It’s back to the “barricades” for librarians and our many civil liberties coalition allies. Just over a year ago, District Dispatch sounded the alarm about the return of privacy-hostile “cybersecurity” or “information sharing” legislation. Again dubbed a “zombie” for its ability to rise from the legislative dead, the current version of the bill (S. 754) goes by the innocuous name of the “Cybersecurity Information Sharing Act” . . . but “CISA” is anything but. As detailed below, not only won’t it be effective as advertised in thwarting cyber-attacks, but it de facto grants broad new mass data collection powers to many federal, as well as state and even local, government agencies!
CISA was approved in a secret session last March by the Senate Intelligence Committee. In April, ALA and more than 50 other organizations, leading cybersecurity experts and academics called on Congress to fix its many flaws in a detailed letter. Since then, S. 754 hasn’t had a single public hearing in this Congress. Nonetheless, Senate Majority Leader Mitch McConnell (R-KY) is pushing for a vote on S. 754 by the full Senate right now, before the Senate breaks for its summer recess in a matter of days. Sadly, unless we can stop it, this dangerously and heavily flawed bill looks to be headed for passage even if not amended at all.
Touted by its supporters as a means of preventing future large-scale data breaches like the massive one just suffered by the federal government’s Office of Personnel Management, leading security experts argue that CISA actually won’t do much, if anything, to prevent such incursions . . . and many worry that it could make things worse. As detailed by our compatriots at New America’s Open Technology Institute and the Center for Democracy and Technology, what it will do is create incentives for private companies and the government to widely share huge amounts of Americans’ personally identifiable information that will itself then be vulnerable to sophisticated hacking attacks. In the process, the bill also creates massive exemptions from liability for private companies under every major consumer privacy protection law now on the books.
Your collected personal information would be shared instantly under the bill among many federal agencies including the Office of the Director of National Intelligence, the Department of Defense, NSA and the Department of Justice. Worse yet, it also would be shared with garden variety law enforcement entities at every level of government. None of them would be required to adequately restrict how long they can retain that personal information, or limit what kinds of non-cyber offenses the information acquired could be used to prosecute. If enacted, that would be a sweeping “end run” on the Fourth Amendment and, in effect, make CISA a broad new surveillance bill.
CISA also allows both the government and private companies to take rapid unilateral “countermeasures” to retaliate against perceived threats, which may disable or disrupt many computer networks, including for example a library system’s or municipal government’s, believed to be the source of a cyber-attack.
With all of its defects and dangers, it’s no wonder that CISA’s been labelled a “zombie!” Now, it’s time for librarians to rise again, too . . . to the challenge of once more stopping CISA in its tracks. This time around, in addition to just calling on the President to threaten to veto CISA as he has in the past, ALA has partnered with more than a dozen other national groups to do it in a way so old it’s novel again: sending Senate offices thousands . . . of faxes.
Courtesy of our friends at AccessNow.org, you can join this retro campaign to protect the future of your privacy by delivering a brief, pre-written message online with just a single mouse click at www.stopcyberspying.com now! (If you prefer, you’ll also have the option of writing your own message.)
Together we can stop CISA one more time, but votes could happen anytime now. Please act today!
Additional Information and Resources