The Department of Homeland Security is cautioning against the passage of the Cybersecurity Information Sharing Act (CISA), a controversial internet surveillance bill being considered by the Senate this week.
CISA would allow user information concerning potential cyber threats to be shared freely between private companies and the federal government. The bill defines "cyber threats" broadly and is being opposed by dozens of civil liberty groups, including the ACLU, Electronic Frontier Foundation, and Center for Democracy and Technology, who say it could erode privacy.
Minnesota senator Al Franken asked the DHS to weigh in on the bill in early July. DHS Deputy Secretary Alejandro Mayorkas replied with a letter on Monday outlining the organization's concerns, saying the bill as written would "sweep away important privacy protections."
Why is the DHS suddenly so vocally pro-privacy? For one, it doesn't want cyber threat information shared with other agencies. It said in the letter the bill's authorization of sharing cyberthreat data would "undermine the policy goals that were thoughtfully constructed to maximize privacy and accuracy of information."
"This will limit the ability of DHS to connect the dots and proactively recognize emerging risks and help private and public organizations implement effective mitigations to reduce the likelihood of damaging incidents," Mayorkas wrote.
The Senate will be debating the bill this week and may vote on it as early as Thursday, according to the Guardian. In response to the letter, Franken said it is clear the Senate is not ready for a vote.
"I think all Americans have a fundamental right to privacy—and it's especially important in light of advancing technologies that continually threaten to outpace our laws," Franken said in a statement. "The Department of Homeland Security's letter makes it overwhelmingly clear that, if the Senate moves forward with this cybersecurity information-sharing bill, we are at risk of sweeping away important privacy protections and civil liberties, and we would actually increase the difficulty and complexity of information sharing, undermining our nation's cybersecurity objectives."