Broad Coalition Urges President to Oppose Cyber Bill

President Obama should speak out against S. 2588, the Cybersecurity Information Sharing Act (“CISA”) of 2014, say thirty privacy, accountability, and transparency organizations, including CISA, which is headed to the Senate floor following a secret, closed-door markup, poses serious risks to government transparency and accountability, and fails to provide meaningful privacy protections, comprehensive cybersecurity solutions.  The Obama administration threatened to veto 2012's CISPA, a bill with privacy shortcomings similar to CISA.

The bill fails to incorporate any significant lessons learned regarding the critical role of transparency in oversight, instead providing a broad new categorical exemption (an Exemption 10) from disclosure under the Freedom of Information Act, the first since the Act’s passage in 1966. It also presents a threat to journalists and whistleblowers, as it authorizes the government to use the information shared with the government in investigations and prosecutions unrelated to cybersecurity, including Espionage Act investigations. 

The groups’ recommendations for a strong cybersecurity bill include:

  •  Ensure that all administrative agencies that collect or handle personal information, including the White House, have, on staff, a Chief Information Officer, Chief Privacy Officer, and a Chief Technology Officer with clearly published contact information. These officers should be responsible for establishing and publishing a responsible disclosure policy and process for vulnerability reporting.
  • Provide resources to educate users, companies, and other actors on cybersecurity threats and best practices for avoidance and mitigation; and
  • Establish strong transparency obligations that give as much access as possible to both governmental oversight bodies and the public.

The full letter, drafted by Access, is available here.