The Obama administration has hardly been a consistent defender of digital privacy. Recall, for example, its support for the reauthorization of the Patriot Act, or its position—unanimously rejected by the Supreme Court in U.S. v. Jones—that we should have no expectations of privacy in public. Recently, however, the administration gave friends of digital privacy a reason to dance in the chat rooms: On April 25, Obama threatened to veto the Cyber Intelligence Sharing and Protection Act (CISPA), the dreadful cyber security bill that would have allowed Internet companies to share private emails and web browsing records with the NSA.

But while this was a real success for online privacy activists, it’s far too early to declare victory. There is another cyber security bill currently being considered by the Senate. This is one is nearly as bad as CISPA—and not only is Obama unlikely to threaten another veto, the administration has already indicated its support.

The idea behind CISPA isn’t inherently objectionable. No one denies that an effective approach to cyber security could allow telecommunications and Internet service providers to share information about cyber-threats with the government. But although it’s possible to design an information sharing program that protects privacy as well as security, the leading bills that have been considered by the House and Senate do no such thing.

As originally drafted, CISPA would have allowed private companies to share vast amounts of private data with any government agency, including the NSA, without meaningfully limiting what the government could do with the information. That means Comcast or AT&T could choose to give the government an ocean of private data; the government could then go fishing for evidence, not only for cyber threats but for any low-level crime. This could be the equivalent of a perpetual wiretap on any citizen without individualized suspicion, creating what’s known as a “Nixon effect.” (When the Nixon administration wanted to retaliate against Vietnam protesters, it scoured their tax returns and threatened them with exposure, chilling their speech as a result.)

The Senate cyber security bill, which was introduced by Joseph Lieberman, does have stronger privacy protections than CISPA. For example, the Lieberman bill requires that reasonable efforts be made to strip away personal information unrelated to cybercrime. But like CISPA, the Lieberman bill doesn’t prohibit the government from prosecuting the unrelated crimes if it finds them.For this reason, it too poses a risk of the Nixon effect: If the Department of Homeland Security were interested in retaliating against one of its critics, for example, it could request that Internet service providers share any email or web communications that are “indicative” of a cyber threat. If, after fishing for wrongdoing, government investigators find evidence of a crime unrelated to cyber security, the critics could be prosecuted for that crime, no matter how low-level. (The Center for Democracy and Technology provides a detailed comparison of the House and Senate bills.)