Cyber legislationEFF leads privacy advocates in opposing CISA

Published 23 October 2015

Privacy advocates have intensified their campaign against the Cybersecurity Information Sharing Act (CISA), which the Senate will vote on sometime next week. The Electronic Frontier Foundation (EFF) says it vehemently opposes the bill, as well as amendments which would expand the Computer Fraud and Abuse Act. EFF says that CISA is fundamentally flawed. The bill’s broad immunity clauses, vague definitions, and what EFF describes as “aggressive spying powers” combine to “make the bill a surveillance bill in disguise.”

Privacy advocates have intensified their campaign against the Cybersecurity Information Sharing Act (CISA), which the Senate will vote on sometime next week. The Electronic Frontier Foundation (EFF) says it vehemently opposes the bill, as well as amendments which would expand the Computer Fraud and Abuse Act.

EFF says that CISA is fundamentally flawed. The bill’s broad immunity clauses, vague definitions, and what EFF describes as “aggressive spying powers” combine to “make the bill a surveillance bill in disguise.” Further, EFF notes that the bill does not address problems from the recent highly publicized computer data breaches that were caused by unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.

EFF says it also opposes Senator Sheldon Whitehouse’s amendment to the Computer Fraud and Abuse Act..

The CFAA makes it illegal intentionally to access a computer without authorization or in excess of authorization. EFF says, however, that much of what we do online every day — from storing photos in the cloud to watching movies to using social networks to buying a plane ticket — involves accessing other people’s computers, often with a password. The CFAA does not explain what “without authorization” actually means.

“Overzealous prosecutors have gone so far as to argue that the CFAA criminalizes violations of private agreements like an employer’s computer use policy or a Web site’s terms of service,” EFF says, “and have taken advantage of this lack of clarity by bringing criminal charges that are not really about hacking a computer, but instead about doing things on a computer network that the owner does not like.”

The changes proposed to the CFAA by Senator Whitehouse would give the government and corporations even more ways to abuse the law, EFF says, adding: “We recommend the Senate take a page out of EFF’s common sense changes to the Computer Fraud and Abuse Act if the chamber wants to modify the law.”

Many of these changes can also be found in “Aaron’s Law,” which was introduced by Representative Zoe Lofgren (D-California) and Senator Ron Wyden (D-Oregon) following the prosecution of Aaron Swartz.

CISA will come to a vote on the Senate Floor in the coming week. We urge users to call their Senators and tell them to vote against CISA,” EFF says.