The CISPA-Zombie Won’t Die. Instead, It Changed Its Name To CISA And It’s Here To Violate Your Privacy.

Robyn Greene | New America Foundation | July 11, 2014

On Tuesday, the Senate Intelligence Committee met in secret and approved the Cybersecurity Information Sharing Act of 2014 (CISA)(S. 2588). The bill started out in bad shape, and privacy advocates across the country spoke out about our concerns (OTI’s analysis here; and coalition letters in opposition here and here).  And it doesn’t look like things are getting better.

Despite over a year of major disclosures about how the NSA violates Americans’ privacy and engages in cyber operations that make the Internet less secure, there seems to be little appetite for meaningfully improving privacy protections. CISA is a huge step back on privacy from the cyber legislation last taken up by the Senate, the Cybersecurity Act of 2012, and it raised many of the same alarms as CISPA.  Tuesday’s markup didn’t help things at all. The Committee adopted a version of the bill that included minor changes from the draft version, but none of those changes addressed OTI and other privacy experts’ most significant concerns. As adopted, the bill would still:

  1. Authorize automatic sharing of Americans’ cyber threat information information, including the content and metadata associated with their online communications, with the NSA;
  2. Allow excessive information sharing, countermeasures, and monitoring of users’ activities;
  3. Permit companies to share information without making an affirmative effort to find and remove irrelevant personally identifiable information...