When it comes information sharing with the government, the position of America’s biggest banks seems to be, “Do as I say, not as I do.”

In the realm of cybersecurity, banking trade groups are busy lobbying for the right to share more customer data with the government, and ensure that data sharing is immunized from any legal ramifications emanating from that disclosure. But when confronted with the possibility of consumers handing their own information about their banks over to the government — well, Wall Street is crying foul.

Wall Street’s largest and most powerful trade groups — including the American Bankers Association, the Financial Services Roundtable and the Securities Industry and Financial Markets Association (Sifma) — have been actively lobbying on behalf of the Cybersecurity Information Sharing Act (CISA), a bill that raises substantial concerns about privacy. But even as they work to immunize themselves from privacy violations, they are simultaneously pretending to care about privacy when faced with the possibility of consumers’ complaints about them going public.

Banks want immunity when sharing your information with the government

CISA—the latest incarnation of a cybersecurity bill Congress has tried and failed to pass 4 times—would substantially widen the scope of when companies could share customer data with government surveillance entities. The way the bill’s advocates tell it, CISA is needed to help prevent cybersecurity threats. But CISA doesn’t just enable government agencies and companies to freely share information about potential hacks or security breaches, it also provides vast legal immunity to companies when they do so.

The immunity CISA grants is so broad that the Electronic Frontier Foundation likened it to “carte blanche immunity to violate long-standing computer crime and privacy law.”

Ostensibly, CISA is about sharing perceived cybersecurity threat information only. But advocates are concerned about CISA’s overreach, including the privacy violations it could permit. EFF has noted that the bill should “require deletion of all information not directly related to a threat,” but it doesn’t.

What’s even scarier about CISA is that it allows companies to launch counter-attacks if they perceive a “cybersecurity threat.” According to EFF, “cybersecurity threat” is defined so broadly, it “could be read by companies to permit attacks on machines that unwittingly contribute to network congestion.” Are you running a slow server? Sorry. CISA may give JPMorgan immunity to cyber-attack it.