EFF joined a group of thirty-five civil society organizations, companies, and security experts that sent a letter on Monday encouraging President Obama to veto S. 2588, the Cybersecurity Information Sharing Act (“CISA”) of 2014. The letter states:
CISA fails to offer a comprehensive solution to cybersecurity threats. Further, the bill contains inadequate protections for privacy and civil liberties. Accordingly, we request that you promptly pledge to veto CISA.
Bad cybersecurity bills appear to be habit-forming for Congress. CISA, which is appropriately being called a “zombie bill” by privacy advocates and journalists, rehashes two similar (and equally flawed) bills: the Cyber Intelligence Sharing and Protection Act (CISPA) of 2012 and CISPA of 2013. Both bills were soundly defeated after major outcries on the Internet and distaste in the Senate for a bill with insufficient privacy protections.
But some lawmakers aren’t getting the message. The letter points out that, while CISA has made a small number of cosmetic changes to CISPA:
CISA presents many of the same problems the Administration previously identified with CISPA in its veto threat. Privacy experts have pointed out how CISA would damage the privacy and civil liberties of users.
As we've emphasized in the past, the bill fails to provide privacy protections for Internet users and allows information sharing in a wide variety of circumstances that could potentially harm journalists and whistleblowers. Like its previous iterations, it also contains overbroad immunity from lawsuits for corporations that share information. As the letter points out, it even contains “a broad new categorical exemption from disclosure under the Freedom of Information Act, the first since the Act’s passage in 1966.”
You can read the full text of the letter and see the signatories here. You can also take action today: tell your Senator to vote no on a bill that fails to make the Internet safer and invades the privacy and civil liberties of everyday Internet users.