Did you know that the spending bill includes the Cybersecurity Information Sharing Act – CISA? It might be worse than the original bill, having removed even more privacy protections.
Congress has gotten into the really terrible habit of lumping all these bad bills with good bills into the spending bill which rules out debate. That’s what happened with CISA.
They always get what they want, no matter how much resistance there is.
“They took a bad bill, and they made it worse,” says Robyn Greene, policy counsel for the Open Technology Institute, Wired reported.
CISA gives companies the right to share cybersecurity information with federal agencies including NSA. They can respond quickly to breaches but they can also overrule privacy laws and enable intelligence and law enforcement surveillance without a warrant.
The president can now set up “portals” for agencies like the FBI and others so companies hand information directly to law enforcement and intelligence agencies instead of to DHS.
The earlier bill had only allowed that backchannel use of the data for law enforcement in cases of “imminent threats,” while the new bill requires just a “specific threat,” potentially allowing the search of the data for any specific terms regardless of timeliness.
Tech companies, civil liberties groups and security experts have all come out strongly against this bill.
The idea isn’t the problem but the execution is. The language is so broad that it could undermine privacy laws.DHS said it could undermine the Stored Communications Act. It is a law that addresses voluntary and compelled disclosure of “stored wire and electronic communications and transactional records” held by third-party internet service providers (ISPs).
The safeguards against companies sharing irrelevant personal information is vague and almost meaningless. They can’t really be sued.
It isn’t making people safer if it creates a centralized portal of information on millions of Americans that can be exploited by a hacker.