Privacy advocates are urging the House of Representatives and Senate to vote against bills that further increase the government’s widespread surveillance of citizens. The bills, called the “Protecting Cyber Networks Act” (H.R. 1560) and the “Cybersecurity Information Sharing Act” (S. 754) are the latest move by lawmakers to bolster the strength of the domestic spying apparatus.
One of the main objectives of the new laws is to eliminate consequences for companies that share their users’ private information with the government. The bills refer to this as “liability protection.”
…would significantly increase the National Security Agency’s (NSA) access to personal information, and authorize the federal government to use that information for a myriad of purposes unrelated to cyber security.
This is because a provision of the bill is to “require federal entities to automatically disseminate to the NSA all cyber threat indicators they receive [from corporations], including personal information about individuals.”
One of the biggest problems with the bill, aside from exempting corporations from accountability and increasing NSA power, is the broad definition of a declared “cybersecurity threat.” As defined by the House version of the bill:
The term ‘cybersecurity threat’ means an action, not protected by the first amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, confidentiality, integrity, or availability of an information system or information that is stored on, processed by or transiting an information system.
Using this vague definition, a person’s data could be shared with not just the NSA, but other “appropriate entities” including the Department of Homeland Security, Department of Defense, Department of Energy, Department of the Treasury and Department of Justice. As the letters to Congress said, the bills
…[demonstrate] the potential for government overreach, particularly when statutory language is broad or ambiguous.
For example, the letters note:
Law enforcement would be allowed to use cyber threat indicators to investigate crimes and activities that have nothing to do with cybersecurity, such as robbery, arson, carjacking, or any threat of serious bodily injury or death, regardless of whether the harm is imminent.
Unsurprisingly, the White House and president back the proposed legislation.
It is particularly ironic that proponents of the bill argue it is necessary to neutralize hackers and protect national security. After all, the United States government is guilty of the hacking they claim to want to prevent, which has in turn harmed national security by inspiring hostility from targeted nations.
Further, the legislation merely paves the legal road toward the NSA’s front (and back) door access to private data, which the spy agency has consistently voiced its desire to attain. Though they are predictable, the proposed laws demonstrate a recurring pattern in government justifications for surveillance: politicians and bureaucrats claim to increase security while respecting privacy yet continually demonstrate that the latter is their lowest priority.
The letters to lawmakers bluntly reminded lawmakers of this lack of interest in the concerns of citizens by reminding them that
Notably, Congress has yet to enact reforms that would effectively rein in the government’s surveillance activities.
The letters to Congress were signed by – among many others – the ACLU, Human Rights Watch, the Government Accountability Office, FreedomWorks, and professors from Stanford, Berkeley, and the University of Michigan. The House is expected to vote on its version of the law sometime this week while the Senate incarnation is expected to stall.
Regardless of the outcome, it remains clear that the federal government has every intention of retaining its immense surveillance powers in spite of sweeping skepticism of these policies.