After all its hard work this year Congress is almost done with its summer recess. Lawmakers are due back Sept. 8 and have much to tackle. Two bills are of paramount importance to EFF: one—the USA FREEDOM Act—must be passed by Congress, while the other—the Cybersecurity Information Sharing Act (CISA)—must be killed.
The USA FREEDOM Act is a good first step to rein in the NSA's "Business Records" program, which collects Americans' calling records using Section 215 of the Patriot Act. Since July, we've urged people to contact their senators to cosponsor the bill. We've even created a scorecard to help you figure out where your member of Congress stands.
On the other side is CISA, a privacy-invasive cybersecurity bill written by the Senate Intelligence Committee to facilitate the sharing of computer threats between companies and the government. The bill grants companies broad legal immunity to spy on users and share their information with government agencies like the NSA. This zombie bill—just like previous cybersecurity bills—must be killed.
One Step Forward and Two Steps Back
The USA FREEDOM Act is an important step forward for privacy. First, it would stop the government from sending court orders to phone companies for all of their customers' calling records. The bill also introduces much needed institutional changes to the secretive court overseeing the spying called the Foreign Intelligence Surveillance Court (FISA court). Lastly, the bill introduces transparency requirements by mandating the government report on the number of orders obtained by the FISA court and by allowing companies to report on the number of orders they receive. There are still problems with the bill, but it's an important piece of legislation that starts to solve some of the problems revealed by the Edward Snowden disclosures.
Unfortunately, Senator Feinstein's Cybersecurity Act, if passed, would take us two steps backward. Every year, "information sharing" bills are introduced in Congress and every year they fail due to broad immunity clauses for companies, vague definitions, and aggressive spying powers. The current Cybersecurity Act is the fourth time in four years that Congress has tried to pass “information sharing” legislation.
The current version of CISA neglects much of what we've learned from Edward Snowden, such as how information obtained using Section 702 of the Foreign Intelligence Surveillance Act is used for cybersecurity. The bill also suffers from some of the same exact faults as previous bills, which includes overly broad legal immunity for companies to share personal information with the government and with other private companies.
Congress Must Kill CISA and Pass USA FREEDOM
Both bills deal with important privacy issues, but are on completely opposite sides of the debate. Congress can do the right thing by pushing forward with the USA FREEDOM Act and passing much needed NSA reform. Tweet your Senator to support the USA FREEDOM Act. After that, send them an email asking them to not support CISA.