Privacy groups oppose new Senate cyber bill

A coalition of privacy advocates have come out against a new Senate cybersecurity bill that critics say ignores the last year of revelations about U.S. surveillance.

In a Thursday letter to the Senate Intelligence Committee, 22 privacy groups warned against taking up the Cybersecurity Information Sharing Act.

That recently introduced bill from Chairwoman Dianne FeinsteinDianne FeinsteinFeinstein: Trump Jr. will be subpoenaed if he refuses to testify The next battle in the fight against human trafficking Trump's FBI nominee passes committee, heads to full Senate MORE (D-Calif.) and Vice Chairman Saxby ChamblissSaxby ChamblissFormer GOP senator: Let Dems engage on healthcare bill OPINION: Left-wing politics will be the demise of the Democratic Party GOP hopefuls crowd Georgia special race MORE (R-Ga.) would make it easier for companies to share information about cyber threats with each other and the government.

In their letter, the groups — including the ACLU, the Center for Democracy and Technology and the Electronic Frontier Foundation — said the bill would allow for more information sharing with U.S. intelligence agencies, including the National Security Agency (NSA) despite public backlash over NSA surveillance.

In addition to warrantless surveillance of U.S. communications, the NSA has “engaged in questionable cybersecurity practices, such as compromise of security standards and failure to promptly inform technology companies about security vulnerabilities in their software,” the letter said.

The bill from Feinstein and Chambless “ignores these revelations,” the groups continued.

“Instead of reining in NSA surveillance, the bill would facilitate a vast flow of private communications data to the NSA.”

The privacy groups took issue with the bill’s “inadequate” restrictions on the way shared information can be used by the government — including in cases unrelated to cybersecurity threats — and the bill’s “failure to protect personally identifiable information.” 

The groups also expressed concerns that the bill defines cyber threat too broadly and gives companies too much leeway in exercising countermeasures to impede cyber threats.

As written, the bill could allow companies to be “reckless and careless” when using countermeasures, including against “average Internet users,” according to the letter. 

The groups urged against Senate action on the bill until it is rewritten to include more limitations and privacy protections.

“Cybersecurity legislation intended to protect national security, financial systems, computer users, and the Internet must not undercut essential privacy rights,” the letter said.