When asked why he robbed banks, Willie Sutton famously said, “because that’s where the money is.”
In the digital era, data equals dollars, and it is stockpiled by the world’s largest organizations. In past years, massive data breaches at companies like Anthem, Home Depot, Target, Sony, Staples, and TJ Maxx have resulted in unauthorized access of the data from millions of people.
Not only do major corporations store our private data, many do little to protect it. Information security takes time and money. Companies can choose to implement strong encryption, pro-active vulnerability discovery, staff security training, and any number of other security measures. Unfortunately, rather than properly defending their networks and incorporating strong infosecurity protections, some are looking for a quick fix courtesy of the U.S. government.
In exchange for incredibly broad liability protections (read: immunity) for dangerous disregard of their users’ privacy, many corporations are willing to turn over that same private information to the U.S. government. They call it information sharing, and this week the U.S. Senate is rumored to consider legislation called the “Cybersecurity Information Sharing Act,” or CISA.
This bill is dangerous to digital security because it disincentivizes the important work of enhancing digital security of private information held by public companies. It is vaguely worded, and gives corporations broad liability protections to further undermine consumers’ privacy.
Even worse, CISA requires the government to immediately deliver user information to military and intelligence agencies, including the U.S. National Security Agency (NSA). That means massive repositories of personal information can be turned over to spying agencies and law enforcement. To make matters worse, those agencies have broad discretion over how they are able to use that information for non-cybersecurity purposes — all without a warrant. CISA also contains exemptions from the Freedom of Information Act, which will keep the public in the dark about what information is being collected and shared and what the government does with it.
There are powerful interests supporting CISA. Dozens of industry groups are lobbying for it, the intelligence community wants the data, and senators feel pressure to do something about all those data breaches.
The only way we can stop this dangerous cyber surveillance bill from passing the Senate is if we get loud now. That is why we are asking you to join us in a week of action against CISA.
We are asking you to go www.stopcyberspying.com to send a message to the Senate. They keep trying to break the internet, so we’re trying something they might understand: faxes. We’re going to send the Senate thousands of faxes explaining exactly why CISA is dangerous for cyber security, and dangerous for privacy rights.