It's Back

After having their plans to thwarted by activists, CISA is back:

US librarians have joined with a host of civil liberties groups to condemn a cybersecurity bill now passing through Congress they claim will be both “unhelpful” and “dangerous to Americans’ civil liberties”.

The American Library Association, the world’s oldest and largest library affiliation, has joined with 18 other groups including Fight for the Future, Demand Progress and FreedomWorks to issue a letter to the White House and Congress urging lawmakers to oppose the final version of a bill they claim will dramatically expand government surveillance while failing to tackle cyber-attacks.

Politicians from both sides of the House have been pushing for stronger cybersecurity measures in the wake of the Paris attacks and the recent San Bernardino shooting.

Republican House speaker Paul Ryan has been leading the charge to push through legislation and reconcile two bills, the Protecting Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement with the Cybersecurity Information Sharing Act of 2015 (Cisa), a controversial bill that passed a Senate vote in October.

The speed with which Ryan is trying to push through a compromise has worried privacy activists. “We’ve just learned that the Intelligence Committees are trying to pull a fast one,” Nathan White, senior legislative manager at digital rights advocate Access, said in a recent email to supporters. “They’ve been negotiating in secret and came up with a Frankenstein bill – that has some of the worst parts from both the House and the Senate versions.”

• According to the letter’s signatories, the proposed “conference” legislation would:
• Create a loophole that would allow the president to remove the Department of Homeland Security, a civilian agency, as the lead government entity managing information sharing.
• Reduce privacy protections for Americans’ personal information.
• Overexpand the term “cyber threat” to facilitate the prosecution of crimes unrelated to cybersecurity.
• Expand already broad liability protection for information disclosure.
• Pre-empt state, local or tribal disclosure laws on any cyber-threat information shared by or with a state, tribal or local government.
• Eliminate a directive to ensure data integrity.

They are going to keep trying until we put a stake through the heart of the surveillance industrial complex.