Washington, April 24, 2015 – On April 22nd, the Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act were both passed by the U.S. House of Representatives. Both bills will be combined and now head to the Senate for approval.
Described as “cybersecurity information sharing” bills that would make it easier for the government to defend against cyber attacks and allow companies to more easily share intelligence with government agencies, critics say the bills are more accurately described as “surveillance” bills. The American Civil Liberties Union says the Protecting Cyber Networks Act (H.R. 1560) and the National Cybersecurity Protection Advancement Act (H.R. 1731, the “Homeland Bill”) will both work to further erode privacy and expand the ability of the government to monitor communications.
“The bills further facilitate companies’ sharing even more of our personal information with the NSA and some even allow companies to ‘hack back’ against potentially innocent users.” – Electronic Frontier Foundation
Specifically, the bills would create a new cybersecurity spy agency, and remove existing privacy protections. By adding the phrase “notwithstanding any law,” companies will be able to share information among themselves, and with the government. The information does not have to be directly related to an ongoing cybersecurity investigation. The language in the bill will also protect the companies who share information from being sued.
The bills do include provisions which require a company to review and redact any information that is personal or not related to a cyber threat. However, the ACLU says companies can still include information that it believes is plausibly “directly” related to the threat, and can do so with impunity.
Once the information is shared with the government it can easily, and legally, be shared with an abundance of intelligence agencies. The information will automatically be shared with the military, including the NSA and the Office of the Director of National Intelligence. From there the information can be shared with federal, state, and local law enforcement. Once again the information can be used for reasons that go beyond alleged cybercrimes.
The ACLU stands with the Open Technology Institute, the Center for Democracy and Technology, and the Electronic Frontier Foundation in opposition to these bills. The organizations joined 55 rights groups in an open letter voicing strong opposition to the bills.
“What we shouldn’t be doing, however, is passing a bill that gives even more personal information on innocent individuals to the NSA and allowing that information to be mined for purposes unrelated to protecting against hackers.” – American Civil Liberties Union
The Center for Democracy and Technology says they acknowledge realistic threats posed by hackers but warned, “The cybersecurity information sharing bills… go well beyond authorizing necessary conduct and in fact, authorize dangerous conduct harmful to both security and privacy. We urge members to oppose both bills.”
What are your thoughts? Is there any way to protect Americans’ privacy?