A coalition of 55 civil society organizations, security experts, and academics have joined TCP in urging Congress to vote against cyber threat information-sharing legislation, saying the proposal “would seriously threaten privacy and could undermine Internet security.”
In a letter delivered to members of Congress on April 20, the group argued that the two bills, the Protecting Cyber Networks Act (H.R. 1560) and the Cybersecurity Information Sharing Act (S. 754), significantly increase the National Security Agency’s access to personal information, and authorize the federal government to use that information for a myriad of purposes unrelated to cybersecurity.
The legislation authorizes internet companies to monitor a wide range of users’ activities and share the information with other companies and the government without taking necessary steps to protect private information, the letter said. In addition, the two bills permit law enforcement to use cyber threat indicators to investigate crimes and activities that have nothing to do with cybersecurity, such as robbery, arson, carjacking, or any threat of serious bodily injury or death, regardless of whether the harm is imminent. Such indiscriminate use authorizations “undermine traditional due process protections,” the group wrote. A fuller analysis of the legislation from the Open Technology Institute is available here.
In addition to The Constitution Project, groups signing the letter include the ACLU, the American Library Association, the Center for Democracy & Technology, the Cyber Privacy Project, the Electronic Frontier Foundation, FreedomWorks, the Liberty Coalition, Restore the Fourth and R Street.
In a separate letter delivered to key Congressional leaders earlier, more than 65 cybersecurity professionals and academics questioned the need for the legislation. “We do not need new legal authorities to share information that helps us protect our systems from future attacks,” they wrote. “Generally speaking, security practitioners can and do share this information with each other and with the federal government while still complying with our obligations under federal privacy laws,” they added.
Congress is expected to consider the legislation before Memorial Day.