The Senate just passed a cybersecurity bill that wont do crap to prevent hacks. What it will do is help the government spy on its citizens.
The Cybersecurity Information Sharing Act (CISA) passed Senate today with a vote of 74-21. All five amendments proposed to water down the bills broad language and spying permissions failed, and the Senate passed a motion to prevent filibusters.
If CISA sounds familiar, it should: Like a horny zombie looking to skullf*** the nations privacy, its similar CISPA, an older cybersecurity bill that would let private companies turn over any of your personal data to the government as long as the information fell under a broad definition of relevance.
This is why you should care about it.
What CISA Would Do
CISA is designed to make it easier for companies like Google or Facebook to share information about possible cyberattacks with the government. And by information I mean user data. If two ISIS bros are obviously plotting 9/11 pt. 2 via Twitter DM, CISA is theoretically supposed to make it easier to get that information to the right people. The problem isnt the general idea, but the execution.
CISA has no safeguards to prevent companies from sharing irrelevant personal information, just vague wording about the need for a cyber threat indicator to pass data along.
Companies wont need to redact any personal signifying information unless they have proven it is NOT related to the threat, which means itll be way easier to err on the side of not redacting anythingespecially since those companies arent liable for the data, so there isnt any incentive not to give it up.
The sponsors set up a test that virtually guarantees there wont be any serious effort to weed out unrelated information, Sen. Ron Wyden (D-Ore.) told me. Wyden is a vocal opponent of CISA, and hes not done fighting it, despite todays vote. Wyden spearheaded the campaign against SOPA and PIPA, and hes hoping for a similar rallying moment online.
A Direct Pipeline to the NSA
If CISA becomes law, the Department of Homeland Security will share the data it funnels from tech companies immediately with the National Security Agency, which has a track record of making the broadest possible interpretations of what data should get collected. Wyden calls this a direct pipeline to the NSA.
The DHS will also immediately share all the data with the Department of Defense, and the Office of the Director of National Intelligence, so any information companies pass along will be fair game to get pored over by multiple government agencies.
High-profile hacks like the OPM breach have Congress scared, and eager to pass any bill with cybersecurity in the title. But creating a centralized portal for the information of millions of people is a dangerous game.
I think that handing over this personal information is something that foreign hackers are going to pay attention to, Wyden said.
Not a Cybersecurity Solution
CISA gives tech companies free reign to pass data along, but most major tech companies hate this bill because they have the foresight to realize its a privacy craphow. We dont support the current CISA proposal, Apple said in a statement last week. The trust of our customers means everything to us and we dont believe security should come at the expense of their privacy.
Its not just tech companies that hate the bill. Privacy activists are very pissed about it. Here are some reactions from prominent groups:
This vote will go down in history as the moment that lawmakers decided not only what sort of Internet our children and our childrens children will have, but what sort of world they will live in. Every Senator who voted for CISA has voted for a world without freedom of expression, a world without true democracy, a world without basic human rights. - Fight the Future
This bill will make our digital lives both less secure and less private. It will funnel an enormous amount of sensitive information into government hands, where it can be used in cases that have nothing to do with cybersecurity. The government will be able to use this private data for programs that look exactly like the mass NSA surveillance revealed over the past several years. We thank those senators who sought to improve the bill, and especially those who opposed it outright, but this is a bad day for civil liberties. - Gabe Rottman, legislative counsel in the ACLU Washington Legislative Office
The Senate voted for a bill that could allow companies to transfer vast amounts of private citizens personal data to government databases. Thats a cybersecurity problem, not a cybersecurity solution. This bill places our privacy at needless risk while ignoring the basic security measures technologists have long advocated, such as strong encryption. When will Congress get serious about protecting our privacy and security? Elizabeth Goitein, co-director of the Liberty and National Security Program at the Brennan Center for Justice
Can We Stop It?
Ive written about CISA before, and what I said then bears repeating. Public outcry helped get rid of CISPA twice, and even though batting down these careless bills can feel like a state-sponsored nightmare version of Whack-A-Mole, the other option is just accepting them.
The only way to prevent one from eventually passing is to keep caring and
letting Congress know these bills are unacceptable each time one is introduced.
