You might think that just a few short years after the Snowden revelations, Congress would hesitate to give the executive branch brand new, dragnet surveillance powers. If you thought that, you would be wrong.
Advocacy groups like the ACLU have succeeded in blocking cybersurveillance bills masquerading as so-called “cybersecurity” legislation for years, but this week, proponents in Congress slipped the package into the 2016 omnibus budget authorization. The omnibus budget includes funding for core functions of government, including the US military, so the chances that the White House will veto it are approximately zero.
Unfortunately, the version of the cybersurveillance bill that appears at the end of the omnibus budget is worse than any prior iteration of the scheme we’ve seen thus far. Cybersecurity experts say it wouldn’t do anything to protect US computer networks, but would give the government far more power to spy on us without warrants or individualized suspicion. Worse still, the legislation would protect companies like Google and Apple from civil lawsuits if they hand over our private information to the government without court orders or warrants. Adding injury to insult, the bill also allows law enforcement to use information obtained without warrants to lock people up on criminal charges.
The ACLU joins many other civil liberties groups in signing a letter to Congress urging them to remove the cyberspying bill from the omnibus before it passes. The letter lays out the fundamental problems with the legislation, which if enacted would:
- Authorize companies to significantly expand monitoring of their users’ online activities, and permit sharing of vaguely defined “cyber threat indicators” without adequate privacy protections prior to sharing;
- Require federal entities to automatically disseminate to the NSA all cyber threat indicators they receive, including personal information about individuals;
- Allow the president to establish the Office of the Director of National Intelligence (DNI), the FBI, and any other appropriate civilian federal entity as a portal through which companies may share information with liability protection;
- Authorize overbroad law enforcement uses that go far outside the scope of cybersecurity; and
- Authorize Companies to engage in problematic defensive measures.
The cyberspying bill has nothing to do with protecting US computer networks, and everything to do with handing over huge new surveillance powers to unaccountable agencies like the FBI and NSA.