There's a new cybersecurity bill making its way through Congress, sponsored and written by Diane Feinstein (D-CA), and critics are already calling it a new backdoor for surveillance by the National Security Agency. The Cybersecurity Intelligence Sharing Act of 2014 (CISA) was approved by the Senate Intelligence Committee yesterday, putting it on track for a Senate vote this summer. But like its controversial predecessors, the bill is coming under fire as a step backwards in the fight for surveillance reform.
"Turning the cybersecurity program... into a backdoor wiretap."
The bill's primary effect would be a new requirement for sharing information on "cyber threat indicators," a vague term that could refer to anything from an ongoing hack to a vulnerability in commercial software. Once a company makes a report to the government with information about a threat indicator, CISA would require broad sharing across federal agencies, including with the NSA, which would be given a more central role in threat management under the new scheme. Companies would also be encouraged to monitor their networks to gather more information about the threat.
Advocacy groups have seized on the reporting requirements as a troubling expansion of NSA access to private networks. The Center for Democracy in Technology says the provision "risks turning the cybersecurity program it creates into a back door wiretap." CDT also notes the bill lacks many crucial privacy protections that were included in previous cybersecurity acts. The Electronic Frontier Foundation calls the bill "fatally flawed," and raised concerns that it would create a new pipeline of data from independent companies to the NSA.
But while advocacy groups are concerned about the bill's NSA implications, CISA's authors have cast the bill as a necessary step in fighting crime online. "Cyber attacks present the greatest threat to our national and economic security today, and the magnitude of the threat is growing," Senator Feinstein said in a statement. "Every week we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks. This bill is an important step toward curbing these dangerous cyber attacks." Financial services trade groups have already applauded the bill, calling it "a good step forward" in protecting financial infrastructure against increasingly powerful online attacks.
The bill's ultimate fate is still unclear, but it may face an uphill battle once it reaches Congress. Senators Udall (D-CO) and Wyden (D-OR) opposed the bill in committee, and several previous cybersecurity bills have stalled after reaching the Senate.