A Surveillance Bill by Any Other Name: The Cybersecurity Information Sharing Act

A Surveillance Bill by Any Other Name: The Cybersecurity Information Sharing Act  By Jumana Musa, Sr. Privacy and National Security Counsel at the National Association of Criminal Defense Lawyers 

With every news story of a database breached comes a steady drum beat of demands for more cybersecurity. This demand has taken shape in the Senate as the Cybersecurity Information Sharing Act (CISA) and seems poised for a vote by the full Senate. Debated and approved by the Senate Intelligence Committee in a closed door meeting without public scrutiny, the measure would go far beyond its stated purpose in stopping cyberattacks. Civil society groups have opposed the bill, which Senator Ron Wyden (D-Ore.) called a "surveillance bill by another name."

By Jumana Musa, Sr. Privacy and National Security Counsel at the National Association of Criminal Defense Lawyers 

With every news story of a database breached comes a steady drum beat of demands for more cybersecurity. This demand has taken shape in the Senate as the Cybersecurity Information Sharing Act (CISA) and seems poised for a vote by the full Senate. Debated and approved by the Senate Intelligence Committee in a closed door meeting without public scrutiny, the measure would go far beyond its stated purpose in stopping cyberattacks. Civil society groups have opposed the bill, which Senator Ron Wyden (D-Ore.) called a "surveillance bill by another name."

The bill allows for the broad sharing of information with government agencies – both civilian and military – to be used to investigate a broad range of criminal activity unrelated to cybersecurity. CISA authorizes companies to monitor Internet users' activities in order to identify a cybersecurity threat to any entity anywhere, even if such monitoring would otherwise be illegal under a privacy law. Since the information is voluntarily turned over to the government by private entities, this bill would act as a general warrant, all but eviscerating Fourth Amendment protections against unreasonable searches and seizures.

The bill authorizes federal, state, and local governments to use cyber threat indicators to investigate crimes that have nothing to do with cybersecurity, such as robbery, arson, and carjacking, as well as identity theft and trade secret violations. Additionally, CISA authorizes companies to share information, including personal and identifying information, with the government for any purpose authorized under the Act, which means that companies could share information for the purpose of investigating these unrelated crimes. While these crimes are serious, there is no justification for undermining the legal protections that currently apply when such investigations are underway.

Tech experts have laid out several ways that the government could act to protect itself and companies from cyber threats that don't include turning over vast amounts of private records with no legal protection. Congress should not exploit the very real concern of cyberattacks to allow government agencies to investigate and prosecute people without having to comply with the formal protections that were put in place over 200 years ago. When it comes to protecting against cyber threats, CISA is like the emperor's new clothes.  Merely stating that the bill is not a surveillance bill does not make it so. If Congress ignores the facts and passes the bill, the President should veto this measure, as he threatened to twice before on similarly flawed bills.

Featured Products

Explore keywords to find information

RECENTLY ADDED & UPCOMING

  1. The Champion
    /Nacdl/media/image_library/StayInformed/Champion/ChampionCovers/March-April-2025.jpg?ext=.jpg

    March/April 2025

    What are the evidentiary implications of field sobriety tests in marijuana cases? Does the odor of marijuana give officers probable cause to search a vehicle?

  2. Amicus Brief
    /Nacdl/media/image_library/Elements/global/amicus.png

    Jenner & Block LLP v. U.S. Department of Justice

    Brief of the National Association of Criminal Defense Lawyers and New York Council of Defense Lawyers as Amici Curiae in Support of Plaintiff’s Motion for Summary Judgment.

  3. News Release
    /Nacdl/media/image_library/Elements/global/newsrelease.png

    News Release ~ Law Enforcement Executive Order

    NACDL Warns Executive Order's Dangerous Overreach Undermines Community Safety and Trust in Police – Washington, DC (April 29, 2025) – The National Association of Criminal Defense Lawyers (NACDL) expressed deep concern regarding the Executive Order titled "Strengthening and Unleashing America’s Law Enforcement to Pursue Criminals and Protect Innocent Citizens," cautioning that several of its proposals represent a dangerous overreach that undermines these goals by jeopardizing individual rights and the legitimacy of law enforcement in the eyes of the community.

  4. Event
    /Nacdl/media/image_library/Learn/nacdlcleinstitute/2025_Post-Dobbs_Trial_Tactics_2025-02-26_v02_Event-Listing_2.jpg?ext=.jpg

    Trial Tactics for Pregnancy-Related Cases: Skills for Every Defender

    LOCATION: The University of Texas School of Law, Austin, TX
    DATE: May 16-17, 2025
    COST: FREE (registration is required)
    CLE Credit: Up to 14.5 credits 

  5. Webinar
    /assets/img/nacdl_og.png

    Collaborative Approaches to Appellate Defense: Recognizing Clients' Legal Expertise

    WHEN: Thursday, May 8, 3:00-4:30pm ET / 12:00-1:30pm PT
    CLE CREDIT: not available
    COST: Free