‘Patriot Act 2.0’? Senate CISA Cybersecurity Bill, Isn’t About Cybersecurity, It’s About Surveillance
In another secret session on Thursday the U.S. Senate Intelligence Committee approved a cybersecurity bill ( CISA ) during a secret session on Thursday, expanding the government’s already substantial surveillance powers.
The bill, aka ‘Patriot Act 2.0’ is the Cybersecurity Information Sharing Act (CISA), which passed by 14-1 vote, with a lone dissenting voice on the committee Sen. Ron Wyden (Democrat from Oregon.) who denounced the measure as “a surveillance bill by another name,” and said,
“This bill would open the door for continued invasive and unlawful government spying operations.”
When Wyden emerged after the vote from the secret meeting he warned the bill
“lacks adequate protections for the privacy rights of American consumers, and that it will have a limited impact on U.S. cybersecurity.”
The claim of the CISA bill would ostensibly protect against large-scale data thefts of private consumer information, exemplified by recent hacks of Target, Sony, and Home Depot. The CISA bill, reportedly underwent a many changes during the meeting, and will next go to the full Senate for debate. The passage in on the committee level, however, means it has already succeeded where other recent cybersecurity proposals have failed.
The Committee chairman Sen. Richard Burr (R-N.C.) told reporters after the vote that
“CISA would allow for private-to-private, private-to-government, and government-to-private information sharing, in a voluntary capacity. This current bill is critically important both for our agencies that keep the country safe, and the institutions that hold millions of Americans’ personal information”.
It was noted by Rachel Nusbaum, a ACLU media strategist, that making the information-sharing “voluntary” during criminal proceedings means that the government would, in-fact, be able to obtain private data without a warrant.
Rachel Nusbaum said,
“This bill is arguably much worse than CISPA [Cyber Intelligence Sharing and Protection Act] and, despite its name, shouldn’t be seen as anything other than a surveillance bill—think Patriot Act 2.0,”
Sen. Dianne Feinstein (D-Calif.), the ranking Democrat on the panel, said,
“The newest version of the bill would allow companies to defend themselves against cyberattacks but would prohibit them from taking countermeasures if a breach occurred.”
The Wall Street Journal writes:
“The bill would attempt to funnel corporate intelligence about cybersecurity threats and breaches through the Department of Homeland Security, an important distinction for many companies that don’t want the data to be housed in a military agency or an intelligence agency. DHS could share the information, if applicable, with other companies or other federal agencies, though it is supposed to be scrubbed to prevent the transfer of personal data about consumers.”
Last month a draft (pdf) of the measure was released (and met with resistance from privacy advocates) and because of its vague language could give license to the government to increase unwarranted surveillance of U.S. citizens.
Robyn Greene, policy counsel with New America’s Open Technology Institute, said
“We are glad that the Senate Intelligence Committee heard the privacy community’s concerns, and we’re eager to see if the changes to the bill will adequately address the significant threats to privacy and internet security that CISA has raised, Based on how dangerously broad and vague the last version of the bill was, it would be surprising if the bill agreed to in secret today will garner the support of the privacy community.”
Greene called the earlier draft “as much a backdoor for surveillance as it is a cybersecurity information-sharing bill.” In an interview with Wired, Greene criticized the secretive nature of the meeting, stating, “This bill has the potential to seriously harm Americans’ privacy rights and it wasn’t even debated in public.”