Proton
CISA Surveillance Law

CISA Surveillance Law has passed, here’s what we can do

Late last Friday, the US Congress and President Obama signed into law the CISA Surveillance Law using very underhanded methods.

With it came the loss of numerous protections extremely important to internet privacy. To understand why the CISA surveillance law is bad for email privacy, we will go over some of the main points of the law and how it managed to be passed. Then, we will discuss some of the things we can do about CISA. Despite being law now, there are in fact some ways the CISA surveillance law can be circumvented and online privacy protected.

What is CISA?

CISA stands for Cybersecurity Information Sharing Act, which is a deceptive title used by the sponsors of the law to hide its real purpose. From the name, one would assume that CISA is a cybersecurity law, but in reality, it is a surveillance law(new window). In the past week, Congress has dropped all pretense that this is a cybersecurity law by quietly stripping away the privacy protections that used to be in the law, and expanding how the collected information can be used and shared.

CISA creates a massive legal loophole that allows the NSA to circumvent privacy laws. This means US companies can now share ANY information with the US government, bypassing privacy laws without legal consequences. Furthermore, all of this information is automatically shared with the NSA and there are no restrictions on how the NSA can use this data.

How did CISA get passed?

The CISA surveillance law has been hotly debated for over a year in the US. Privacy groups(new window), some corporations, and hundreds of thousands of private citizens have strongly fought against the law. It was deemed by Congress to be too controversial to pass. In order to get CISA approved, the law’s sponsors turned to very underhanded methods.

First, they attached the law to a completely unrelated budget bill(new window), which is a critical bill that must be passed immediately for the US government to continue to function. Then, they waited until Monday, December 14th, 2015 to release the full text of the budget bill(new window), which contains over 2000 pages, and they buried CISA in near the end on page 1728. Finally, they set the vote to happen on Friday, December 18th, 2015.

This ensured that congressional representatives would have less than a week to read the entire bill and there would not be sufficient time for public debate. Furthermore, by sticking it into a critical budget bill, the law’s sponsors virtually guaranteed that it would be passed. Lastly, to minimize the fallout, the vote was scheduled for the last Friday before Christmas, so that by the time president Obama signed it into law, it would be too late to make it into that day’s news. Just like that, a second Patriot Act(new window) has become law without any public outcry. This is how democracy is undermined, and we should be outraged.

CISA doesn’t just impact Americans

CISA is an American law, but unfortunately, it doesn’t only impact Americans. If you use Facebook, Dropbox, Google, or WhatsApp, CISA impacts you. With CISA, US corporations can now hand your data over to the NSA without having to worry about the privacy laws which currently protect your data. This doesn’t matter whether you are a US citizen or a EU citizen, if a US corporation has your data, it can be handed over, under the guise of “cybersecurity”. As a Swiss company, Proton Mail is safe from CISA, your data continues to be protected by Switzerland’s very strong privacy laws(new window). However, on a whole, CISA is very bad news for online privacy.

What we can do about CISA

CISA has now been signed into law by President Obama, which means that practically, there is no way to reverse the law. However, the tricks used by the NSA can also work for us. If we can’t change the law, we can still do our best to circumvent it, and fortunately, there are some ways around CISA.

First, because CISA is an American law, it only applies to American companies. Swiss and EU companies are still protected by stronger European privacy laws which cannot be circumvented by CISA. Thus, one way to work around CISA is to avoid the products of US companies. For example, if we all ditch WhatsApp (owned by Facebook) and instead switch to community software such as Signal(new window), Facebook may think twice before publicly opposing CISA but privately supporting it(new window). Switching your email from Gmail to Proton Mail’s private email service(new window) based in Switzerland would be another way. If American companies feel the pressure, they will apply pressure to the US government, which is the only way CISA can be repealed.

Secondly, we can take our business to services which deliver end-to-end encryption. For example, end-to-end encrypted email providers(new window) such as Proton Mail cannot actually read your messages, so even if we were a US company, we cannot hand over private emails under the CISA surveillance law, or any other law. CISA teaches us that technology, specifically end-to-end encryption, is the best possible defense for privacy. Encryption algorithms offer protection through mathematical law which always holds true, no matter how many laws the US Congress passes using underhanded methods.

Most importantly, we must remember that as the consumer, the choice is ours, and by making the right choices, we can still beat CISA, even when the politicians let us down (again).

Sign up if you are interested in using next-generation encrypted email for free(new window)

Protect your privacy with Proton
Create a free account

Related articles

People and companies are generally subject to the laws of the country and city where they are located, and those laws can change when they move to a new place. However, the situation becomes more complicated when considering data, which can be subjec
Your online data is no longer just used for ads but also for training AI. Google uses publicly available information to train its AI models, raising concerns over whether AI is even compatible with data protection laws. People are worried companies
iPhone stores passwords in iCloud Keychain, Apple’s built-in password manager. It’s convenient but has some drawbacks. A major issue is that it doesn’t work well with other platforms, making it hard for Apple users to use their passwords and passkeys
There are many reasons you may need to share passwords, bank details, and other highly sensitive information. But we noticed that many people do this via messaging apps or other methods that put your data at risk. In response to the needs of our com
Large language models (LLMs) trained on public datasets can serve a wide range of purposes, from composing blog posts to programming. However, their true potential lies in contextualization, achieved by either fine-tuning the model or enriching its p
is Google Docs secure
Your online data is incredibly valuable, particularly to companies like Google that use it to make money through ads. This, along with Google’s numerous privacy violations, has led many to question the safety of their information and find alternative