October 28, 2015 – In what appears to be a knee-jerk reaction to recent data breaches, the United States Senate has just passed the Cibersecurity Information Sharing Act (CISA). This particular piece of Diane Feinstein sponsored legislation has been stalled for the past six years, and for good reason. Not only does it allow companies to violate state and federal privacy laws by sharing your personally identifiable information with the federal government, it also provides those companies blanket protection from lawsuits for doing so. Moreover, it doesn’t attach any limitations on how the government can use the information it obtains from said companies. It’s really just a domestic surveillance bill with a fancy, anti-crime sounding name.
|
|
|
|
|
|
In plain language, CISA is one of the worst pieces of legislation to ever make it through the legislative process. The bill encourages private companies to share information with the federal government as soon as they suspect any type of cyber-attack against their systems. That sounds just fine until you realize that the information the government wants access to includes the data that hackers are trying to get their hands on. In many cases, that data will belong to the customers of the company doing the sharing and will include both personally identifiable information and private communications.
Once the government gets its hand on this information, there are no real limitations as to what the collected data can be used for. And once a company decides to share data with the government, the company is protected from any lawsuits even if it shared data in violation of state or other federal privacy laws. CISA also prevents the states from enforcing their privacy laws if those laws interfere with CISA.
Several senators offered amendments to the bill that would have dramatically improved it. One amendment would have required companies to strip out all personally identifiable information prior to sharing. But it, along with all other offered amendments, was voted down.
CISA isn’t law yet, but it likely will be very soon. The bill is substantially similar to one already passed by the House of Representatives. Once the differences are worked out between the versions, the president has already said that he will sign it into law.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|