Privacy buffs say amended CISA bill can still further gov't surveillance
The threat information-sharing bill was approved by the Senate Intelligence Committee last week.
While some lawmakers claim that a threat information-sharing bill, called CISA, was amended with substantial privacy provisions – privacy experts worry that that the bill still lacks enough protections.
Last Thursday, the Senate Intelligence Committee approved the Cybersecurity Information Sharing Act (CISA) in a 14 to 1 vote (that followed a closed door session where several amendments were added to the bill).
The legislation, which is said to advocate information-sharing between private companies and government to thwart cyberattacks like the one's striking Sony and Anthem, was strongly contested by the American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF), and other privacy rights groups and security experts earlier this month, who said that the bill lacked ample privacy protections in its drafted form.
Now that the text of the newly amended bill is available (PDF), grievances remain for some concerning the process through which companies would share information with the government.
In a Thursday interview, Gabe Rottman, legislative counsel for the ACLU, told SCMagazine.com that “it's not clear that there would be adequate privacy protections on the front-end when the information is shared with the government.”
“Once that information is shared, it can flow through the government, including to the Department of Defense, which includes the NSA,” he explained.
Notably, Sen. Ron Wyden, the sole lawmaker to vote against the bill last week, said in a statement that, “If information-sharing legislation does not include adequate privacy protections then that's not a cybersecurity bill – it's a surveillance bill by another name.”
In his interview with SCMagazine, ACLU's Rottman added that the scope of surveillance programs revealed by Edward Snowden have shown the government's “tendency to stretch the law as far as it will go,” to further surveillance.
“Here, the information would go to DHS, but it could be shared it in real-time without a privacy sweep, including with the National Security Agency,” Rottman said.