privacy protections
Responding to a July query from Minnesota Senator Al Franken, DHS Deputy Secretary Alejandro Mayorkas said that some provisions of the Cybersecurity Information Sharing Act (CISA) “could sweep away important privacy protections” and that proposed legislation “raises privacy and civil liberties concerns.”
The bill authorizes companies to share information about cyber threats with “any federal entity.” Any company participating in the data sharing would be immune from consumer lawsuits.
If passed, it would mean that sectors of the federal government would begin to receive, store, and circulate sensitive information. The data would be exempt from Freedom of Information Act (FOIA) disclosures.
Opponents of the bill have argued that minimal requirements are in place for businesses to erase personal information before circulating cyber threat information – dubbed “cyber threat indicators” – before sharing that data with the government.
This has led to worries that such data could include a range of personal details including credit card histories, lists of goods purchased, and healthcare records.
Privacy activists have dubbed CISA the “Darth Vader bill,” citing concerns about the legal immunity that companies would receive under the legislation.
In addition, civil liberties groups argue that the bill would allow the National Security Agency (NSA) to use CISA to spy on people for reasons unrelated to cyber crime.
Last week, online privacy activists sent over six million anti-CISA faxes to Senate offices, saying they were using “1984 technology” because CISA is an Orwellian 1984-style bill. The non-profit group Fight for the Future was behind the stunt, setting up eight phone lines to convert emails and tweets into faxes.
Industry groups have launched their own campaigns to persuade lawmakers to pass the bill. The legislation is being supported by a number of major companies including Google, Facebook, AT&T, Bank of America, and Blue Cross Blue Shield Association.
Debate on the bill follows calls from President Obama for more information sharing between the public and private sectors. The issue came to the forefront after hackers breached Sony’s internal networks last year.
Although the bill passed nearly unanimously through the Senate Intelligence Committee in March, senators from both parties are pushing for amendments.
Debate on the bill could begin on Wednesday, with a vote on Thursday. However, it is possible that the bill will not be addressed before the summer recess – particularly because lawmakers may not have enough time to wade through the proposed amendments.
But Senate Majority Leader Mitch McConnell (R-Ky.) said on Tuesday that the Senate can indeed pass the bill before the recess begins – if lawmakers are willing to cooperate.
"With cooperation, we can pass the bipartisan bill this week," he said from the Senate floor, as quoted by the Hill. "There will also be opportunity for members of both parties to offer amendments."