We're halfway through our Week of Action opposing the privacy-invasive "cybersecurity" bill CISA. This is the fifth time in as many years that Congress is trying to pass an information-sharing bill. The Week of Action aims to stop a rumored vote on the bill before Congress leaves for a 5-week vacation on August 7. We're only three days in and over 400,000 faxes have been sent to the Senate opposing CISA. Join us now in the Week of Action.
Today we'll be hosting a Reddit AMA starting at 10am ET/7am PT diving deeper into why this zombie bill must be stopped.
CISA Must be Stopped
CISA is a "cybersecurity" bill aimed at granting companies immunity for sharing information about "cybersecurity threats"—which could include personal information—with the government. Unfortunately, the bill's broad immunity clauses, vague definitions, and aggressive spying powers combine to make the bill a surveillance bill in disguise. The provisions are ripe for abuse and allow for companies to share completely unrelated personal information directly with intelligence agencies like the NSA.
What's worse is that CISA isn’t likely to improve users' computer security. The bill's sponsors—Senators Richard Burr and Dianne Feinstein— are painting the bill as a way to stop corporate and government data breaches. But many of the breaches they point to are due to unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) who clicked malware links. Information sharing won't cure these failings.
The bill also includes a countermeasures provision that creates additional dangers for everyday users. The provision authorizes companies to launch "defensive measures" protecting any "information system" (defined as either hardware or software) from any perceived threat, including threats from "anomalous patterns of communications." The standard grants wide latitude for potentially egregious attacks against unwitting users who don’t know their machines are part of a botnet. While the bill prohibits measures that cause “substantial harm,” we don’t know what “substantial” means—leaving open the possibility that companies will launch countermeasures causing significant (but not “substantial”) harm.
All of the information being shared and collected is kept away from public scrutiny because the bill contains exemptions to the Freedom of Information Act (FOIA). Combined with the broad legal immunity, the FOIA exemptions ensure the public is kept in the dark about what companies are sharing and how the law is operating.
The Week of Action
That's why we're asking you to join us in our Week of Action to stop CISA. Here’s how to help:
- Visit the Stop Cyber Spying coalition website where you can email and fax your Senators and tell them to vote no on CISA.
- Use a new tool developed by Fight for the Future to fax your lawmakers from the Internet. We want to make sure they get the message.
- Check out our AMA on Reddit on Wednesday July 29 at 10am ET/7am PT with EFF, Access, Fight for the Future, and the ACLU and let your friends know about it.
- Help us spread the word. After you’ve taken action, tweet out why CISA must be stopped with the hashtag #StopCISA. Use the hashtag #FaxBigBrother if you want to automatically send a fax to your Senator opposing CISA. If you have a blog, join us by publishing a blog post this week about why you oppose CISA, and help us spread the word about the action tools at https://stopcyberspying.com/. For detailed analysis you can check out this blog post and this chart.