A New Cybersecurity Bill Could Give the NSA Even More Data

Privacy groups are rallying opposition to the Senate legislation.

A computer workstation bears the National Security Agency (NSA) logo inside the Threat Operations Center inside the Washington suburb of Fort Meade, Maryland, intelligence gathering operation 25 January 2006 after US President George W. Bush delivered a speech behind closed doors and met with employees in advance of Senate hearings on the much-criticized domestic surveillance. 
National Journal
Brendan Sasso
Add to Briefcase
See more stories about...
Brendan Sasso
June 27, 2014, 8:52 a.m.

Pri­vacy groups are sound­ing the alarm that a new Sen­ate cy­ber­se­cur­ity bill could give the Na­tion­al Se­cur­ity Agency ac­cess to even more per­son­al in­form­a­tion of Amer­ic­ans.

The Cy­ber­se­cur­ity In­form­a­tion Shar­ing Act would cre­ate a “gap­ing loop­hole in ex­ist­ing pri­vacy law,” the Amer­ic­an Civil Liber­ties Uni­on, the Cen­ter for Demo­cracy and Tech­no­logy, the Elec­tron­ic Fron­ti­er Found­a­tion, and dozens of oth­er pri­vacy groups wrote in a let­ter to sen­at­ors late Thursday.

“In­stead of rein­ing in NSA sur­veil­lance, the bill would fa­cil­it­ate a vast flow of private com­mu­nic­a­tions data to the NSA,” many of the same pri­vacy groups warned in a second let­ter to law­makers.

The goal of the bill, au­thored by Sen­ate In­tel­li­gence Com­mit­tee Chair­wo­man Di­anne Fein­stein and rank­ing mem­ber Saxby Cham­b­liss, is to al­low the gov­ern­ment and private sec­tor to share more in­form­a­tion about at­tacks on com­puter net­works.

Busi­ness groups have been com­plain­ing for sev­er­al years that they could bet­ter pro­tect their sys­tems from hack­ers if Con­gress re­moved leg­al bar­ri­ers to in­form­a­tion-shar­ing. The com­pan­ies want to make it easi­er to share in­form­a­tion about at­tacks with each oth­er and the gov­ern­ment.

The Sen­ate bill in­cludes pro­vi­sions aimed at pro­tect­ing pri­vacy, such as re­quir­ing that com­pan­ies that share in­form­a­tion first strip out per­son­ally iden­ti­fi­able data (such as names, ad­dresses, and So­cial Se­cur­ity num­bers) of known Amer­ic­ans.

But the pri­vacy groups are still wor­ried that the le­gis­la­tion could en­cour­age a com­pany such as Google to turn over vast batches of emails or oth­er private data to the gov­ern­ment. The in­form­a­tion would first go to the Home­land Se­cur­ity De­part­ment, but could then be shared with the NSA or oth­er in­tel­li­gence agen­cies.

“This new flow of private com­mu­nic­a­tions in­form­a­tion to NSA is deeply troub­ling giv­en the past year’s rev­el­a­tions of over­broad NSA sur­veil­lance,” the groups wrote in one of the let­ters.

They ar­gued that the bill al­lows for broad use of the cy­ber­data once it’s in the hands of the gov­ern­ment. With the com­pany’s per­mis­sion, the in­form­a­tion could be used as evid­ence by state and loc­al po­lice in routine crim­in­al in­vest­ig­a­tions and pro­sec­u­tions. The fed­er­al gov­ern­ment could use the in­form­a­tion for in­vest­ig­a­tions un­der the Es­pi­on­age Act, lead­ing the pri­vacy groups to worry that the bill could be used to tar­get whistle-blowers.

In a state­ment, Fein­stein said her bill in­cludes “nu­mer­ous pri­vacy pro­tec­tions to en­sure in­di­vidu­als and com­pan­ies do not in­ap­pro­pri­ately share per­son­ally identi­fy­ing in­form­a­tion and to pro­tect against the gov­ern­ment’s use of vol­un­tar­ily shared cy­ber­se­cur­ity in­form­a­tion out­side of nar­row cy­ber-re­lated pur­poses.”

She said her com­mit­tee met with pri­vacy ad­voc­ates and made changes to the bill to ad­dress their con­cerns.

“I be­lieve the bill strikes a bal­ance between the need to share in­form­a­tion to im­prove cy­ber­se­cur­ity and the need to safe­guard the in­form­a­tion be­ing shared,” she said.

The Sen­ate’s bill is a coun­ter­part to the Cy­ber In­tel­li­gence Shar­ing and Pro­tec­tion Act, which passed the House last year.

That le­gis­la­tion promp­ted a ma­jor back­lash from In­ter­net act­iv­ists, who fear it would un­der­mine In­ter­net pri­vacy. More than 100,000 people signed a White House pe­ti­tion op­pos­ing the bill, and “CISPA” be­came a dirty word on many blogs, dis­cus­sion for­ums, and news sites.

It re­mains to be seen wheth­er the pri­vacy groups will be able to mount a sim­il­ar cam­paign against the Sen­ate’s “CISA.”

The Sen­ate In­tel­li­gence Com­mit­tee had planned to mark up the bill Thursday but post­poned the ses­sion un­til after the Ju­ly Fourth re­cess.

What We're Following See More »
UNTIL AFTER RECESS
Health Care Vote Delayed
13 hours ago
WHY WE CARE
SO SAYS CORNYN
Senate Procedural Vote Now Coming on Wednesday
14 hours ago
THE LATEST
MCCONNELL’S BACK AGAINST THE WALL
Heller, Paul Won’t Vote on Motion to Proceed
1 days ago
THE LATEST
LESS THAN HOUSE BILL
CBO Says 22 Million More Would Be UNinsured
1 days ago
THE DETAILS

The Senate bill "would increase the number of people without health insurance by 22 million by 2026, a figure that is only slightly lower than the 23 million more uninsured that the House version would create. Next year, 15 million more people would be uninsured compared with current law...The legislation would decrease federal deficits by a total of $321 billion over a decade."

Source:
BEFORE JULY 4 RECESS
Cornyn Says Health Vote Needed This Week
1 days ago
THE LATEST
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login