A coalition of digital-rights and civil-liberties organizations have founded a campaign under the hashtag #CyberFail that aims to shed light on five cybersecurity bills presently under consideration in Congress.
The privacy supergroup says the bills, which are ostensibly intended to address the nation’s growing computer-security concerns, will only heighten the risk to consumers while providing federal law enforcement and intelligence agencies new authority to gather users’ personal information.
“These bills weaken privacy law without promoting security. We urge you to reject them.”
“These bills create brand new privacy-invasive surveillance powers,” said Access, one of the organizations involved, in a statement on Wednesday. “Every single one of these proposals would reward companies that send user information to the government, including the NSA and FBI, without adequately protecting user privacy.”
The campaign is supported by several organizations that have played an integral role in defeating unpopular Internet-related legislation in the past, such as the Stop Online Piracy Act (SOPA). The coalition includes Demand Progress, the Electronic Frontier Foundation (EFF), Fight for the Future, and the American Civil Liberties Union (ACLU), among others.
The five bills opposed by the coalition are (via Access):
- The Cyber Intelligence Sharing and Protection Act (CISPA), introduced in the House of Representatives and referred to the House Judiciary Subcommittee on the Constitution and Civil Justice.
- The Cyber Information Sharing Act (CISA), which passed the Senate Intelligence Committee and is expected to be voted on by the full Senate as soon as this week.
- The Protecting Cyber Networks Act (PCNA), which passed the House Intelligence Committee and is expected to be voted on by the full House on April 22.
- The Cyber Threat Sharing Act (CTSA), which was introduced in the Senate and referred to the Senate Committee on Homeland Security and Governmental Affairs.
- The National Cybersecurity Protection Advancement Act (NCPA), which passed by the House Intelligence Committee and is expected to be voted on by the full House on April 23.
“The White House has pledged to veto legislation that does not require industry and government to ‘minimize and protect personally identifiable information’ and doesn't have ‘clear legal protections and independent oversight,’” an analysis published on the website says. “Cybersecurity legislation should not permit private entities or the government to distribute users' personal information that is unrelated to any cybersecurity threat.”
Two of the bills, the Protecting Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act of 2015 (NCPA), are expected to be voted on by the house this week. Both provide broad liability protection to companies that share information with the government, a provision that was not included in President Obama’s Executive Order signed earlier this year, which merely encouraged collaboration between the federal government and the private sector.
Privacy watchdogs warn that the broad legal immunity granted to companies will inevitably result in the reckless sharing of Americans’ personal information, which in turn may be used by the government for purposes other than protecting the country’s digital infrastructure.
“The bills aim to allow private companies to share large swaths of private information with the government with no legal process whatsoever, essentially carving a giant hole in the country’s myriad privacy laws,” wrote Trevor Timm, executive director of the Freedom of the Press Foundation, on Tuesday. Timm adds that the bills include exemptions from the Freedom of Information Act that he says "would prevent the public from ever being able to find out what type or amount of information these companies handed over.”
Last week, more than 65 cybersecurity professional and academics signed a letter urging members of Congress to withdraw support from the bills, warning that excess sharing of information would “significantly harm privacy and could actually undermine our ability to effectively respond to threats.”
The signatories included professors from Yale University; the University of California, Berkeley; and the Massachusetts Institute of Technology; and security professionals from over a dozen major Internet companies, including Twitter, Mozilla, and Amazon.
“We appreciate your interest in making our networks more secure, but the legislation proposed does not materially further that goal, and at the same time it puts our users’ privacy at risk,” they authors wrote. “These bills weaken privacy law without promoting security. We urge you to reject them.”
Photo by Dennis Skley/Flickr (CC BY-ND 2.0)
