CISA resurrected in new guise

News by Max Metzger

CISA, the much maligned cyber-security bill, has made it back into the US Congress with greatly reduced privacy provisions.

Floating around in the US Congress for a number of years, CISA meant that companies could share personal information they held with the government in cases of security (or in this case, cyber-security) threats. While the bill was passed by the House, it was blocked 56-40 when sent up to the Senate. A similar bill did make it through the senate earlier this year, renamed the Cybersecurity Act of 2015

While it was alive, CISA, or the Cybersecurity Information Sharing and Protection Act, was heavily criticised by Silicon Valley, privacy advocates and legions of web users for already being a severe intrusion into citizens' privacy. This time the undead version of CISA about to be sent through Congress strips many of the protections the bill previously possessed.

Originally CISA only allowed disclosed personal information to be used in cases of ‘imminent threats'. This new one allows such information to be used in law enforcement investigations, replacing those ‘imminent threats' with ‘specific threats'.

The original version of CISA also allowed one channel for disclosure: The Department of Homeland Security. Contained within the revived version are ‘portals' which allow companies to hand over information directly to a specific agency.

These new measures are likely to be passed as they are contained as ‘riders' within the budget bill, where Congress approves the money to be spent in the next year. Some have said that it's unlikely these measures won't pass as that would leave to government shutdown, the last instance of which was seen in 2013 when the government effectively stopped working for 16 days, sparked by an argument over public health legislation.

Activists and critics have not been kind to this new bill. While it has been called a cyber-security bill, its critics are frank in calling it a surveillance bill in disguise. Senator Ron Wyden, a Democrat from Oregon told the media, “If you share more information without strong privacy protections, millions of Americans will say, 'That is not a cyber-security bill. It is a surveillance bill.'" 

The Oregon senator added: “Americans deserve policies that protect both their security and their liberty. This bill fails on both counts.”

Both Apple and DropBox spoke to The Washington Post, declaring their opposition to the bill. Amber Cottle, head of Dropbox global public policy and government affairs, told the paper, “While it's important for the public and private sector to share relevant data about emerging threats, that type of collaboration should not come at the expense of users' privacy.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews