The White House proposal to encourage businesses to share data with the government on “cyber threats” would make it easier for law enforcement and other agencies to collect private information on Americans.
President Obama announced his new Internet legislative proposal Tuesday, but privacy analysts warn it’s simply another CISPA-style government takeover of the Internet, including increased data collection, under the guise of “cybersecurity.”
“The status quo of overweening national security and law enforcement secrecy means that expanded information sharing poses a serious risk of transferring more personal information to intelligence and law enforcement agencies,” the Electronic Frontier Foundation revealed. “Given that the White House rightly criticized CISPA in 2013 for potentially facilitating the unnecessary transfer of personal information to the government or other private sector entities when sending cybersecurity threat data, we’re concerned that the Administration proposal will unintentionally legitimize the approach taken by these dangerous bills.”
The Cyber Intelligence Sharing and Protection Act was a 2013 “cybersecurity” bill which granted private companies legal immunity for sharing private customer data with the government for “cybersecurity purposes,” and even though the bill stalled in Congress, Obama’s proposed Internet legislation is the spiritual successor of CISPA.
CISPA was written broadly enough that Internet companies could share Americans’ e-mails, text messages and even files stored on-line with the feds.
On top of that, key provisions of CISPA were written “notwithstanding any other law,” meaning CISPA would have trumped privacy laws, all while granting companies the aforementioned immunity from civil and criminal liability.
In other words, CISPA encouraged companies to send the government their entire databases of customer data because they had no legal incentive to protect their customers’ privacy.
And Obama’s legislative proposal, which also weakens state data breach laws while increasing penalties under existing federal fraud laws, is nothing more than CIPSA with a new name.
“Introducing information sharing proposals with broad liability protections, increasing penalties under the already draconian Computer Fraud and Abuse Act, and potentially decreasing the protections granted to consumers under state data breach law are both unnecessary and unwelcome,” the EFF added.