Cybersecurity Information Sharing Act (CISA): ‘Surveillance Bill in Disguise’ Takes New Step Towards Passage
CISA would allow technology companies 'to hand over huge amounts of our information without any legal process whatsoever, as long as they have a vague cybersecurity purpose.'
Image: An anti-CISA demonstration outside the U.S. Capitol building on Thursday night. (Photo: Fight for the Future)
The U.S. Senate has moved forward the Cybersecurity Information Sharing Act (CISA)—legislation denounced by its many critics as “a surveillance bill in disguise.”
With bipartisan support, CISA passed 83-14 in a procedural vote on Thursday.
“The Senate just did a really bad thing,” Techdirt‘s Mike Masnick wrote Thursday, and offered a list of the senators he said “just voted to increase surveillance and decrease trust in our internet companies, thereby harming the American economy and innovation.”
As to why the legislation, touted by its supporters as strengthening national cybersecurity, is bad, Freedom of the Press Foundation‘s Trevor Timm has written that CISA is “really a surveillance bill in disguise.” He continues:
The main crux of the bill is to carve a giant exception into all our current privacy laws so as to allow tech companies like Google and Amazon to hand over huge amounts of our information without any legal process whatsoever, as long as they have a vague cybersecurity purpose.
But tech companies including Google are among those in the industry that have joined the chorus of those coming out against the legislation.
The Electronic Frontier Foundation further noted Thursday:
CISA is fundamentally flawed. The bill’s broad immunity clauses, vague definitions, and aggressive spying powers combine to make the bill a surveillance bill in disguise. Further, the bill does not address problems from the recent highly publicized computer data breaches that were caused by unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.
Among the 14 senators who voted against the bill is Patrick Leahy (D-Vt.), who echoed Timm’s comments in stating ahead of the vote that CISA “giv[es] large corporations more liability protection and even more leeway on how to use and share our personal information with the government—without adequate privacy protections.”
The American Library Association (ALA) is also among the groups against CISA, and joined dozens of civil society organizations and security experts in issuing a letter (pdf) to senators earlier this year urging them to vote against the legislation.
“When librarians oppose a bill with ‘information sharing’ in its name you can be sure that the bill is decidedly more than advertised,” ALA president Sari Feldman stated last week, and added that CISA “could function, as a practical matter, as a new warrantless surveillance tool.”
Prompted by the vote, some of the organizations against the legislation, including Fight for the Future, CODEPINK, and Restore the Fourth, staged a CISA protest on Thursday night outside the U.S. Capitol building.
“The U.S. government’s deplorable surveillance programs and pathetic cybersecurity have already severely damaged the public’s trust in tech companies and their members of Congress,” Evan Greer, campaign director of Fight for the Future, said in a statement issued Friday.
“If they choose to ignore the blatantly overwhelming opposition to this bill and pass it anyway, that damage could become irreparable,” Greer’s statement continued. “This moment will go down in history, and politicians need to decide which side of history they want to be on: the side that fought for freedom or the side that gave it away.”
The legislation is set for a final vote on Tuesday. The House has already passed its version of the bill.