The Senate and House intelligence committees are working towards selling out Americans’ privacy this weekend for the illusion of cybersecurity. Specifically, the Senate’s Cybersecurity Information Sharing Act (CISA) and its two House counterparts (the NCPAA and PCNA) are merging — but indications are that they may be doing so by adopting the worst provisions from each of the three bills. Worst of all, the majority of the input appears to be coming more from the intelligence committees, and not from the people who would actually have oversight of the information sharing regime in the Homeland Security Committees.
Of specific concern is that the author of the least offensive of these three bills, Homeland Security Committee Chairman Michael McCaul, is not going to be allowed full input into the final product of this last-second, closed-door deal. His bill, the National Cybersecurity Protection Advancement Act (NCPAA) gave more consideration to concerns over possible oversharing and abuse of sensitive personal information that could be left attached to cyber threat data shared by private companies.
None of these bills are ideal, and according to many experts none of them are likely to even significantly increase cybersecurity, especially within our porous federal government. But the two bills from the Senate and House intelligence committees are so lax in their protections of consumers’ data that they seem almost designed to be abused. The tactics of those committees and, should leadership go along with this plan, Majority Leader McConnell and Speaker Ryan, highlight the underhanded tactics that are, according to the word on the Hill, about to produce the worst possible option.
As we noted before the Senate’s Cybersecurity Information Sharing Act (CISA) passed (and this statement could apply to the House’s Protecting Cyber Networks Act as well): "CISA opponents are worried that the bill is littered with vague language that will give authority to federal agencies to gather private data on innocent Americans. Even though lawmakers say that a dozen amendments were added to the text to protect private data from government abuse, Greg Nojeim at the Center for Democracy and Technology says, ‘The law enforcement use permissions are still broad enough to make the bill as much about surveillance as it is about cybersecurity.’"
The intelligence committees should, at the very least, take their lead on protecting personal data from Representative McCaul and his committee’s cybersecurity bill. And if Congressional leadership goes along with a bill that turns a cybersecurity proposal into a surveillance platform, they will once again be sacrificing your privacy for the mere illusion of (cyber)security.