Privacy Advocates Concerned As Senate Approves Controversial Cybersecurity Bill


Despite previous failures, Congress just keeps on churning through bills that propose to enhance digital security at the cost of digital privacy. The latest in the series sailed through the Senate with wide approval this week, kicking off another wave of privacy concerns.

What’s the bill?
The Cybersecurity Information Sharing Act of 2015 (S. 754), commonly called CISA. The Senate approved it this week by a vote of 74 to 21. (Five Senators did not vote.)

What’s it for?
The core idea behind CISA is to prevent cyberattacks through data-sharing. As we’ve seen over and over in the past couple of years, entities — both public and private — in the U.S. are not exactly on the ball with the whole “preventing hacks” thing. So CISA would create a mechanism streamlining the process of sharing user data for the purposes of enhanced security. Businesses would pass data related to potential threats along to the Department of Homeland Security, who would then pass it through to the NSA, FBI, and so on to ward against threats.

Why is it controversial?
In short, because of glaring threats to users’ privacy and the risk of ever-expanding surveillance.

CISA would not only permit the wide sharing of loads of personal data potentially unrelated to any threats, but also would grant businesses permission to gather and share data “notwithstanding any other provision of law” if they think there’s any cybersecurity threat going on. Given that there’s basically always some cybersecurity threat going on somewhere, that’s a pretty broad mandate.

It’s also, basically, a funnel for even more information to go directly to the NSA, where all the data would automatically head as soon as it came in to Homeland Security. Given the past few years’ revelations about how widespread, deep, and pervasive the NSA’s surveillance webs are, that sits very poorly with many people.

Who’s in favor?
Most of the Senate, obviously. The White House is also in favor (PDF), as are lobbying groups that represent major retailers.

Politically speaking, it’s a hodgepodge that doesn’t break down along partisan lines. Both the “yea” and “nay” columns had members from both parties voting in them.

Who’s against?
Privacy and consumer advocates, including Edward Snowden, the EFF, and the ACLU, are adamantly opposed to the bill.

Major tech businesses, including Salesforce, Yelp, Twitter, Reddit, and Apple, also oppose the measure, all citing their users’ privacy as being paramount and unlikely to be served by this law.

What happens next?
The House passed two related bills in April. Now, a conference committee including members from both houses of Congress will convene to hammer out some unified text that more-or-less resembles both the House and Senate versions. When they’re done, both chambers will have to agree and vote on the final text, which would then go to the White House to be signed into law.