In December, as Congress rushed to get out of town, they paused long enough to sneak privacy-smashing “cybersecurity” provisions into a giant must-pass spending bill.The language was negotiated in secret, and added to the bill at the last minute. Many members of Congress didn’t even know it was there. All they knew was they needed to pass the omnibus spending bill to keep the government running so they could go home.
The Cybersecurity Act of 2015 won’t increase the government’s ability to detect, intercept and thwart cyber attacks, yet it institutes broad and undefined data-collection capabilities that are certain to undermine government accountability and further erode privacy protections.
Rep. Justin Amash (R-TI), Rep. John Conyers (D-MI), Rep. Zoe Lofgren (D-CA), Rep. Thomas Massie (R-KY), Rep. Ted Poe (R-TX), and Rep. Jared Polis (D-CO) have introduced HR4350, to repeal the Cybersecurity Act, and a left-right coalition including BORDC/DDF, R Street Institute, ACLU, Campaign for Liberty, and a dozen others have thrown their support behind the bill.
“The Cybersecurity Act was negotiated in secret by just a few members of Congress and added quietly to the 2,009-page omnibus to avoid scrutiny,” said Rep. Amash. “Most representatives are probably unaware they even voted on this legislation. It’s the worst anti-privacy law since the USA PATRIOT Act, and we should repeal it as soon as possible.”
We just sent a letter to members of the House of Representatives urging support for HR4350 (below). Join us!
Questions of cybersecurity and privacy should be debated openly in a manner that allows legislators and the public to criticize and participate. These questions should not be obscured by backroom deals that exclude critical perspectives and due process, and that many security experts have argued could result in worse security problems and worse privacy violations than before.
The Cybersecurity Act of 2015 included provisions unacceptable to the technology community, privacy and open-government advocates, as well as ordinary Americans, including:
- A new avenue through which the government will receive personally identifiable information and communications content, expanding surveillance on innocent Americans;
- Immunity from liability for companies that unnecessarily share private user information with the government and other companies;
- No reasonable limits on the type of information that can be shared, such as individuals’ personal online communications;
- Authorization for law enforcement and the intelligence community to use this information for purposes unrelated to cybersecurity, including the investigation and prosecution of unrelated crimes.
- An exemption to the Freedom of Information Act, and preemption of state and local laws on disclosure that seriously undermine government accountability and transparency.
Congress didn’t have to sacrifice our privacy in order to enhance cybersecurity. Tell your Representative to support HR4350 to repeal the Cybersecurity Act!