We're halfway through our Week of Action opposing the privacy-invasive "cybersecurity" bill CISA. This is the fifth time in as many years that Congress is trying to pass an information-sharing bill. The Week of Action aims to stop a rumored vote on the bill before Congress leaves for a 5-week vacation on August 7. We're only three days in and over 400,000 faxes have been sent to the Senate opposing CISA. Join us now in the Week of Action.

Today we'll be hosting a Reddit AMA starting at 10am ET/7am PT diving deeper into why this zombie bill must be stopped.

CISA Must be Stopped

CISA is a "cybersecurity" bill aimed at granting companies immunity for sharing information about "cybersecurity threats"—which could include personal information—with the government. Unfortunately, the bill's broad immunity clauses, vague definitions, and aggressive spying powers combine to make the bill a surveillance bill in disguise. The provisions are ripe for abuse and allow for companies to share completely unrelated personal information directly with intelligence agencies like the NSA.

What's worse is that CISA isn’t likely to improve users' computer security. The bill's sponsors—Senators Richard Burr and Dianne Feinstein— are painting the bill as a way to stop corporate and government data breaches. But many of the breaches they point to are due to unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) who clicked malware links. Information sharing won't cure these failings.

The bill also includes a countermeasures provision that creates additional dangers for everyday users. The provision authorizes companies to launch "defensive measures" protecting any "information system" (defined as either hardware or software) from any perceived threat, including threats from "anomalous patterns of communications." The standard grants wide latitude for potentially egregious attacks against unwitting users who don’t know their machines are part of a botnet. While the bill prohibits measures that cause “substantial harm,” we don’t know what “substantial” means—leaving open the possibility that companies will launch countermeasures causing significant (but not “substantial”) harm.

All of the information being shared and collected is kept away from public scrutiny because the bill contains exemptions to the Freedom of Information Act (FOIA). Combined with the broad legal immunity, the FOIA exemptions ensure the public is kept in the dark about what companies are sharing and how the law is operating.

The Week of Action

That's why we're asking you to join us in our Week of Action to stop CISA. Here’s how to help: