Today, the American Library Association joined 38 other companies and civil liberties organizations to urge the Senate to protect Americans’ privacy when drafting new cybersecurity legislation. The coalition letter submitted to Congress by the group asks that new cybersecurity information sharing legislation maintains the privacy protections from the Cybersecurity Act of 2012 (S.3414).
“The newly disclosed NSA programs clearly illustrate that the government will interpret any surveillance laws aggressively, and that that any new legislation to permit government access to Americans’ communications information must include robust and meaningful privacy safeguards to avoid intrusions into our civil liberties and constitutional rights,” the letter states.
The letter calls on the Senate to maintain the following privacy provisions:
- A requirement that information shared with the government as part of a cybersecurity information sharing program be directed only to civilian agencies — recent disclosures about the NSA’s misuse of the Patriot Act and the FISA Amendments Act to justify broad and intrusive surveillance programs make it clear that the NSA should not be the direct recipient of private sector cybersecurity information and that strong protections must be built into the law;
- Strict limits to prevent information collected under cybersecurity programs to be used for general criminal prosecutions or national security purposes unrelated to cybersecurity;
- A requirement that companies make reasonable efforts to remove personally identifiable information that is irrelevant to cyber threats before they share threat information;
- Robust oversight and accountability provisions such as independent audits and reports