The Good or the Bad and Ugly?

Congress has returned from summer recess and it’s about to deal once again with the American public right for privacy. On the table are two new laws – one good and the other one exceedingly bad and ugly.

US Laws

It’s been a long vacation for the American law makers, but now that Congress is back from the summer recess, it has some work to do. On the Agenda are two laws that are privacy related, one good and the other bad. The good one is the USA FREEDOM Act and it must be passed by Congress, while the other, the Cybersecurity Information Sharing Act (CISA) should be killed. Any bets?

The USA FREEDOM Act is an important step forward for privacy. First, it would stop the USA government from sending court orders to phone companies for all of their customers' calling records. The bill also introduces much needed institutional changes to the secretive court overseeing the spying, called the Foreign Intelligence Surveillance Court (FISA Court). Lastly, the bill introduces transparency requirements by mandating the government report on the number of orders obtained by the FISA court and by allowing companies to report on the number of orders they receive. There are still problems with the bill, but it's an important piece of legislation that starts to solve some of the problems revealed by the Edward Snowden disclosures.

This law and its importance was just supported through the ongoing case of Smith v. Obama, a challenge to the NSA’s warrantless collection of phone records, currently before the Ninth Circuit Court of Appeals. The day that congress returned to work, the Ninth Circuit Court of Appeals heard why the NSA’s activities are an extraordinary invasion of the privacy of innocent Americans. Senators Ron Wyden, Mark Udall and Martin Heinrich—members of the committee charged with overseeing the NSA—write that they “have seen no evidence that the bulk collection of Americans’ phone records has provided any intelligence of value that could not have been gathered through means that caused far less harm to the privacy interests of millions of Americans.” This echoes statements made by numerous officials, including President Obama himself and it is crucial to countering the arguments in this case about the national security importance of the NSA’s program.

The Bad and the Ugly combined

The other side of the equation is the Cybersecurity Information Sharing Act (CISA). This one is a pretty sinister law that is nothing more than a zombie trying to pass the same bill for the fourth time in four years. Cybersecurity bills aim to facilitate information sharing between companies and the government, but they always seem to come with broad immunity clauses for companies, vague definitions and aggressive spying powers. The bill authorizes companies to launch countermeasures for a "cybersecurity purpose" against a "cybersecurity threat." It also adds a new authority for companies to monitor information systems to protect an entity's rights or property.

In plain words, what this bill does is to allow companies to spy on their users and pass on the information without any real mechanism of privacy, to the NSA. Once the information is sent to a government agency, it can use the information for reasons other than for cybersecurity purposes. One clause even allows the information to be used to prosecute violations of the Espionage Act — a World War I era law that was meant to prosecute spies but has been used in recent years primarily to go after journalists’ sources. The public won’t even know what information is being collected, shared, or used because the bill will exempt all of it from disclosure under the Freedom of Information Act.

The bill also retains near blanket immunity for companies to monitor information systems, to share information, and to use countermeasures. Combine all these elements together and you find a law that refuses to die and make the American public's private information accessible to companies and the government alike. It raises the obvious question of why should you wait for the law maker to do things for you when you can do them yourself? A first step in the direction would be installing our plugin and App.

What do you think of both laws? Leave a comment below!