The U.S. Senate Intelligence Committee approved a cybersecurity bill during a secret session on Thursday, marking the next step in a process that critics warn will nefariously expand the government’s already substantial surveillance powers.
The Cybersecurity Information Sharing Act (CISA), which passed by 14-1 vote, would ostensibly protect against large-scale data thefts of private consumer information, exemplified by recent hacks of Target, Sony, and Home Depot. But critics—including the lone dissenting voice on the committee Sen. Ron Wyden (D-Or.)—say it would open the door for continued invasive and unlawful government spying operations.
Although Wyden denounced the measure as “a surveillance bill by another name,” his opposition was unable to stop the proposal from being approved by the committee. The bill, which reportedly underwent a dozen changes during the meeting, will next go to the full Senate for debate. Its passage in committee, however, means it has already succeeded where other recent cybersecurity proposals have failed.
Committee chairman Sen. Richard Burr (R-N.C.) told reporters after the vote that CISA would allow for private-to-private, private-to-government, and government-to-private information sharing, “in a voluntary capacity.”
“This current bill is critically important both for our agencies that keep the country safe, and the institutions that hold millions of Americans’ personal information,” Burr continued.
However, as ACLU media strategist Rachel Nusbaum noted on Thursday, making information-sharing “voluntary” during criminal proceedings means that the government would be able to obtain private data without a warrant.
That includes any instance in which the government uses the Espionage Act to go after whistleblowers, who, according to Nusbaum, “already face, perhaps, the most hostile environment in U.S. history.” The new measure, she continued, “fails to limit what the government can do with the vast amount of data to be shared with it” by the these companies.” Nusbaum called the measure “one of those privacy-shredding bills in cybersecurity clothing.”
“This bill is arguably much worse than CISPA [Cyber Intelligence Sharing and Protection Act] and, despite its name, shouldn’t be seen as anything other than a surveillance bill—think Patriot Act 2.0,” Nusbaum said.
Thursday’s meeting was closed to the public, but Wyden emerged after the vote and warned the bill “lacks adequate protections for the privacy rights of American consumers, and that it will have a limited impact on U.S. cybersecurity.”
SCROLL TO CONTINUE WITH CONTENT