The Senate will likely vote on Friday, June 12 on CISA, the Cybersecurity Information Sharing Act. It’s a terrible bill that doesn’t do much to protect our online data, but instead will allow the NSA to gobble up vast quantities of our online information (like they need anymore of our data!) Not only is the bill terrible, but Senator McConnell is trying to shove it down our throats by attaching it as an amendment to the National Defense Authorization Act (NDAA). He’s trying to slip it through the Senate without debate or any ability to improve it through amendments. So we need to act quickly to build opposition to the legislation in the Senate. TAKE ACTION! SEND YOUR SENATOR AN EMAIL The ACLU’s Gabe Rottman explains what’s wrong with the bill:
So, what does the bill—dubbed the Cybersecurity Information Sharing Act, or “CISA”—do? It’s a surveillance bill, pure and simple. It says that any and all privacy laws, including laws requiring a warrant for electronic communications, and those that protect financial, health or even video rental records, do not apply when companies share “cybersecurity” information, broadly defined, with the government. For much more detail, please see this blog and coalition letter, this analysis from the Center for Democracy and Technologyand a deep dive by the Open Technology Institute. Once that information is shared, it will be automatically disseminated government-wide, including to outfits like the National Security Agency, CIA, and FBI, where it can be used for garden-variety law enforcement investigations and intelligence activities. It can also be used to investigate and prosecute whistleblowers under the Espionage Act, the World War I-era law that has been used by the Obama administration to go after more national security “leakers” than all other presidencies combined. In short, it makes mincemeat of basic notions of due process. But that’s not all. This isn’t just a problem in the abstract for “privacy.” It would actually make things less secure. The hack revealed last week targeted the Office of Personnel Management. OPM is what it sounds like: the federal agency responsible for maintaining detailed records on the millions of government workers in the United States. Those records include social security numbers, birth dates, and information on families, friends, co-workers—you name it. OPM runs security clearances, which can involve the collection of very sensitive information. In other words, OPM is the ultimate honeypot for hackers; a one-stop shop to create a database that can be used to guess passwords, compromise accounts or craft sophisticated phishing attacks like those that were probably used to get into Sony and Anthem. Worse, this is only the latest, though possibly the largest, in a series of data breaches at the federal government, which, in just the past year, have included hacks at the IRS, State Department, and the White House. If the federal government can’t secure the most sensitive intelligence and military data against spies and cyber-thieves, what does that mean for the vast amount of personal information that would flow to the government from the private sector under CISA? The answer is obvious. The honeypot would grow all that much sweeter. Not only would you have a one-stop shop for government worker information, you would have a new trove of personal information about all of us, held in what have proved to be tempting and vulnerable targets for the baddest of actors.