CISA was just approved by a Senate panel, meaning it will likely be voted on by the full chamber.
CISPA's successor, which civil liberties groups say is still awful for privacy and could threaten net neutrality, is moving forward despite those concerns—the Senate Intelligence Committee passed it yesterday, meaning it'll likely be voted on by the full chamber.
We've given you the rundown on the Cybersecurity Information Sharing Act of 2014 a couple times before, but Sen. Dianne Feinstein's bill was approved by a 12-3 vote yesterday. The bill has been changed since its original form—Feinstein says the amendments should assuage the concerns of privacy advocates that say the bill could funnel information about consumers directly to law enforcement, regardless of their involvement in any hacking schemes.
Those privacy advocates disagree.
"The committee's description of the amendments that were adopted suggests that the big ticket items remain unaddressed," Greg Nojeim, a lawyer with the Center for Democracy and Technology, told me. "Users' communications information will continue to flow to the NSA under a cybersecurity umbrella even when it is irrelevant to a cyber threat. This is unacceptable."
Nojeim's organization is one of more than 20 civil liberties groups to strongly oppose the bill.
Feinstein and the bill's cosponsor, Saxby Chambliss, brushed aside privacy concerns following the markup, which was closed to reporters and the public, as most important legislative sessions seem to be these days.
"It's not perfect for anybody," Chambliss told reporters after the markup. "But if we take no action, then cyberattacks are going to continue to occur, and there is the potential for the American economy to be severely disrupted."
Feinstein was even more brash: "I don't know what information you would be concerned about that NSA would have in an information-sharing bill," she said.
Well, the way the bill is written—and we haven't seen the final language, because the session was closed—a "cyber threat" can be defined as loosely as a spam email or a high-bandwidth activity. And anyone who poses a "cyber threat" is subject to having their information funneled to the NSA or to local law enforcement.
That's led Nojeim, the Electronic Frontier Foundation, and the American Civil Liberties Union to say that the bill not only threatens privacy but also threatens net neutrality. They said there are loopholes that the government can and will exploit, a view that was seconded by Sens. Ron Wyden and Mark Udall, two of the lawmakers who voted against the bill.
"We agree there is a need for information-sharing between the federal government and private companies about cybersecurity threats and how to defend against them," the two said in a statement. "However, we have seen how the federal government has exploited loopholes to collect Americans' private information in the name of security."
"We are concerned that the bill the U.S. Senate Select Committee on Intelligence reported today lacks adequate protections for the privacy rights of law-abiding Americans, and that it will not materially improve cybersecurity," they added. The bill will march on, anyway.