The Cybersecurity Information Sharing Act, or CISA, must now be reconciled with legislation passed earlier this year by the House of Representatives.
Advertisement
754), will allow private companies to share cyber-threat data with the federal government, including personal user data, in an effort to prevent cyberattacks, such as those on the scale of Target, Home Depot, and Sony.
“CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government”, CCIA notes in a blog post.
Apple, Twitter and Dropbox declined to comment on the passage of the bill, though they all opposed the bill before it’s passage.
“But the bill isn’t just troubling from a privacy perspective, a few say; it’s also troubling from an economic perspective, because it could discourage worldwide organizations from doing business with United States firms, thus jeopardizing the health of the technology sector”.
“There are requirements in the bill to scrub out personally identifiable information, and companies will only get the liability protection from the DHS if they have met those requirements”, she says.
The bill establishes a process for corporations to share details of security breaches with the Department of Homeland Security following a hack, all in the name of security. The White House also announced its support for the bill last week, although it sees a few revisions to be made before it can be presented to the President, Reuters reported.
Nevada Sen. Dean Heller gave an impassioned plea earlier in the day to pass one of his amendments, which would have implemented stronger privacy protections in the bill, calling “the solution worse than the problem”. Proposals to restrict the types of consumer information that can be shared, and the removal of a blanket Freedom of Information Act exemption on the shared data all failed. The Senate on Tuesday is considering amendments that would both address privacy concerns and potentially create more channels to enable companies to share data directly with agencies besides DHS. Others, like Senator Ron Wyden, dispute CISA’s efficacy as a cybersecurity tool, and liken its information sharing incentives to a new, invasive surveillance law. “Sharing more personal information with the government heightens the risk that hackers will poach data from an insecure federal database, and adds background noise from information unrelated to cyber threats”, he said.
But opponents of CISA argue that the bill is not clear about what constitutes a cybersecurity threat.
Advertisement
The bill’s passage through the Senate was a defeat for digital privacy activists who celebrated the passage in June of a law effectively ending the NSA’s bulk collection of USA call metadata. “Once enacted by the president, CISA will represent a significant advancement in cybersecurity and better enable the nation’s chief information officers (CIO) and chief Information security officers (CISO) to better protect patient health information”.
