PrivacyPrivacy advocates worried about new Senate cybersecurity bill

Published 1 July 2014

Privacy groups are concerned that a new Senate cybersecurity bill could give the NSA unrestricted access to personal information of Americans. The Cybersecurity Information Sharing Act (CISA), a counterpart to the Cyber Intelligence Sharing and Protection Act (CISPA) which passed the House in 2013, would create a “gaping loophole in existing privacy law,” several privacy advocacy groups wrote in a letter to lawmakers.

Privacy groups are concerned that a new Senate cybersecurity bill could give the NSA unrestricted access to personal information of Americans. The Cybersecurity Information Sharing Act (CISA), a counterpart to the Cyber Intelligence Sharing and Protection Act (CISPA) which passed the House in 2013, would create a “gaping loophole in existing privacy law,” the American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation, along with other privacy groups wrote in a letter to senators last Thursday. “Instead of reining in NSA surveillance, the bill would facilitate a vast flow of private communications data to the NSA,” many privacy groups warned in a second letter to lawmakers.

Nextgov reports that the bill, authored by Senate Intelligence Committee chairwoman Dianne Feinstein (D-California) and ranking member Saxby Chambliss (R-Georgia), will allow the government and private sector to share more information regarding attacks on computer networks. Business groups have been demanding a legal framework which will allow them to share information about cyberattacks with fellow businesses and the government, thus helping to warn against and prevent future attacks on the private sector. Privacy groups fear that the legislation will encourage companies such as Google to submit private user information to the government. Although the information will first go to DHS, it could then be shared with the NSA and other intelligence agencies. “This new flow of private communications information to NSA is deeply troubling given the past year’s revelations of overbroad NSA surveillance,” the groups wrote in one of the letters.

Opponents of the bill argued that the bill allows for broad use of cyberdata once the government has access to it. Information could then be used as evidence by state and local law enforcement in routine criminal investigations and prosecutions. Feinstein rejected that argument, saying that her bill includes “numerous privacy protections to ensure individuals and companies do not inappropriately share personally identifying information and to protect against the government’s use of voluntarily shared cybersecurity information outside of narrow cyber-related purposes.”

The bill has been reviewed and edited to meet recommendations by privacy advocates, Feinstein said. “I believe the bill strikes a balance between the need to share information to improve cybersecurity and the need to safeguard the information being shared.”

The Senate Intelligence Committee plans to mark up the bill after the July Fourth recess.