Oppose Cybersecurity Information Sharing Act
ASNE members should contact their senators and ask them to vote "No" on S.754, the Cybersecurity Information Sharing Act. Our main concern is the impact this legislation will have on transparency.
The Senate is likely to vote on Cybersecurity Information Sharing Act (CISA), S.754 before it leaves for its August recess on Aug. 7 -- maybe even as early as this week. ASNE members should be concerned about this bill, and we ask that you contact your senator to ask him or her to vote "No" on S.754.
There are a number of problems with this bill (which, by the way, is unlikely to serve as a sufficient solution to recent, high-profile security breaches, such as the one suffered by the federal government's own Office of Personnel Management). Our main concern is the impact this legislation will have on transparency.
CISA will add a new FOIA exemption (the first exemption since the bill was originally enacted). All "information shared with or provided to the Federal Government pursuant to the Cybersecurity Information Sharing Act of 2015" is exempt from disclosure under FOIA. This is true regardless of whether the information actually relates to a cybersecurity threat. It's a loophole that will allow the federal government to withhold just about any and all information it receives from private sector topics on any subject, especially because private companies enjoy broad immunity when sharing this information with the government. This creates a particular concern for news media in that a private company could share information it has regarding a reporter (such as email or phone contacts or even contents of communications) without fear of immunity and with the reporter and/or his or her employer having no knowledge that the information was shared. The public would not have any oversight role in these "cybersecurity" efforts, either.
Particularly galling is the fact that this is all being enacted in secret. Although the Senate Judiciary Committee usually has jurisdiction over FOIA-related legislation, S.754 was drafted and marked up in secret by the Senate Select Committee on Intelligence (SSCI). Not a single public hearing was held on the bill.
Our ally on many FOIA-related issues, Openthegovernment.org, has compiled some useful background material to further explain the problems with S.754:
In addition to editorializing against S.754 and/or contacting your senators, you might want to consider participating in a "blogging day of action" proposed for July 28 (if the bill hasn't already reached the Senate floor by then). The goal is to get as many people and groups to direct blog posts on this day to the White House and ask for a Statement of Administration Policy against S.754 because of the concerns over the bill's impact on personal privacy.