When the government averted a shutdown, it was heralded as a bipartisan effort. The more than $1 trillion omnibus bill was signed by President Obama on Dec. 18, but it is also a bipartisan effort in speaking out about the cybersecurity measure that was included in the 2,000 page bill.
The Cybersecurity Act of 2015, which has much of the same language as the Cybersecurity Information Sharing Act (CISA) that passed the Senate in October. The bill is an attempt by the government to provide more cybersecurity to companies that need help against hackers through data sharing. The premise being that hackers often hit multiple companies using similar techniques, and allowing anonymous conversations between companies on counter techniques could provide useful cyber defense, as reported by CNN. But some, like the ACLU are calling it a surveillance bill of another name.
The omnibus bill doesn’t stop the government intruding on American’s private internet activity, Sen. Rand Paul (R-KY) said.
Many not in Congress share concerns like Paul’s – some with recognizable names like Apple and Dropbox. More recently, a group of approximately 50 digital rights groups released a joint letter to Congress late last week.
“This new bill would significantly increase the National Security Agency’s (NSA) and the Federal Bureau of Investigations (FBI) access to personal information, and authorize the federal government to use that information for the myriad of purposes unrelated to cybersecurity. It also fails to provide strong privacy protections adequate clarity about what actions can be taken, what information can be shared, and how that information may be used by the government.”
One Senator has offered more insight in disagreement of CISA.
“The latest version of CISA is the worst one yet,” Sen. Ron Wyden (D-OR) said last Friday about the bill. “That means that violations of Americans’ privacy will be more likely to go unnoticed. And the Intelligence Authorization bill strips authority from an important, independent watchdog on government surveillance, the Privacy and Civil Liberties Oversight Board.”
The bill’s intention is for companies to remove personal information by both the company and the Department of Homeland Security, but removing information won’t be mandatory.
However some large companies, like IBM, had been in support of the data sharing notion, praising the bipartisan nature. IBM has voluntarily begun a project prior to the omnibus signing to anonymously share information on those attacks.
Ranking member of the House Intelligence Committee Sen. Adam Schiff (D-CA) urged support and said there were major improvements from previous sessions on privacy protections.
But there was an infamous name that essentially began the cybersecurity debate that weighed in on the issue via reddit “IAmA” thread.
“CISA isn’t a cybersecurity bill,” whistleblower Edward Snowden wrote. “It’s a surveillance bill. What it allows is for the companies you interact with every day — visibly, like Facebook, or invisibly, like AT&T — to indiscriminately share private records about your interactions and activities with the government.”