Cybersecurity Bill Could Put More Personal Data in Government Hands

The controversial measure looks passes the Senate easily.

alxpin/iStockPhoto

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.


After months of delays and high-profile hacks against the government and private companies, the Senate is once again pushing to pass the Cybersecurity Information Sharing Act (CISA), a bill some lawmakers say is a crucial move to shore up America’s internet defenses. Yet a coalition of privacy advocates and tech companies is pushing to kill what its members call yet another mass surveillance measure. The legislation could come to a vote as early as the end of this week.

Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the chair and vice chair of the Senate Intelligence Committee, introduced the bill on Tuesday afternoon, praising it as a way for companies to share information on cyberattacks more effectively with government agencies and other corporations. Currently, if a company is hacked and tries to share information about the hack with the government or other businesses, it risks being sued on privacy grounds by customers whose data is shared. CISA would give companies legal immunity to pass such information around—and this information, the bill’s backers say, is badly needed to understand attacks and make computer systems less vulnerable.

But privacy advocates and some senators counter that the bill’s privacy protections aren’t nearly stringent enough, allowing the government to use information sharing to gain access to the personal information of millions of Americans.

Feinstein said the bill is “bipartisan, it is narrowly focused, and it puts in place a number of privacy protections.” Burr stressed the “voluntary” nature of CISA, saying companies don’t have to share information if they don’t want to. “If these companies should find no value in it, it’s simple! Don’t participate,” he said. Both senators also highlighted that the bill passed the intelligence committee in May by a bipartisan vote of 14-to-1.

The lone vote against CISA belonged to Sen. Ron Wyden (D-Ore.), who has spent months warning about the potential privacy problems in the bill. “Despite this bill’s name, a broad range of cybersecurity experts agree: CISA will do little to protect you from hackers, and it may even make things worse,” he wrote in an op-ed in July. He picked up the same theme on Tuesday, when he spoke on the Senate floor shortly after the bill was introduced. “I believe this bill will do little to make Americans safer, but will potentially reduce the personal privacy of millions of Americans in very substantial ways,” he said.

Privacy groups and many leading technology companies agree. The Computer and Communications Industry Association, a lobbying group whose members include tech giants Facebook, Amazon, and Google, has come out strongly against the bill. “CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” the group wrote in a statement last week. Twitter, Apple, and other tech companies also oppose CISA.

In addition to the bill’s privacy provisions being too broad, they say, CISA would not have prevented the kind of major hacks that have made news in recent months, including the breach of millions of personnel records at the Office of Personnel Management. Feinstein acknowledged these shortcomings on Tuesday when she called CISA “the most effective first legislative step,” to be followed by other fixes. Privacy groups also don’t buy the notion that the bill is voluntary: Amie Stepanovich, the US policy manager for the open-internet advocacy group Access, argued in Wired in August that the government has a history of demanding information sharing in order to take part in vital cybersecurity programs. “Not to comply might actually harm their corporate interests and put their customers at risk,” she wrote. 

Experts in the technology industry also contend that CISA’s deck seems stacked in favor of the government. “All the efforts we’ve heard so far are kind of greasing the skids to make it easier for the private sector to give information to the government and not the other way around,” Rick Howard, the chief security officer of Palo Alto Networks, told the Christian Science Monitor in June.

Even CISA’s detractors admit the bill seems likely to pass. As debate on the bill continued on Wednesday, senators from both parties lined up to back it and praise one another for supporting it. “There’s a lot of pressure to do something about cybersecurity, which is why senators may be leaning toward support, even [while] recognizing the bill doesn’t do what it claims it’s going to do,” says Nathan White, a senior legislative manager at Access.

But the bill’s supporters are still racing against the clock to get it finished. Congress must pass a transportation spending bill by the end of the month, and the latest of the never-ending fights over raising the debt limit needs to wrap up by November 5 to avoid a default. On Tuesday, Burr repeatedly urged senators who proposed amendments to the bill to debate them quickly so there can be a vote on CISA by the end of the week. And White sees another reason for supporters to conclude things quickly: “I think the longer it stays open, the more people consider it, and the more they look at it, the harder and harder [it] will be for them to get 60 votes.”

Update, 10/27/15: CISA passed the Senate by an overwhelming 74-21 vote on Tuesday. Passage was widely expected, but privacy advocates had hoped to strengthen privacy protections by passing several amendments, including ones that would impose stricter standards on the scrubbing of personal information, narrow the definition of the cyber threats that warrant information sharing, and remove the bill’s FOIA exemption. While those amendments failed, the Senate did approve a 10-year sunset provision and block an attempt to encourage information sharing with the FBI and Secret Service and not just the Department of Homeland Security.

The bill will now go to a conference with the House of Representatives, which passed different information sharing legislation earlier this year. Privacy adovcates are clinging to the hope that negotiations with the House might produce nothing that Congress can present to President Obama. “This will not be an easy process,” wrote privacy group Access in a statement after Tuesday’s vote. “Arguing against an amendment during debate this morning, Senator [Richard] Burr said that even ‘simple tweaks’ threaten to derail this bill.”

WE'LL BE BLUNT

It is astonishingly hard keeping a newsroom afloat these days, and we need to raise $253,000 in online donations quickly, by October 7.

The short of it: Last year, we had to cut $1 million from our budget so we could have any chance of breaking even by the time our fiscal year ended in June. And despite a huge rally from so many of you leading up to the deadline, we still came up a bit short on the whole. We can’t let that happen again. We have no wiggle room to begin with, and now we have a hole to dig out of.

Readers also told us to just give it to you straight when we need to ask for your support, and seeing how matter-of-factly explaining our inner workings, our challenges and finances, can bring more of you in has been a real silver lining. So our online membership lead, Brian, lays it all out for you in his personal, insider account (that literally puts his skin in the game!) of how urgent things are right now.

The upshot: Being able to rally $253,000 in donations over these next few weeks is vitally important simply because it is the number that keeps us right on track, helping make sure we don't end up with a bigger gap than can be filled again, helping us avoid any significant (and knowable) cash-flow crunches for now. We used to be more nonchalant about coming up short this time of year, thinking we can make it by the time June rolls around. Not anymore.

Because the in-depth journalism on underreported beats and unique perspectives on the daily news you turn to Mother Jones for is only possible because readers fund us. Corporations and powerful people with deep pockets will never sustain the type of journalism we exist to do. The only investors who won’t let independent, investigative journalism down are the people who actually care about its future—you.

And we need readers to show up for us big time—again.

Getting just 10 percent of the people who care enough about our work to be reading this blurb to part with a few bucks would be utterly transformative for us, and that's very much what we need to keep charging hard in this financially uncertain, high-stakes year.

If you can right now, please support the journalism you get from Mother Jones with a donation at whatever amount works for you. And please do it now, before you move on to whatever you're about to do next and think maybe you'll get to it later, because every gift matters and we really need to see a strong response if we're going to raise the $253,000 we need in less than three weeks.

payment methods

WE'LL BE BLUNT

It is astonishingly hard keeping a newsroom afloat these days, and we need to raise $253,000 in online donations quickly, by October 7.

The short of it: Last year, we had to cut $1 million from our budget so we could have any chance of breaking even by the time our fiscal year ended in June. And despite a huge rally from so many of you leading up to the deadline, we still came up a bit short on the whole. We can’t let that happen again. We have no wiggle room to begin with, and now we have a hole to dig out of.

Readers also told us to just give it to you straight when we need to ask for your support, and seeing how matter-of-factly explaining our inner workings, our challenges and finances, can bring more of you in has been a real silver lining. So our online membership lead, Brian, lays it all out for you in his personal, insider account (that literally puts his skin in the game!) of how urgent things are right now.

The upshot: Being able to rally $253,000 in donations over these next few weeks is vitally important simply because it is the number that keeps us right on track, helping make sure we don't end up with a bigger gap than can be filled again, helping us avoid any significant (and knowable) cash-flow crunches for now. We used to be more nonchalant about coming up short this time of year, thinking we can make it by the time June rolls around. Not anymore.

Because the in-depth journalism on underreported beats and unique perspectives on the daily news you turn to Mother Jones for is only possible because readers fund us. Corporations and powerful people with deep pockets will never sustain the type of journalism we exist to do. The only investors who won’t let independent, investigative journalism down are the people who actually care about its future—you.

And we need readers to show up for us big time—again.

Getting just 10 percent of the people who care enough about our work to be reading this blurb to part with a few bucks would be utterly transformative for us, and that's very much what we need to keep charging hard in this financially uncertain, high-stakes year.

If you can right now, please support the journalism you get from Mother Jones with a donation at whatever amount works for you. And please do it now, before you move on to whatever you're about to do next and think maybe you'll get to it later, because every gift matters and we really need to see a strong response if we're going to raise the $253,000 we need in less than three weeks.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate