The Senate Intelligence Committee, by a 12-3 vote, advanced a cybersecurity bill on Tuesday that civil liberties groups say will threaten civilians’ Fourth Amendment rights, according to a representative from the Open Technology Institute.
Maryland Senator Barbara Mikulski (D-Md.), a senior member of the Senate Select Committee on Intelligence said she had concerns about the bill. “For many years, I have pounded on the table for Congress to pass cyber security legislation. We simply cannot sit idle while Americans safety, personal identities and intellectual property are being stolen each day over the Internet. The bill passed by the Intelligence Committee is not perfect. I believe we can improve cyber security while preserving Americans’ privacy. I am open to working with privacy groups, business groups and any other groups interested in the bill on the next steps with this bipartisan bill so we can improve it and strengthen it together.”
The Cybersecurity Information Sharing Act of 2014 (CISA), which was co-sponsored by Sen. Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.), would open up information sharing between the government and corporations by protecting companies from lawsuits if they willingly hand over information about their customers in the name of cybersecurity, according to CISA, Sections 3, 4, 5, and 6.
“To strengthen our networks, the government and private sector need to share information about attacks they are facing and how best to defend against them,” Committee Chairman Dianne Feinstein (D-Calif.) said in a statement. “This bill provides for that sharing process and with significant measure to protect private information.”
However, civil liberties groups, including the American Civil Liberties Union (ACLU) and the Open Technology Institute, worry the bill’s vague wording and information sharing provisions would provide government agencies, such as the National Security Agency (NSA), with almost unfettered access to citizens’ personal information.
“As drafted, CISA would allow vast amounts of Americans’ information to flow indiscriminately to the NSA, without even requiring that all Personally Identifiable Information be stripped,” explained Robyn Green, Policy Counsel of the Open Technology Institute.
The bill would allow for any information acquired to be used in criminal proceedings without requiring a warrant, as well as providing companies with immunity from liability, according to CISA, Section 6, meaning that civilians won’t be able to take legal action against companies for sharing their personal information.
Under information sharing provisions included in the act, the Department of Homeland Security (DHS) is required to share information with the NSA “in real time,” according to the Cybersecurity Information Sharing Act of 2014, Section 5, Part C.
Nothing in the bill addresses the Snowden revelations about NSA surveillance, “some of which undermines cybersecurity,” according to the Center for Democracy and Technology’s Greg Nojeim.
“Among other things, CISA must ensure that companies may only share information with a civilian federal entity, and that it does not result in de facto sharing with the NSA because of immediate dissemination requirements,” said Green. “The Senate also needs to establish cyber rules-of-the-road for the NSA.”
The bill’s definition of a cybersecurity threat is vague, which would allow government agencies to potentially have access to harmless, albeit personal, information according to the Center for Democracy and Technology’s analysis of the bill.
According to the bill’s definition, something as small as being on a spam list could cause civilians to be associated with a cyber threat, Amie Stepanovich, an attorney with the civil liberties group Access, told Motherboard.
The controversial bill has also provoked the hacktivist group Anonymous, spurring the organization to post a video on Youtube threatening legislators and their loved ones if they continue with CISA.
“Our legion’s wrath will fall on each senator, representative, corporation, and official who voices support for this bill,” proclaimed Anonymous in the video. “Every action you perform, every word you say, we will know. If you value the sanctity of your loved ones as well as your own, it will be best for you to back down and drop this bill…If not, we will be forced to show you our legion’s extent. We will march through the streets and we will make sure our voices keep you awake.”
The Capitol Police, which is tasked with protecting members of Congress, would not comment on how these threats are being addressed as the agency does not discuss issues that are “law enforcement sensitive and confidential in nature,” said Shennell Antrobus, a representative for the Capitol Police.
Earlier copies of this story erroneously said Mikulski’s office hadn’t responded to our media inquiries.