CAPITOL HILL — Last week, the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act (CISA). Its supporters say the bill protects personal information while allowing for information sharing to take place. However, critics of CISA argue that the bill’s language is vague and does not protect users’ privacy.
Passed in a closed-door session, at least 15 amendments were added to the bill to assuage concern that it is too broad in its powers. CISA aims to have the government and private companies work together to collect information that could halt a major cyberattack.
Committee Chairman Richard Burr (R-N.C.) praised the bill, saying:
“This legislation protects the privacy rights of Americans while also minimizing our vulnerability to cyberattacks. . . . Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes.”
Only one member of the Senate Intelligence Committee voted against its passage. Ron Wyden (D-Ore.) said that while it may be necessary for companies to share information about cyberthreats:
“This information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens.”
Wyden closed by calling it “a surveillance bill by another name.”
Writing for Gizmodo, Kate Knibbs notes that although the bill does not force private companies to share information, there is reason to suspect that the authority given in the bill will be used liberally:
“CISA gives a wide berth of immunity to private companies in the bill, which means they’ll have zero incentive not to overshare your personal information. CISA would help companies get out of violations of the Wiretap Act, for example.”
Wired.com also reports that the bill’s protections of companies would overrule previous laws and lead to further invasions of privacy:
“That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restricts eavesdropping and sharing users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence.”
A previous version of CISA was considered in Congress in 2014, but never reached the floor for a vote due largely to objections from privacy advocates. The similarly-named CISPA was also twice defeated in the face of energetic opposition. However, proponents of CISA may be attempting to avoid concerted resistance. Sen. Burr told The Hill last week that he expects the bill will be “expedited” to a “vote on the Senate floor.”