Just a few months ago, the United States enacted the most sweeping surveillance reform in a generation. The ink is barely dry on the USA FREEDOM Act, but now the U.S. Senate is trying to pass new legislation to sweep up vast amounts of data.
That’s why Access and more than a dozen other groups are asking you to join us in a Week of Action to Stop CISA. The Senate will likely vote on the Cybersecurity Information Sharing Act (CISA) as soon as this week, and only you can stop it.
CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers. It’s a surveillance bill in disguise.
Cyber surveillance (with the help of the NSA)
Not only would CISA grant companies authority to obtain “cyber threat indicators” and to disclose irrelevant personal data to the government without a warrant, it also would require the real-time sharing of that information to military and intelligence agencies, including the NSA. In other words, information shared with any agency would be automatically shared with the NSA — likely including personally identifiable information.
To make matters worse, CISA would grant the government too much discretion in how to use that information for non-cybersecurity purposes like domestic law enforcement. It also contains an unprecedented exemption from the Freedom of Information Act, which will keep the public in the dark about what information is being collected, shared, or used.
New and invasive tools for companies
CISA would authorize companies to launch “countermeasures” against perceived attackers. While it would prohibit measures that cause “substantial harm,” it doesn’t define what is “substantial.” That means that countermeasures (or “hack backs”) could cause significant harm with unforeseen effects. As a letter sent in March by more than 25 groups opposing CISA pointed out, “CISA permits companies to recklessly deploy countermeasures that damage networks belonging to innocent bystanders.”
Near-blanket immunity
Finally, CISA would give incredibly broad immunity to companies that engage in any of the activities authorized by the bill. This is especially concerning because of the bill’s lack of protection for private information and the ability to launch countermeasures. Any company that does significant (but not “substantial”) harm to innocent people or computers will not be liable in court.
Week of Action
Access and our allies have been hard at work fighting Congress’ cyber surveillance bills. But the most important voices are yours. That’s why we’re launching a week of action to make sure Congress is getting the message loud and clear: CISA must not pass. Here’s what you can do to help:
1. Visit the Stop Cyber Spying coalition website where you can fax your senators and tell them to vote no on CISA.
2. Help us spread the word. After you’ve taken action, tweet about why CISA must be stopped. And if you have a blog, join us by publishing a blog post this week about why you oppose CISA, and help us spread the word about the action tools at https://stopcyberspying.com/. For detailed analysis you can check out this blog post and this chart.
3. Check out our AMA on Reddit on Wednesday July 29 at 10am ET/7am PT. Access, EFF, Fight for the Future, and the ACLU will all be discussing the problems with CISA. Be sure to let your friends know about it.
With your help, we’ll make sure Congress gets the message: now more than ever, we don’t need more cyber surveillance. We need better security. Together we will #StopCisa.