By Elizabeth Holland
Today, AALL joins a number a number of privacy advocates, civil liberties groups, security experts, and technology companies for a Day of Action in opposition to the Cyber Information Sharing Act (CISA, S. 754). Our message is simple: CISA is a bad bill. While this legislation promises security, in actuality, it does more to increase surveillance, undermine transparency, and leave your personal information vulnerable to attack than it does to protect against cyber threats. With the Senate slated to consider it in the coming weeks – even as early as next week– we urge members of Congress to oppose CISA and, should push come to shove, implore President Obama to veto it.
Chief among our privacy concerns with CISA is the permission the bill grants for overbroad information sharing. Under CISA, companies in the private sector are authorized to share information about their users’ Internet activity with the federal government, even when that data is unnecessary to identify or protect against a threat. Information shared with one federal agency could then be shared throughout the government, potentially putting your personal information or that of your library users in the hands of agencies like the National Security Agency, Department of Justice, and the Department of Defense and leaving the information vulnerable to hackers.
CISA would also add a new exemption to the Freedom of Information Act (FOIA) for the first time since 1967. Section 10 of the bill provides that any and all information shared with or provided to the federal government pursuant to CISA is exempt from disclosure under FOIA, including private information unrelated to a cybersecurity threat. Passing CISA would also give jurisdiction over FOIA to the most secretive committee in the Senate, the Senate Select Committee on Intelligence (SSCI), which almost never holds public hearings and has never held one on this legislation. The Senate Judiciary Committee, which has jurisdiction over FOIA, has never held hearings or had an opportunity to consider the justification for the new FOIA exemption. As our friends at OpenTheGovernment.org posit, “allowing SSCI to write new exemptions to FOIA, without any public consideration or input from the Judiciary Committee, could set a dangerous precedent for further weakening the law at the intelligence community’s request.”
Cybersecurity is an increasingly important issue for U.S. industry, federal, and state governmental entities and AALL would strongly support a good-faith effort to improve information sharing for cybersecurity purposes. However, CISA is not that legislation. Write your Senators today to urge them to oppose CISA for the automatic and over-broad surveillance authorities and transparency-weakening provisions it would enable.