New controversial cybersecurity bill a threat to privacy

As the US Senate prepares to vote on the controversial Cybersecurity Information Sharing Act just days before the August recess, the Department of Homeland Security (DHS) has warned that the privacy of US citizens and organisations may be compromised. The DHS has also warned that the proposed legislation might slow down response to cyber attacks, and therefore be counter productive.

Additionally, a number of IT firms and privacy advocates are convinced that the proposed legislation will make it much easier for the National Security Agency (NSA) to acquire corporate and personal information that it not related to cybersecurity.

The new cybersecurity bill aims to create incentives that will encourage companies to share information of cyber threats with the federal government, and has generally been welcomed. But potential threats to privacy and other issues could stall implementation of the legislation until next year, because there simply isn’t enough time to debate issues before the upcoming recess at the end of this week.

Privacy Threat

An active privacy advocate, Senator Al Franken (Democrat) has made public a letter to him from the deputy secretary of the DHS, Alejandro Mayorkas that indicates if the bill is passed in its current form, it could undermine the cybersecurity objectives of the nation as a whole. It would also threaten “important privacy protections and civil liberties.”

Senator Bernie Sanders (Democrat), who is running for president, has proposed an amendment to the Cybersecurity Information Sharing Act (CISA) that will establish a group that will investigate the implications relating to privacy and how data gathered might be used. Essentially he wants transparency for consumers and for government because of the real threat of modern technology on the privacy of Americans. His argument is that public policy has been outpaced by technology, and already “a huge amount of information” is being collected about individuals from where they go to what they do.

Also an active advocate for the individual right to privacy, Sanders voted against the USA Freedom Act earlier this year, because he said it did not safeguard privacy. Amongst other things, the legislation, enacted in June this year, “reformed” the way federal government conducts electronic surveillance, uses trap and trace devices, gathers information for counter-terrorism, foreign intelligence and criminal purposes, and accesses business records.

Two other senators, Dianne Feinstein (Democrat) and Richard Burr (Republican), have also proposed changes to the bill that will limit what government can do with information shared. For example, they say it should only be used for cybersecurity purposes and not to prosecute criminals, even in the case of “serious violent felonies.”

Calls to Pass the Bill Immediately

This is the third time a cybersecurity bill of this type has been presented to the Senate. To prevent it being stalled a third time, the US Chamber of Commerce – a very influential body – has urged “every member” to pass the Cybersecurity Information Sharing Act of 2015 immediately. When the bill was approved by the Senate’s Intelligence Committee in March this year there was only one vote against it – that of Senator Ron Wyden (Democrat) who continues to push for amendments before it becomes law.

Mitch McConnell, Senate Majority Leader (Republican) has also urged senators to pass the bill immediately.

If the bill is passed this week, it will still need to be “reconciled” with cybersecurity bill passed by the House of Representatives in April. Only then can it sent to President Barack Obama for signing into law.