On behalf of civil liberties and government accountability organizations from across the political spectrum, we encourage you to support H.R. 4350, introduced by Reps. Justin Amash, R-Mich., and John Conyers, D-Mich.
This bipartisan bill would repeal the Cybersecurity Act of 2015, secretly negotiated provisions that were hastily incorporated into the omnibus appropriations bill enacted late last year. As we and others have stated consistently, these provisions are unlikely to increase the government’s ability to detect, intercept and thwart cyber attacks, yet they institute broad and undefined data-collection capabilities that are certain to undermine government accountability and further erode privacy protections.
Questions of cybersecurity and privacy should be debated openly in a manner that allows legislators and the public to criticize and participate. These questions should not be obscured by backroom deals that exclude critical perspectives and due process, and that many security experts have argued could result in worse security problems and worse privacy violations than before.
The Cybersecurity Act of 2015 included provisions unacceptable to the technology community, privacy and open-government advocates, as well as ordinary Americans, including:
- A new avenue through which the government will receive personally identifiable information and communications content, expanding surveillance on innocent Americans;
- Immunity from liability for companies that unnecessarily share private user information with the government and other companies;
- No reasonable limits on the type of information that can be shared, such as individuals’ personal online communications;
- Authorization for law enforcement and the intelligence community to use this information for purposes unrelated to cybersecurity, including the investigation and prosecution of unrelated crimes.
- An exemption to the Freedom of Information Act, and preemption of state and local laws on disclosure that seriously undermine government accountability and transparency.
Measures to strengthen cybersecurity should not come at the expense of exposing law-abiding Americans’ private information to government surveillance. Additionally, it should not be necessary to extend law-enforcement authorizations to non-cybersecurity purposes.
We call on Congress to repeal these unnecessary provisions and start a new conversation about the right way to address real cybersecurity threats, without undermining the privacy and security of all Americans and the accountability of government.
R Street Institute
American Civil Liberties Union
American Library Association
Campaign for Liberty
Center for Democracy and Technology
Defending Dissent Foundation
Fight For The Future
Free Press Action Fund
Government Accountability Project
Open Technology Institute
Open the Government
Restore the Fourth