The Lieberman-Collins Cybersecurity Act – A Threat to Online Rights

The Lieberman-Collins Cybersecurity Act poses a significant threat to online rights, according to the Electronic Fronier Foundation.

The Cybersecurity Act is sponsored by Sen. Collins (R-ME) and Sen. Lieberman (CT) and was drafted with the detection and thwarting of network attacks in mind.  It has been criticized, however, for infringing on civil liberties.

According to EFF:

  1. The bill uses dangerously vague language to define “cybersecurity threat indicators” (information that companies can share with the government), leaving the door open to abuse (intentional or accidental) in which companies share protected user information with the government without a judge ever getting involved.
  2. Data collected under the Cybersecurity Act can be shared with law enforcement for non-cybersecurity purposes if it “appears to relate to a crime” either past, present, or near future. This is overbroad and contrary to the spirit of our Constitution. Senator Wyden, talking about a similar provision in CISPA, noted “They would allow law enforcement to look for evidence of future crimes, opening the door to a dystopian world where law enforcement evaluates your Internet activity for the potential that you might commit a crime.” The CSA suffers the same “future crime” flaw.
  3. If companies overstep their authority, violating the privacy of Internet users for non-cybersecurity purposes or oversharing sensitive data with the government, it will be very difficult for individuals to hold these companies accountable by taking them to court. The bill puts incredibly high burdens on the plaintiff in such a case to prove that a company was not monitoring for the purpose of detecting cybersecurity threats and did not have a “good faith” belief that they were allowed to do it (whether they are right or wrong); or that they “knowingly” and “willfully” violated the restrictions of the law. Furthermore, the bill allows companies to bypass much of preexisting law designed to limit company disclosure of private communications – bedrock privacy law like the Wiretap Act and the Electronic Communications Privacy Act.
  4. The Cybersecurity Act would allow sensitive private communications to flow to the NSA, a U.S. military agency — contrary to a long held value that military agencies should not be engaged in collecting data on American citizens.
  5. This bill has been criticized by open government groups who rightly point out that the bill creates new exemptions to FOIA—making it that much harder for people to understand how much and what kind of data is being shared with the government and ensure that the government and companies do not abuse this authority.

More information on the Cybersecurity Act can be obtained by visiting GovTrack.US or clicking either of the following links:

Cybersecurity Act (S.2015 ) One Page Reference Handout

Frequently Asked Questions About the Cybersecurity Act

Featured Image Photo Credit: marc falardeau