Patriot Act Reform Curbed NSA; Cybersecurity Bill Would Empower It

Only a week after Congress passed reforms to the Patriot Act ending the National Security Agency’s metadata phone collection program, Senate Majority Leader Mitch McConnell, with the help of big business allies, is moving to expand domestic surveillance of a different type.

On Tuesday, McConnell and Sen. Richard Burr, R-N.C., announced plans to attach the Cybersecurity Information Sharing Act to the National Defense Authorization Act. (Update: On Tuesday afternoon, McConnell failed to get the 60 votes necessary to proceed with that particular way of passing the act.)

Though touted as a measure strictly to enhance cybersecurity through information sharing, privacy advocates say CISA is actually about cyber surveillance. The bill provides liability protection for businesses that voluntarily share “cyber-threat” data with the government. Big business has lobbied for CISA because companies see it as a way to shift some anti-hacking defenses onto the government, which would save them money.

But critics say CISA would not have prevented the high-profile hacks its supporters cite as evidence of the need for action. And Burr’s version of the bill creates a back-door channel for the government, including the NSA, to vacuum up huge new tracts of consumer data.

“Last week, the Senate made history when it passed the USA Freedom Act, taking a major step forward for Americans’ privacy,” said Robyn Greene, Open Technology Institute’s policy counsel in a statement. “Passing CISA would be like taking two steps back. CISA is essentially a cyber-surveillance bill that would empower the NSA and FBI by giving them access to vast new troves of Americans’ information, and let them use that information for investigations that have nothing at all to do with cybersecurity.”

As we noted earlier this year, CISA’s vague definition of a cybersecurity threat that triggers information sharing with the government includes “an imminent threat of death, serious bodily harm, or serious economic harm,” or information that is potentially related to threats relating to weapons of mass destruction, threats to minors, identity theft, espionage, protection of trade secrets, and other possible offenses.

The Center for Democracy & Technology also criticized McConnell’s move, noting that by attaching CISA to the defense authorization bill, he was moving to close debate and force it through Congress. The bill as currently written, CDT warned, risks “turning the cybersecurity program it creates into a back door wiretap by authorizing sharing and use of cyber threat indicators for law enforcement purposes that have nothing to do with cybersecurity.”

Unlike the debate around the Patriot Act last week, McConnell’s hand is strenghened by much of the corporate lobbying establishment. The U.S. Chamber of Commerce and dozens of other major lobbying groups have partnered with the NSA to make CISA a priority for this Congress.

Though Democrats, including supporters of CISA, have come out against McConnell’s legislative maneuver, business groups moved swiftly to endorse his effort. The Financial Servicees Roundtable and Securities Industry and Financial Markets Association, two major trade groups for big banks including Bank of America and Goldman Sachs, quickly released statements endorsing the strategy to attach CISA to the NDAA.

(This post is from our blog: Unofficial Sources.)

Photo: Win McNamee/Getty