Activists opposed to a Senate bill legalizing cyber threat data sharing between private companies like Microsoft and Facebook and the government inundated the upper chamber with more than six million faxes as of Thursday, urging lawmakers to drop the bill one group described as a “surveillance bill masquerading as a cybersecurity bill.”
“The Internet is clearly pissed off that Congress is trying to pass off a blatant surveillance bill as ‘cybersecurity,’” Tiffiniy Cheng, co-founder and co-director of Fight for the Future, said in a Thursday blog post.
Fight for the Future is one of the digital privacy advocates behind the “Operation: #FaxBigBrother” campaign launched earlier this week to oppose the Cybersecurity Information Sharing Act (CISA) — a Senate bill drafted to legally allow companies to share data about cyberattacks and hacker intrusions launched against them with federal intelligence, law enforcement and defense agencies.
The Electronic Frontier Foundation, Access and others joined with Fight for the Future to lobby against the bill in Congress, which the groups said was “stuck in 1984″ — hence the fax machines as the chosen format for protest.
According to Senate Intelligence Committee Chairman Richard Burr and Ranking Democratic Sen. Dianne Feinstein — the bill’s chief sponsors — CISA will help the government and Silicon Valley work together to prevent the type of cyberattacks that have recently plagued government agencies including the Office of Personnel Management, health insurance companies like Anthem, private corporations such as Sony and Target and bank giant JPMorgan.
“It responds to the massive and growing threat to national and economic security from cyber intrusion and attack, and seeks to improve the security of public and private computer networks by increasing awareness of threats and defenses,” Feinstein previously said of the bill.
“Up until now, one of the main problems in dealing with cyber threats and specifically with cyber crime, has been the inability of companies… Frankly either were unwilling or unable to share cyber threat information because of concerns of liability, concerns of violating people’s privacy, and violating federal privacy laws, or losing their own sensitive propriety business information,” House Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee Chairman John Ratcliffe said earlier this summer about a similar House bill that received a 355-63 supermajority vote.
Government agencies are also on board, and say the need to pass such legislation has never been greater.
“The threat is increasing substantially,” acting assistant director of the FBI’s Cyber Division James Trainor said at a Microsoft event in May. “We would get a major data breach every two to three weeks that we would work — and now, it’s closer to every two to three days.”
Fight for the Future and others claim CISA is nothing more than a veiled attempt at feeding agencies like the National Security Agency more private data on Americans.
“CISA is an out and out surveillance bill masquerading as a cybersecurity bill,” Fight for the Future members Evan Greer and Donny Shaw wrote in an op-ed for The Hill Wednesday. “It won’t stop hackers. Instead, it essentially legalizes all forms of government and corporate spying.”
Under the new law companies would be granted new authority to monitor their users for “cyber threat indicators,” and encouraged to share any such indicators, including IP addresses, emails and user account information like passwords.
The government will then use those indicators to surveil suspicious targets. In the case of the NSA, that means an expanded pool of “selection terms” the agency uses during upstream surveillance — when it intercepts international and domestic data as it transmits across the undersea cables and switches that make up the global Internet’s infrastructure.
“The information they gather, including all the hacked data and any incidental information that happens to get swept up in the process, would be added to massive databases on people in the U.S. and all over the world that the FBI, CIA, and NSA are free to query at their leisure,” Greer and Shaw wrote. “This is how CISA would create a huge expansion of the ‘backdoor’ search capabilities that the government uses to skirt the Fourth Amendment and spy on Internet users without warrants and with virtually no oversight.”
It looks like activists will claim victory for the time being, thanks to drawn out debates in the Senate this week over a highway funding bill and Planned Parenthood. Senate Majority Whip John Cornyn and Majority Leader Mitch McConnell, both of whom were pushing for a vote on CISA this week, indicate the upper chamber won’t get to the bill until after Congress’ August recess.
“If we are able to derail this bill it’s a big win for our right to privacy,” Nathan White, senior legislative manager at Access, said in Thursday’s blog post. “Senate leadership made it clear that they intended to pass the bill before recess. The failure to do so, in the face of public opposition during the week of action, would be a clear failure for CISA.”