CISA – a threat to your privacy and liberty?

Has your email ever been hacked?  Probably.  I’ve had a couple of accounts compromised before and used to send out spam to my contact list (which can make it awkward when a relative thinks you’re suddenly saying hi out of the blue, and the relief they must feel when they realize it was a mistake and they don’t have to talk to you).  Well, some civil liberties experts are saying that under the new Cybersecurity Information Sharing Act that was passed in the Senate on Tuesday (by an overwhelming vote of 74-21), this could lead to my information being shared with Homeland Security and the NSA.  Because ‘safety’.

But that’s CISA for you, a bill that allows corporations to share details of security breaches with these government agencies, which grants them a free pass in exchange for the data.  Essentially, it’s throwing consumers under the bus to shield the breached company.  Every anti-surveillance expert/advocate is united on this issue.  Ed Snowden laments that CISA is “a surveillance bill. What it allows is for the companies you interact with everyday…to indiscriminately share private records about your interactions and activities with the government.”  Oregon senator Ron Wyden has likewise criticized the legislation as “a surveillance bill.”  And speaking to Motherboard, civil liberties lawyer Nathan White said the bill “is a nightmare dressed as a daydream” (that Taylor Swiftsure knows her cybersecurity).  “CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers,” White says.

The impetus for the legislation, which Congress had been trying to pass for the last four years in some form or another, is obvious, and understandable.  All the high profile attacks on businesses like Target, and even federal organizations like OPM, have created a very real issue about cyberattacks and organizational response.  So agrees former NSA technical director Jasper Graham, in his support for the bill: “There’s a lot in there about sharing between government and non-government group.  But there has to be, and in order to act on information, you have to act quickly.”  He does, however, acknowledge CISA’s shortcomings, such as the fact that in terms of actually preventing breaches, which often requires more expensive procedures for baseline security, the legislation is useless.  As a cybersecurity bill, then, CISA is not what consumers needed.  It’s certainly a step, to borrow from Graham.  But in the right or wrong direction?

CISA now heads to conference in the House, where staffers will try to combine it with two other companion bills passed in April.

By: Jonathan Weicher