Posted by: Dr Pano Kroko Churchill | March 13, 2015

Where has our privacy and Liberty gone?

Privacy and Liberty advocates have been pointing to serious flaws in CISA, for years.

Now this “Frankenbill” comes up again as a new reincarnation of the cybersecurity bill known as CISPA that Congress has been kicking around since 2012-13.

But today that zombie bill lurched one step closer to becoming law, like any proper vampire zombie would.

The Senate Intelligence Committee passed the Cybersecurity Information Sharing Act, or CISA, by a vote of 14 to one Thursday afternoon.

The bill, like the failed Cybersecurity Information Sharing and Protection Act that proceeded it, is designed to encourage the sharing of data between private companies and the government to prevent and respond to cybersecurity threats. But privacy critics have protested that CISA would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.

After Thursday’s vote, Senator Ron Wyden—the only member of the Senate’s intelligence committee to vote against the bill—repeated those privacy concerns in a public statement. “If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill—it’s a surveillance bill by another name,” he wrote. “It makes sense to encourage private firms to share information about cybersecurity threats. But this information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens.”

Wyden’s exact concerns about the final bill aren’t yet clear: A dozen amendments to the bill were made in a closed-door session just before it was put to a vote, and those amendments haven’t yet been publicly released. In an interview on Bloomberg TV following the vote, intelligence committee chairman Richard Burr said that some of those newly adopted amendments were designed to prevent users’ information from being shared with government agencies. “We don’t want them to send personal data to the federal government, unless it’s absolutely crucial to show the cyberattack. So we bar them from providing that data to the federal government,” Burr said. “If it finds its way to the federal government, though, once we distribute it in real time and we realize there’s personal information, any company that discovers it has to remove it or minimize it in a way that it can’t be shared anywhere else.”

Looking at the most recently revealed public version of CISA, privacy advocates have pointed out that it would allow sharing of personal data that goes beyond cybersecurity threats. It also allows the sharing of private sector data with the government that could prevent “terrorism” or an “imminent threat of death or serious bodily harm.” That language, Open Technology Institute privacy counsel Robyn Greene has argued, means CISA might “facilitate investigations into garden-variety violent crimes that have nothing to do with cyber threats.”

“If that weren’t worrisome enough, the bill would also let law enforcement and other government agencies use information it receives to investigate, without a requirement for imminence or any connection to computer crime, even more crimes like carjacking, robbery, possession or use of firearms, ID fraud, and espionage,” Greene wrote in February. “While some of these are terrible crimes, and law enforcement should take reasonable steps to investigate them, they should not do so with information that was shared under the guise of enhancing cybersecurity.”

Russia anyone?

Or maybe China?

Yours,
Pano

PS:
For the moment, however, it’s not clear how much of that potential for surveillance has ended up in the final, amended version of the bill. And Greene says that’s problematic too. “This bill has the potential to seriously harm Americans’ privacy rights,” she said in a phone interview following the vote Thursday, “and it wasn’t even debated in public.”


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: