Supporters claim CISA (read text here), which passed the Senate by a vote of 74-21, will help thwart hackers through greater information sharing between companies that have been victims of malicious infiltration and federal law enforcement officials. Opponents counter that the invasive bill is little more than an excuse for intelligence agencies to engage in warrantless surveillance of citizens. Who’s right? Here are 10 things you need to know about CISA:
1. Online privacy advocates overwhelmingly oppose CISA, which the Electronic Frontier Foundation calls “fundamentally flawed.” According to EFF, “the bill’s broad immunity clauses, vague definitions, and aggressive spying powers combine to make the bill a surveillance bill in disguise. Further, the bill does not address problems from the recent highly publicized computer data breaches that were caused by unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.” Exiled whistleblower Edward Snowden tweeted this:
2. Tech companies are split on CISA. Tech titans including Twitter, Salesforce, LinkedIn, Apple, Reddit, Yahoo, Amazon, eBay, Google, Microsoft, Netflix, Oracle and many others sounded the alarm on the potential abuses and, according to them, scant benefits associated with the bill. Other tech giants, including Facebook, Intel, HP, IBM and Cisco, and a bevy of telecom companies including T-Mobile, AT&T, Verizon and Comcast, have lined up to support CISA.
3. CISA will very likely affect your privacy. Although the new law requires companies to remove your personal information prior to handing over data to the government and for private citizens to be informed if their data is inadvertently shared, the bill also allows authorities access to participating companies’ data in the event of a vaguely-defined threat.
4. CISA will have global implications. The new law empowers US authorities to more aggressively target foreign cybercriminals, if their hacks and other actions involve any US companies.
5. Supporters say CISA will encourage and enhance proactive communication between government and corporations, a development backers claim could thwart hacking attacks. “Recent cyber incidents underscore the need for legislation to help businesses improve their awareness of cyber threats and protect customer information and to enhance their protection and response capabilities in collaboration with government entities,” the National Cable & Telecommunications Association (NCTA), a Washington, DC-based lobby group, said in a statement supporting CISA. “Cyber attacks aimed at US businesses and government bodies are increasingly being launched from sophisticated hackers, organized crime, and state-sponsored groups. These attacks are advancing in scope and complexity… [NCTA is] dedicated to securing the personal information of individuals and our nation’s critical infrastructure.”
6. This isn’t the first time an anti-hacking cybersecurity bill was put to a legislative vote. In 2012, a similar measure with a similar acronym—CISPA (Cyber Intelligence Sharing and Protection Act)—was defeated by a Democrat-controlled Congress. CISPA was an information sharing amendment to the National Security Act of 1947 that was meant to facilitate easier sharing of communications between US government agencies and corporations in an effort to bolster cyber security.
7. President Barack Obama supports CISA. High profile hacks like the attacks on Sony Pictures Entertainment and the government’s own Office of Personnel Management have led Obama, on whose watch global US government surveillance has become one of the most contentious privacy issues, to embrace more aggressive measures. In a memo preceding the Senate vote, the White House called CISA an “important building block for improving the nation’s cybersecurity.”
8. CISA does not mandate any information sharing. Cooperation is voluntary. But there are powerful incentives to do so, chiefly an elimination of legal liability, which will protect companies from lawsuits and antitrust legislation.
9. Sen. Rand Paul (R-KY), who is seeking the Republican nomination for US president, is a longtime outspoken opponent of government surveillance and introduced a petition to stop CISA. Paul says he is against CISA because it is “packed with vague definitions that grant aggressive new spying powers that gut privacy laws and allow Internet providers and websites to hand over personal data to any agency in the federal government.”
10. The final bill put to a Senate vote did not include Sen. Sheldon Whitehouse’s (D-RI) amendment to the Computer Fraud and Abuse Act, which was also opposed by many Internet privacy advocates. The measure would have made it illegal to intentionally access a computer without authorization or in excess of authorization. EFF argued that “much of what we do online every day—from storing photos in the cloud to watching movies to using social networks to buying a plane ticket—involves accessing other people’s computers, often with a password.” Without explaining precisely what “without authorization” actually means, many observers were concerned that overzealous prosecutors would abuse CFAA to target people for reasons having little or nothing to do with security.
