Uh-oh — Diane Feinstein is sponsoring a new cyber snooping bill:
The bill’s primary effect would be a new requirement for sharing information on “cyber threat indicators,” a vague term that could refer to anything from an ongoing hack to a vulnerability in commercial software. Once a company makes a report to the government with information about a threat indicator, CISA would require broad sharing across federal agencies, including with the NSA, which would be given a more central role in threat management under the new scheme. Companies would also be encouraged to monitor their networks to gather more information about the threat.
Advocacy groups have seized on the reporting requirements as a troubling expansion of NSA access to private networks. The Center for Democracy in Technology says the provision “risks turning the cybersecurity program it creates into a back door wiretap.” CDT also notes the bill lacks many crucial privacy protections that were included in previous cybersecurity acts. The Electronic Frontier Foundation calls the bill “fatally flawed,” and raised concerns that it would create a new pipeline of data from independent companies to the NSA.
Kill this bill. A smart Republican ought to sponsor a bill along with a few principled Democrats which would first severely curb the NSA’s domestic surveillance, then sunset the agency while ramping up its replacement. Old management would be forbidden from working for the new agency.