#publisher alternate (BUTTON) Close Skip to main content sign in * Saved for later * Comment activity * Edit profile * Email preferences * Change password * Sign out subscribe search dating more from the guardian: * dating * jobs change edition: * switch to the UK edition switch to the US edition switch to the AU edition International * switch to the UK edition * switch to the US edition * switch to the Australia edition The Guardian * home * > world * europe * US * americas * asia * australia * africa * middle east * cities * development * home * UK * world selected * sport * football * opinion * culture * business * lifestyle * fashion * environment * tech * travel browse all sections close Surveillance Cybersecurity bill could 'sweep away' internet users' privacy, agency warns Homeland Security admits Cybersecurity Information Sharing Act raises concerns while corporations and data brokers lobby for bill as it returns to Senate department of homeland security cybercrimes Wallpaper is seen lining the walls at the Department of Homeland Security new Cyber Crimes Center in Fairfax, Virginia. Photograph: Paul J Richards/AFP/Getty Images Sam Thielman @samthielman Monday 3 August 2015 22.23 BST Last modified on Monday 3 August 2015 23.20 BST * Share on Facebook * Share on Twitter * Share via Email * Share on Pinterest * Share on LinkedIn * Share on Google+ * Share on WhatsApp This article is 6 months old The Department of Homeland Security (DHS) on Monday said a controversial new surveillance bill could sweep away "important privacy protections", a move that bodes ill for the measure's return to the floor of the Senate this week. The latest in a series of failed attempts to reform cybersecurity, the Cybersecurity Information Sharing Act (Cisa) grants broad latitude to tech companies, data brokers and anyone with a web-based data collection to mine user information and then share it with "appropriate Federal entities", which themselves then have permission to share it throughout the government. Minnesota senator Al Franken queried the DHS in July; deputy secretary of the department Alejandro Mayorkas responded today that some provisions of the bill "could sweep away important privacy protections" and that the proposed legislation "raises privacy and civil liberties concerns". Much of the attention on Cisa has been directed at companies such as Google, Facebook and Comcast, which have large hoards of internet user behavior. But arguably more important are data brokers. Among the groups lobbying for the passage of Cisa are Experian, which tracks consumer trends using information from loyalty cards and other sources and licenses the information to help target advertising; Oracle, whose Data Cloud product works similarly; and Hitrust, which aggregates healthcare information. The paragraph generating the most concern can be found in section 4 of the bill: "[a] private entity may, for cybersecurity purposes, monitor A) the information systems of such a private entity; B) the information systems of another entity, upon written consent of such other entity [...] and D) information that is stored on, processed by, or transiting the information systems monitored by the private entity under this paragraph." Debate on the bill could start on Wednesday with a vote on Thursday. Privacy concerns are already significant in the private sector, where the use of personal data at scale is largely unregulated. "With respect to data brokers that sell marketing products, the Commission recommends that Congress consider legislation requiring data brokers to provide consumers access to their data, including sensitive data held about them, at a reasonable level of detail, and the ability to opt out of having it shared for marketing purposes," wrote the FTC in a whitepaper titled Data Brokers: A Call for Transparency and Accountability last May. Such legislation has been introduced, but is repeatedly referred to committee. Data brokers are anxious to avoid losing the ability to aggregate vast quantities of personal data - the sale and licensing of consumer databases is a lucrative practice, as web advertising booms and TV advertising becomes more sophisticated. It's also a practice that prefers not to disclose exactly what information it is holding. Mike Seay, an Illinois man whose child died the year previous, received in 2014 a junk mail flier from OfficeMax addressed to "Mike Seay, Daughter Killed in Car Crash" (this was indeed how his 17-year-old daughter had died). Cisa's mandate would seem to cover the publicly used interfaces of the health insurers and banks - including SunTrust, Prudential, American Express, Aflac and Bank of America - that lobbied on the bill. Drew Mitnick of digital advocacy organization Access Now pointed to language in the bill that would give participants in the proposed information-sharing program immunity not just from prosecution, but from regulatory action. "The transparency requirement is so narrow that, if you met the requirements within the bill to get protection, it would give [participating companies] broad range to collect data and then send it to the government." Lobby group the Financial Services Roundtable (FSR) on Monday launched an advertising campaign, stopcyberthreats.com, aimed at tackling an online campaign by privacy activists who have dubbed Cisa "the Darth Vader bill" and are worried by the sweeping legal immunity corporations will receive under Cisa. If the bill were to pass and enough of those companies were to cooperate with any given agency, the amount of information floating free within the federal government could easily extend to credit card histories (collected by data miners at Argus), lists of goods purchased (aggregated from customer loyalty cards by companies including Acxiom and Experian), and healthcare records (tracked by insurers). Credit check giant Experian said that the company would like to see the legislation pass. "Experian supports legislation that would facilitate greater sharing of cyber threat information among appropriate private and government entities," said a company spokeswoman in a statement to the Guardian. "Such sharing arrangements, under parameters set by law, could improve our mutual efforts to better detect and respond to emerging cyber threats." The company also laid the duty to walk the knife's edge between citizens' information security and their personal safety at the feet of their elected officials. "Congress has the responsibility to balance the need for facilitating greater information sharing, and thereby enhancing cyber security, with important consumer privacy concerns. We encourage and support Congress' effort in striking this balance." __________________________________________________________________ More news Topics * Surveillance * Privacy * US Congress * US Senate * Private sector * (BUTTON) More... * Data protection * Internet __________________________________________________________________ * Share on Facebook * Share on Twitter * Share via Email * Share on Pinterest * Share on LinkedIn * Share on Google+ * Share on WhatsApp * Reuse this content View all comments > comments Sign in or create your Guardian account to join the discussion. This discussion is closed for comments. We're doing some maintenance right now. You can still read comments, but please come back later to add your own. Commenting has been disabled for this account (why?) (BUTTON) Order by * (BUTTON) newest * (BUTTON) oldest * (BUTTON) recommendations (BUTTON) Show 25 * (BUTTON) 25 * (BUTTON) 50 * (BUTTON) 100 * (BUTTON) All (BUTTON) Threads * (BUTTON) collapsed * (BUTTON) expanded * (BUTTON) unthreaded Loading comments... Trouble loading? (BUTTON) View more comments popular The Guardian back to top * home * UK * world selected * sport * football * opinion * culture * business * lifestyle * fashion * environment * tech * travel all sections close * home * UK + education + media + society + law + scotland + wales + northern ireland * world selected + europe + US + americas + asia + australia + africa + middle east + cities + development * sport + football + cricket + rugby union + F1 + tennis + golf + cycling + boxing + racing + rugby league * football + live scores + tables + competitions + results + fixtures + clubs * opinion + columnists * culture + film + tv & radio + music + games + books + art & design + stage + classical * business + economics + banking + retail + markets + eurozone * lifestyle + food + health & fitness + love & sex + family + women + home & garden * fashion * environment + climate change + wildlife + energy + pollution * tech * travel + UK + europe + US + skiing * money + property + savings + pensions + borrowing + careers * science * professional networks * the observer * today's paper + editorials & letters + obituaries + g2 + weekend + the guide + saturday review * sunday's paper + comment + the new review + observer magazine * membership * crosswords + blog + editor + quick + cryptic + prize + quiptic + genius + speedy + everyman + azed * video * World * > Surveillance IFRAME: /email/form/footer/37 * Facebook * Twitter * Facebook * Twitter * all topics * all contributors * solve technical issue * complaints & corrections * terms & conditions * privacy policy * cookie policy * securedrop (c) 2016 Guardian News and Media Limited or its affiliated companies. All rights reserved.