The Cybersecurity Information Sharing Act (CISA) has passed the Senate in a bipartisan vote 74 – 21 that has advanced a sweeping cybersecurity bill not concerned with the privacy of Americans.
Edward Snowden condemned CISA on a Reddit Q&A: “[This bill] is not going to make us any safer. It’s a surveillance bill. What it allows is for the companies you interact with every day — visibly, like Facebook, or invisibly, like AT&T — to indiscriminately share private records about your interactions and activities with the government.”
CISA is the brainchild of Senators Richard Burr and Dianne Feinstein and is the Frankenstein sibling of the Cyber Intelligence Sharing and Protection Act (CISPA), which was protested into oblivion. In its resurrected state, CISA has been given the support of the Obama administration.
Mark Jaycox, analyst for the Electronic Frontier Foundation (EFF), warns that CISA “is nearly identical to CISPA” because the “bill approaches information sharing from the same framework … [and] smarter with the workarounds.”
This legislation is supported by select members of the tech world – in particular corporations dedicated to security and intelligence.
Paul Kurtz, chief executive officer of TruSTAR and former cybersecurity advisor to the White House, praised CISA as “an important step forward in addressing the ongoing cyber security crisis. … This bill will provide important liability protections for companies that choose to exchange cybersecurity threat information. However, we have also heard the message loud and clear that information sharing efforts must not cost us our privacy. Now that government has played its role by removing legal obstacles to cyber incident collaboration, it is time for industry to work together to create a privacy-preserving information sharing infrastructure.”
Chris Peterson, senior vice president of CTO, views CISA as a step toward lessening the threat to the intelligence market that is being fostered by elements on the web.
Peterson said : “To share threat intelligence, we need some formal agreement between the public and private sectors on how we can do this well.”
CISA, the “surveillance bill” states in Section 4: “Requires the federal government and entities monitoring, operating, or sharing indicators or defensive measures: (1) to utilize security controls to protect against unauthorized access or acquisitions, and (2) prior to sharing an indicator, to remove personal information of or identifying a specific person not directly related to a cybersecurity threat.”
And again in Section 5: “Requires cyber threat indicators and defensive measures shared with the federal government and threat indicators shared with state, tribal, or local governments to be: (1) deemed voluntarily shared information, and (2) exempt from disclosure and withheld from the public under any laws of such jurisdictions requiring disclosure of information or records.”
Don’t forget to Like Freedom Outpost on Facebook, Google Plus, & Twitter. You can also get Freedom Outpost delivered to your Amazon Kindle device here.