Government Pulls Another Fast One With CISA Legislation

Last week, while our usually staunch protectors of internet freedoms, the nerds, were busy swinging their lightsabers around to the new Star Wars, Congress was able to pass yet another piece of “cybersecurity” legislation. Ostensibly, it was designed to keep Americans safe from nebulously defined hacks and outside threats, but if that were true then why sneak it on the back of a vital budget bill? The Cybersecurity Information Sharing Act, which you might have heard about in October when it passed through the Senate, has repeatedly raised a number of legitimate privacy concerns as it’s been revealed to be less of a “keep America safe” kind of act, and more of a not-so-carefully disguised attempt to make surveillance on the average American even easier.

You may recall Congress making claims that the bill was being implemented to “develop procedures to share cybersecurity threat information with private entities, non-federal government agencies, state, tribal and local governments, the public, and entities under threats.” You might even remember reassurances that the bill was strictly to disrupt external cybersecurity threats, and that as it was reconciled with an even earlier draft of the legislation, there would be limits on the purposes for which gathered information could be used.

However, in the rush to get it passed, Congress have pulled out all of the stops and gone straight to cribbing ideas that seem to come straight from an Orwell novel. The current version Congress has approved contains a number of questionable choices, chief among them, removing the previous limitation on using information gathered through CISA for surveillance. Well, how about that? If the bill wasn’t about spying on folks, why make it so easy to spy on folks? The bad news doesn’t stop there, sadly, there are several other egregious provisions contained in the bill: Any information collected can be freely passed around between government agencies, NSA included.  The sharing of info is voluntary, at least, but to sweeten the pot for companies, the government is offering up liability protections for giving up the goods (a veritable open invitation to hand over everything).

The bill was not without its opponents, however. In addition to the usual privacy groups getting up in arms, companies like Dropbox, Reddit, and Amazon all expressed displeasure with the legislation. Apple CEO Tim Cook delivered perhaps the strongest words when interviewed by Charlie Rose: “I don’t believe the tradeoff here is privacy versus national security,” he said. “We’re America, we should have both.”

Perfectly stated. Here’s to hoping the message will reign supreme among the tech world, and there will be some real pushback against a government that seems keen on overstepping its bounds. If Congress were serious about combating “cyber-threats,” perhaps the government would genuinely consider legitimate solutions, like bolstering encryption instead of trying to circumvent it to collect dirt on citizens.