Living as the Cyber Intelligence Sharing and Protection Act (CISPA) in its previous life, the Cybersecurity Information Security Act (CISA) has arisen from the dead and inched one step closer toward becoming law, reports Wired.
“If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill.”
CISA, much like CISPA, aims to encourage private companies and the government to share data in the hopes of preventing and responding to cybersecurity threats. The Senate Intelligence Committee passed the bill by a vote of 14 to one, with the one dissenter, Senator Ron Wyden, voicing privacy concerns when it comes to CISA.
“If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill — it’s a surveillance bill by another name,” wrote Wyden. “It makes sense to encourage private firms to share information about cybersecurity threats. But this information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens.”
Privacy concerns aplenty
Privacy advocates echoed Wyden’s concerns when looking at the most recent public version of CISA, arguing the bill would allow personal data sharing that goes beyond cybersecurity threats. The bill also allows private data sharing with the government in order to prevent “terrorism,” or an “imminent threat of death or serious bodily harm.” According to Open Technology Institute privacy counsel Robyn Greene, this language would allow investigations into violent crimes that have nothing to do with cybersecurity.
“If that weren’t worrisome enough, the bill would also let law enforcement and other government agencies use information it receives to investigate, without a requirement for imminence or any connection to computer crime, even more crimes like carjacking, robbery, possession or use of firearms, ID fraud, and espionage,” wrote Greene in February. While she believes these crimes should, of course, be investigated and not ignored, it shouldn’t be done under the guise of enhancing cybersecurity.
Another problem is the version of CISA that the Senate Intelligence Committee voted on. According to an Bloomberg TV interview with intelligence committee chairman Richard Burr, there were 12 amendments made behind closed doors, right before the bill was put to a vote. Those amendments have yet to publicly surface.
We’ll keep an eye out for CISA, though President Obama threatened to veto CISPA, if it ever reached his desk, so CISA’s prospects might not be very high.