14 DAY TRIAL // The US president is being asked by a coalition of companies and privacy groups to speak against a controversial cybersecurity bill that’s been making its way through the approval system.
The Cybersecurity Information Act (CISA) has passed in a closed session of the Senate Intelligence Committee last week and it is expected to be presented before the full Senate sometime this year.
The purpose of the bill is to push companies to share data about cyber threats with each other, as well as with the federal government. The coalition of companies and privacy groups, however, points out that the bill fails to “offer a comprehensive solution to cybersecurity threats.”
Furthermore, they claim that the bill also contains inadequate protection for privacy and civil liberties, which is why they’re asking president Obama to promise to veto CISA.
“We also request that you issue a similar veto threat for any future legislation that takes a similar approach on information sharing. A robust approach to cybersecurity is necessary to protect the security of the internet and those who use it,” reads the letter addressed to the United States President.
The document is signed by a wide range of companies and organizations, including the American Civil Liberties Union, DuckDuckGo, Electronic Frontier Foundation, Fight for the Future, Freedom of the Press Foundation, Reddit, Silent Circle, Tech Freedom, and more.
They all agree that if CISA becomes law, the federal government could use the information in a broad range of investigations and prosecutions, including those under the Espionage Act, which raises questions about the protection of whistleblowers and journalists.
“The bill also offers broad immunity protections for corporations, disincentivizing companies from protecting the privacy of users and limiting access to remedy for those whose rights are impacted. Additionally, CISA fails to incorporate any significant lessons learned regarding the critical role of transparency in oversight, providing a broad new categorical exemption from disclosure under the Freedom of Information Act, the first since the Act’s passage in 1966,” the letter reads.
The document goes on to point out that cybersecurity legislation that focuses solely on information sharing is inadequate for modern Internet. Instead, an emphasis on proper communications security could come in handy to protect attacks, rather than reacting to problems as they arise.
The group believes that the bill should create incentives and processes to improve digital security, to empower a civilian federal agency to perform the government’s information assurance functions, to ensure that all administrative agencies that collect or handle personal information have on staff, a Chief Information Officer, Chief Privacy Officer, and a Chief Technology Officer with clearly published contact information.
It should also provide resources to educate users, companies and all actors on the dangers of cybersecurity issues, as well as about best practices to avoid and mitigate the threats. Stronger transparency is also on the list.