Congress is expected to vote on two 'cybersecurity' bills sometime in the next week that are essentially surveillance bills in disguise. Trevor Timm writes in this editorial, cross-posted on the Freedom of the Press blog, about how they affect journalists and whistleblowers.

Along with dozens of other civil liberties organizations, Freedom of the Press Foundation has signed on to two letters strongly opposing the dangerous "cybersecurity" bills making their way through Congress and expected to be voted on sometime in the next week.

The bills are little more than new surveillance powers wrapped in a cheap disguise, and you can read the full letters that describe the bill's deficiencies here and here.

If passed, the bills will adversely affect all Americans' privacy, but they have particularly critical consequences for journalists and whistleblowers, so we wanted to highlight those concerns that the letters did not fully cover.

First, as Politico's Josh Gerstein reported on Monday, the bills "could create the first brand-new exemption to the Freedom of Information Act in nearly half a century." The bills aim to allow private companies to share large swaths of private information with the government with no legal process whatsoever, essentially carving a giant hole in the country's myriad privacy laws. But worse, the proposed FOIA exemption would prevent the public from ever being able to find out what type or amount of information these companies handed over.

Gerstein explains the multiple ways the bills attempts to cut off transparency and accountability:

A bill approved by the Senate Intelligence Committee last month would add a new tenth exemption to FOIA, covering all "information shared with or provided to the Federal Government" under the new measure.

Another provision in the legislation would require that "cyber threat indicators and defensive measures" which companies or individuals share with the federal government be "withheld, without discretion, from the public." The Senate bill, which is expected to come to the floor soon, also seeks to shut off any access to that information under state or local freedom of information laws.

There are extremely troubling parts of the bill relating to whistleblowers and journalistic sources as well. Dozens of organizations protested a variety of draconian provisions last year in a letter to Congress, and while some whistleblower protections have been added, as Open the Government described a couple months ago, the bill still has huge problems:

[T]he bill still allows cybersecurity information to be used to investigate and prosecute whistleblowers or journalists under the Espionage Act. As the Sunshine in Government Initiative noted last summer, CISA's broad definitions "would grant the federal government the authority to engage in the warrantless collection of journalists' communications records…if the government deems the journalists, or the confidential sources they work with, 'security vulnerabilities' or 'cybersecurity threats' potentially 'adversely impacting' the confidentiality of information stored on government computers."

As Stanford's Director of Civil Liberties Jennifer Granick wrote at Just Security last week, there are narrow ways of sharing information that can improve cybersecurity that don't involve handing over everyone's personal information. These bills, on the other hand, will only open the door to more mass surveillance. To protect the security of journalists, sources, and all Americans, we need stronger privacy laws, not more loopholes.

Dangerous 'cybersecurity' bills going through Congress threaten the rights of journalists and whistleblowers [freedom.press]