Proton
CISA Surveillance Law

CISA Surveillance Law has passed, here’s what we can do

Late last Friday, the US Congress and President Obama signed into law the CISA Surveillance Law using very underhanded methods.

With it came the loss of numerous protections extremely important to internet privacy. To understand why the CISA surveillance law is bad for email privacy, we will go over some of the main points of the law and how it managed to be passed. Then, we will discuss some of the things we can do about CISA. Despite being law now, there are in fact some ways the CISA surveillance law can be circumvented and online privacy protected.

What is CISA?

CISA stands for Cybersecurity Information Sharing Act, which is a deceptive title used by the sponsors of the law to hide its real purpose. From the name, one would assume that CISA is a cybersecurity law, but in reality, it is a surveillance law(new window). In the past week, Congress has dropped all pretense that this is a cybersecurity law by quietly stripping away the privacy protections that used to be in the law, and expanding how the collected information can be used and shared.

CISA creates a massive legal loophole that allows the NSA to circumvent privacy laws. This means US companies can now share ANY information with the US government, bypassing privacy laws without legal consequences. Furthermore, all of this information is automatically shared with the NSA and there are no restrictions on how the NSA can use this data.

How did CISA get passed?

The CISA surveillance law has been hotly debated for over a year in the US. Privacy groups(new window), some corporations, and hundreds of thousands of private citizens have strongly fought against the law. It was deemed by Congress to be too controversial to pass. In order to get CISA approved, the law’s sponsors turned to very underhanded methods.

First, they attached the law to a completely unrelated budget bill(new window), which is a critical bill that must be passed immediately for the US government to continue to function. Then, they waited until Monday, December 14th, 2015 to release the full text of the budget bill(new window), which contains over 2000 pages, and they buried CISA in near the end on page 1728. Finally, they set the vote to happen on Friday, December 18th, 2015.

This ensured that congressional representatives would have less than a week to read the entire bill and there would not be sufficient time for public debate. Furthermore, by sticking it into a critical budget bill, the law’s sponsors virtually guaranteed that it would be passed. Lastly, to minimize the fallout, the vote was scheduled for the last Friday before Christmas, so that by the time president Obama signed it into law, it would be too late to make it into that day’s news. Just like that, a second Patriot Act(new window) has become law without any public outcry. This is how democracy is undermined, and we should be outraged.

CISA doesn’t just impact Americans

CISA is an American law, but unfortunately, it doesn’t only impact Americans. If you use Facebook, Dropbox, Google, or WhatsApp, CISA impacts you. With CISA, US corporations can now hand your data over to the NSA without having to worry about the privacy laws which currently protect your data. This doesn’t matter whether you are a US citizen or a EU citizen, if a US corporation has your data, it can be handed over, under the guise of “cybersecurity”. As a Swiss company, Proton Mail is safe from CISA, your data continues to be protected by Switzerland’s very strong privacy laws(new window). However, on a whole, CISA is very bad news for online privacy.

What we can do about CISA

CISA has now been signed into law by President Obama, which means that practically, there is no way to reverse the law. However, the tricks used by the NSA can also work for us. If we can’t change the law, we can still do our best to circumvent it, and fortunately, there are some ways around CISA.

First, because CISA is an American law, it only applies to American companies. Swiss and EU companies are still protected by stronger European privacy laws which cannot be circumvented by CISA. Thus, one way to work around CISA is to avoid the products of US companies. For example, if we all ditch WhatsApp (owned by Facebook) and instead switch to community software such as Signal(new window), Facebook may think twice before publicly opposing CISA but privately supporting it(new window). Switching your email from Gmail to Proton Mail’s private email service(new window) based in Switzerland would be another way. If American companies feel the pressure, they will apply pressure to the US government, which is the only way CISA can be repealed.

Secondly, we can take our business to services which deliver end-to-end encryption. For example, end-to-end encrypted email providers(new window) such as Proton Mail cannot actually read your messages, so even if we were a US company, we cannot hand over private emails under the CISA surveillance law, or any other law. CISA teaches us that technology, specifically end-to-end encryption, is the best possible defense for privacy. Encryption algorithms offer protection through mathematical law which always holds true, no matter how many laws the US Congress passes using underhanded methods.

Most importantly, we must remember that as the consumer, the choice is ours, and by making the right choices, we can still beat CISA, even when the politicians let us down (again).

Sign up if you are interested in using next-generation encrypted email for free(new window)

Related articles

laptop showing Bitcoin price climbing
en
  • Privacy guides
Learn what a Bitcoin wallet does and the strengths and weaknesses of custodial, self-custodial, hardware, and paper wallets.
pixel tracking: here's how to tell which emails track your activity
en
Discover what pixel tracking is and how it works, how to spot emails that track you, and how to block these hidden trackers.
A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
  • Product updates
  • Proton Pass
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
en
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
en
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
en
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.