The Senate Intelligence Committee is discussing a cybersecurity bill Thursday that could have far-reaching privacy implications. But you won't be able to hear what, exactly, they're discussing. The bill's markup session, which is an important step on the road to passage, is closed.Like last year, the Cybersecurity Information Sharing Act, which would allow private companies and the federal government to pass information about potential hackers or cyber threats back and forth, is being considered by the Senate. And, like last year, the spiritual successor to CISPA—a privacy-killing bill that has gotten the masses of the internet riled a couple times—has major problems.
Earlier this month, dozens of civil liberties groups such as the ACLU, Center for Democracy and Technology, Electronic Frontier Foundation, and a group of security researchers sent a letter to the sponsors of the bill, Dianne Feinstein (D-California) and Richard Burr (R-North Carolina), telling them that the piece of legislation could be disastrous for privacy.
The bill's information sharing provisions would allow the NSA to receive information from private companies about individuals deemed to be "cyber threats," a distinction you could get if your account happens to send something as innocuous as a spam email.The bill also gives what are known as liability protections to companies that pass information about you to the federal government. That means that even if companies mistakenly provide your information to the government or give them too much information, you can't sue them for it.New to CISA this year is a provision that allows companies to "hack back" people or entities that have hacked them, which could have far-reaching ramifications. In effect, it could potentially allow companies to start cyberwars—or skirmishes, or whatever you want to call them—with hackers."CISA permits companies to recklessly deploy countermeasures that damage networks belonging to innocent bystanders, such as a hospital or emergency responders that attackers use as proxies to hide behind, so long as the deploying company does not intend that the countermeasure result in harm," the groups wrote in the letter.
CISA could potentially allow companies to start cyberwars
Finally, the bill allows your information to be passed to local law enforcement, which the letter suggests could be used to perform backdoor wiretaps on individuals without a warrant.We've been through this before, many times. The bill is not fundamentally different than CISPA, and, though Access, a digital rights group, called it "worse than ever," it's the same fundamental privacy discussion that has been had with CISPA and last year with the same bill (which ultimately didn't pass).What's different now, however, is that Sony got hacked, and everyone freaked out. Barack Obama now supports the passage of a cybersecurity bill, and it generally seems to have more steam.But, like last year, the Senate doesn't want you to know what the hell is going on. A press release issued by Burr and Feinstein notes that the bill "includes numerous privacy protections," but, during tomorrow's session, which could be the last before the bill is ultimately voted on, you won't get to hear which Senators feel those privacy protections should be strengthened and which ones are flippant about the whole thing."As in the 113th Congress, this markup will be closed," the release said. "The bill language will be available after amendments are incorporated post mark up."Generally speaking, unless classified information is being discussed, there's no reason to close a markup session unless, well, the Senators don't want the public to see what they're doing.