- Beyoncé’s ‘Lemonade’ is finally coming to Spotify, Apple Music Wednesday 8:48 PM
- Ubisoft is offering Assassin’s Creed Unity for free to support Notre Dame Wednesday 8:25 PM
- Are teens really eating foods with the ‘shells on’ for a new viral challenge? Wednesday 6:39 PM
- The new Samsung Galaxy Fold already seems to be falling apart Wednesday 4:17 PM
- Think the ‘Game of Thrones’ spirals are all connected? Think again Wednesday 3:13 PM
- Rudy Giuliani retweets prominent QAnon supporter Wednesday 2:03 PM
- India bans TikTok over concerns of child endangerment Wednesday 2:00 PM
- JJ Abrams says there’s more to Rey’s origin story Wednesday 1:16 PM
- Lisa Ann says Equinox trainer looked up her number and sent her a creepy text Wednesday 1:01 PM
- 8 essentials every grad needs to succeed as an adult Wednesday 1:00 PM
- Makeup artist shows you how to become Kylie Jenner’s baby Wednesday 12:54 PM
- People are more concerned with this woman’s age than her being a school shooting threat Wednesday 12:14 PM
- Why are conservatives so obsessed with cargo shorts? Wednesday 11:46 AM
- How to transfer your Nintendo Switch save data Wednesday 11:45 AM
- Trans military ban causes student to lose ROTC scholarship Wednesday 11:04 AM
Security experts pressure Obama to veto CISA, a cybersecurity bill
‘We urge you to again defend privacy and civil liberties.’
Pressure is mounting against a cybersecurity bill that critics say endangers Americans’ privacy while still failing to protect against cyberattacks.
Security researchers this week joined privacy advocates in calling on President Obama to veto the Cybersecurity Information Sharing Act (CISA), which would let private companies share cyberthreat information with the United States government.
With the Senate set to take up CISA as early as Thursday morning, 68 technology professors, systems engineers, and IT consultants have written to Obama urging him not to sign it if it reaches his desk.
“We strongly oppose CISA and we urge you to again defend privacy and civil liberties.”
“CISA fails to address many of the concerns raised about preceding information sharing bills that the administration opposed, and it threatens to undermine privacy and civil liberties and increase cybersurveillance,” the letter says. “We strongly oppose CISA and we urge you to again defend privacy and civil liberties by voicing your opposition and your intention to veto it.”
A broad spectrum of civil-liberties groups, including the American Civil Liberties Union, the Electronic Frontier Foundation, the Government Accountability Project, and Human Rights Watch, also signed the letter. On Monday, several of those groups launched a campaign to inundate lawmakers with anti-CISA faxes.
A White House spokesman declined to comment on the legislation as it was still pending in Congress.
CISA is supposed to help the government and private companies better respond to cyberattacks by making it easier for them to share information about cyberthreats and learn from their mistakes. But the bill’s vague language has privacy groups worried that it could do more harm than good.
The letter from the experts and privacy advocates reminded Obama of his previous veto threats against the Cyber Intelligence Sharing and Protection Act (CISPA), CISA’s failed predecessor. Obama threatened to veto CISPA because of, among other things, inadequate protections for users’ personal information that could be swept up in the data-sharing process. CISA, the letter said, suffered from the same privacy flaws.
“CISA permits companies to leave personal and identifying information in [threat data] it shares with the government unless the company affirmatively knows that the information is not directly related to a threat—a condition that would rarely be met,” the letter said.
The coalition of experts and advocates also took issue with the bill’s language concerning how shared information could be used.
CISA does not specify what kinds of government investigations can use threat data from private businesses. In addition, tech companies are allowed to share data even when they do not believe it relates to a cybersecurity threat. Thus, the letter warned, companies could share data with the government to help it investigate crimes unrelated to the spirit of CISA—crimes that would normally merit stronger data-access protections.
The letter concluded by listing a bevy of other concerns with CISA’s vague language, including its provision letting businesses deploy unspecified and potentially dangerous “countermeasures” in response to cyberattacks.
The tech industry is not unanimously opposed to CISA. The Information Technology Industry Council, a major tech trade group, announced last week that it was urging senators to vote for the bill and said that it would “score” each of their votes in its congressional scorecard.
Photo via The White House/Flickr (PD) | Remix by Jason Reed
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.