Cybersecurity Bill Could Put More Personal Data in Government Hands

The controversial measure looks passes the Senate easily.

alxpin/iStockPhoto

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.


After months of delays and high-profile hacks against the government and private companies, the Senate is once again pushing to pass the Cybersecurity Information Sharing Act (CISA), a bill some lawmakers say is a crucial move to shore up America’s internet defenses. Yet a coalition of privacy advocates and tech companies is pushing to kill what its members call yet another mass surveillance measure. The legislation could come to a vote as early as the end of this week.

Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the chair and vice chair of the Senate Intelligence Committee, introduced the bill on Tuesday afternoon, praising it as a way for companies to share information on cyberattacks more effectively with government agencies and other corporations. Currently, if a company is hacked and tries to share information about the hack with the government or other businesses, it risks being sued on privacy grounds by customers whose data is shared. CISA would give companies legal immunity to pass such information around—and this information, the bill’s backers say, is badly needed to understand attacks and make computer systems less vulnerable.

But privacy advocates and some senators counter that the bill’s privacy protections aren’t nearly stringent enough, allowing the government to use information sharing to gain access to the personal information of millions of Americans.

Feinstein said the bill is “bipartisan, it is narrowly focused, and it puts in place a number of privacy protections.” Burr stressed the “voluntary” nature of CISA, saying companies don’t have to share information if they don’t want to. “If these companies should find no value in it, it’s simple! Don’t participate,” he said. Both senators also highlighted that the bill passed the intelligence committee in May by a bipartisan vote of 14-to-1.

The lone vote against CISA belonged to Sen. Ron Wyden (D-Ore.), who has spent months warning about the potential privacy problems in the bill. “Despite this bill’s name, a broad range of cybersecurity experts agree: CISA will do little to protect you from hackers, and it may even make things worse,” he wrote in an op-ed in July. He picked up the same theme on Tuesday, when he spoke on the Senate floor shortly after the bill was introduced. “I believe this bill will do little to make Americans safer, but will potentially reduce the personal privacy of millions of Americans in very substantial ways,” he said.

Privacy groups and many leading technology companies agree. The Computer and Communications Industry Association, a lobbying group whose members include tech giants Facebook, Amazon, and Google, has come out strongly against the bill. “CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” the group wrote in a statement last week. Twitter, Apple, and other tech companies also oppose CISA.

In addition to the bill’s privacy provisions being too broad, they say, CISA would not have prevented the kind of major hacks that have made news in recent months, including the breach of millions of personnel records at the Office of Personnel Management. Feinstein acknowledged these shortcomings on Tuesday when she called CISA “the most effective first legislative step,” to be followed by other fixes. Privacy groups also don’t buy the notion that the bill is voluntary: Amie Stepanovich, the US policy manager for the open-internet advocacy group Access, argued in Wired in August that the government has a history of demanding information sharing in order to take part in vital cybersecurity programs. “Not to comply might actually harm their corporate interests and put their customers at risk,” she wrote. 

Experts in the technology industry also contend that CISA’s deck seems stacked in favor of the government. “All the efforts we’ve heard so far are kind of greasing the skids to make it easier for the private sector to give information to the government and not the other way around,” Rick Howard, the chief security officer of Palo Alto Networks, told the Christian Science Monitor in June.

Even CISA’s detractors admit the bill seems likely to pass. As debate on the bill continued on Wednesday, senators from both parties lined up to back it and praise one another for supporting it. “There’s a lot of pressure to do something about cybersecurity, which is why senators may be leaning toward support, even [while] recognizing the bill doesn’t do what it claims it’s going to do,” says Nathan White, a senior legislative manager at Access.

But the bill’s supporters are still racing against the clock to get it finished. Congress must pass a transportation spending bill by the end of the month, and the latest of the never-ending fights over raising the debt limit needs to wrap up by November 5 to avoid a default. On Tuesday, Burr repeatedly urged senators who proposed amendments to the bill to debate them quickly so there can be a vote on CISA by the end of the week. And White sees another reason for supporters to conclude things quickly: “I think the longer it stays open, the more people consider it, and the more they look at it, the harder and harder [it] will be for them to get 60 votes.”

Update, 10/27/15: CISA passed the Senate by an overwhelming 74-21 vote on Tuesday. Passage was widely expected, but privacy advocates had hoped to strengthen privacy protections by passing several amendments, including ones that would impose stricter standards on the scrubbing of personal information, narrow the definition of the cyber threats that warrant information sharing, and remove the bill’s FOIA exemption. While those amendments failed, the Senate did approve a 10-year sunset provision and block an attempt to encourage information sharing with the FBI and Secret Service and not just the Department of Homeland Security.

The bill will now go to a conference with the House of Representatives, which passed different information sharing legislation earlier this year. Privacy adovcates are clinging to the hope that negotiations with the House might produce nothing that Congress can present to President Obama. “This will not be an easy process,” wrote privacy group Access in a statement after Tuesday’s vote. “Arguing against an amendment during debate this morning, Senator [Richard] Burr said that even ‘simple tweaks’ threaten to derail this bill.”

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with the Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with the Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate