ProtonBlog(new window)
CISA Surveillance Law

CISA Surveillance Law has passed, here’s what we can do

Share this page

Late last Friday, the US Congress and President Obama signed into law the CISA Surveillance Law using very underhanded methods.

With it came the loss of numerous protections extremely important to internet privacy. To understand why the CISA surveillance law is bad for email privacy, we will go over some of the main points of the law and how it managed to be passed. Then, we will discuss some of the things we can do about CISA. Despite being law now, there are in fact some ways the CISA surveillance law can be circumvented and online privacy protected.

What is CISA?

CISA stands for Cybersecurity Information Sharing Act, which is a deceptive title used by the sponsors of the law to hide its real purpose. From the name, one would assume that CISA is a cybersecurity law, but in reality, it is a surveillance law(new window). In the past week, Congress has dropped all pretense that this is a cybersecurity law by quietly stripping away the privacy protections that used to be in the law, and expanding how the collected information can be used and shared.

CISA creates a massive legal loophole that allows the NSA to circumvent privacy laws. This means US companies can now share ANY information with the US government, bypassing privacy laws without legal consequences. Furthermore, all of this information is automatically shared with the NSA and there are no restrictions on how the NSA can use this data.

How did CISA get passed?

The CISA surveillance law has been hotly debated for over a year in the US. Privacy groups(new window), some corporations, and hundreds of thousands of private citizens have strongly fought against the law. It was deemed by Congress to be too controversial to pass. In order to get CISA approved, the law’s sponsors turned to very underhanded methods.

First, they attached the law to a completely unrelated budget bill(new window), which is a critical bill that must be passed immediately for the US government to continue to function. Then, they waited until Monday, December 14th, 2015 to release the full text of the budget bill(new window), which contains over 2000 pages, and they buried CISA in near the end on page 1728. Finally, they set the vote to happen on Friday, December 18th, 2015.

This ensured that congressional representatives would have less than a week to read the entire bill and there would not be sufficient time for public debate. Furthermore, by sticking it into a critical budget bill, the law’s sponsors virtually guaranteed that it would be passed. Lastly, to minimize the fallout, the vote was scheduled for the last Friday before Christmas, so that by the time president Obama signed it into law, it would be too late to make it into that day’s news. Just like that, a second Patriot Act(new window) has become law without any public outcry. This is how democracy is undermined, and we should be outraged.

CISA doesn’t just impact Americans

CISA is an American law, but unfortunately, it doesn’t only impact Americans. If you use Facebook, Dropbox, Google, or WhatsApp, CISA impacts you. With CISA, US corporations can now hand your data over to the NSA without having to worry about the privacy laws which currently protect your data. This doesn’t matter whether you are a US citizen or a EU citizen, if a US corporation has your data, it can be handed over, under the guise of “cybersecurity”. As a Swiss company, Proton Mail is safe from CISA, your data continues to be protected by Switzerland’s very strong privacy laws(new window). However, on a whole, CISA is very bad news for online privacy.

What we can do about CISA

CISA has now been signed into law by President Obama, which means that practically, there is no way to reverse the law. However, the tricks used by the NSA can also work for us. If we can’t change the law, we can still do our best to circumvent it, and fortunately, there are some ways around CISA.

First, because CISA is an American law, it only applies to American companies. Swiss and EU companies are still protected by stronger European privacy laws which cannot be circumvented by CISA. Thus, one way to work around CISA is to avoid the products of US companies. For example, if we all ditch WhatsApp (owned by Facebook) and instead switch to community software such as Signal(new window), Facebook may think twice before publicly opposing CISA but privately supporting it(new window). Switching your email from Gmail to Proton Mail’s private email service(new window) based in Switzerland would be another way. If American companies feel the pressure, they will apply pressure to the US government, which is the only way CISA can be repealed.

Secondly, we can take our business to services which deliver end-to-end encryption. For example, end-to-end encrypted email providers(new window) such as Proton Mail cannot actually read your messages, so even if we were a US company, we cannot hand over private emails under the CISA surveillance law, or any other law. CISA teaches us that technology, specifically end-to-end encryption, is the best possible defense for privacy. Encryption algorithms offer protection through mathematical law which always holds true, no matter how many laws the US Congress passes using underhanded methods.

Most importantly, we must remember that as the consumer, the choice is ours, and by making the right choices, we can still beat CISA, even when the politicians let us down (again).

Sign up if you are interested in using next-generation encrypted email for free(new window)

Protect your privacy with Proton
Create a free account

Share this page

Proton Team(new window)

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail