A decade or more of fighting against the threat of the United States (U.S.) Government legalizing the collection of its citizens' private information just went down the drain when the Cybersecurity Information Sharing Act (CISA) was passed 74-21 on Oct. 27. It seems like an exaggeration but even some of the senators agree that, without proper definitions, amendments and restrictions, CISA could be used by the government as a tool for surveillance instead of a way to crack down cyber threats.
From 2011, millions of U.S. citizens and hundreds of websites have already rallied against the bills Stop Online Piracy Act (SOPA) and Protect Intellectual Property Act (PIPA), which would have given the government power to shut down web sites that it believes have violates copyright. When the passing of those bills failed, a privacy-violating one in the form of Cyber Intelligence Sharing and Protection Act (CISPA) was introduced in 2013 but was aborted when President Barack Obama objected to it for its lack of privacy protection and threatened to veto it if it reached the White House. However, this time around, the citizens and the White House are on opposing sides because the latter already expressed its support for CISA.
So what are the main problems of the CISA and what reason could a citizen possibly have to oppose it when it is supposed to contain cybersecurity threats?
Let's begin with CISA being a cunningly reworded version of CISPA. It is devised from the same framework, has the same privacy-breaching issues and is opposed by the same institutions that opposed CISPA. The main difference between the two is that, while CISPA will hand over all he private information to the National Security Agency (NSA), CISA will hand over the collected information to the Department of Homeland Security (DHS) but, and a very big "but" at that, DHS will automatically share the collected information with NSA.
The big difference is that White House now backs CISA, perhaps because of the big time hacks that occurred earlier this year, the most notable one being the Sony hack.
Several senators proposed amendments that would give citizens and companies more privacy but all of it were shot down. Below is the gist of the amendments.
1. The Franken Amendment, proposed by Sen. Al Franken wanted to narrow down the definition of "Cybersecurity Threats" and its indicators thereby limiting possible excessive actions that could be undertaken by the government agencies.
2. The Wyden Amendment proposed by Sen. Ron Wyden required businesses to remove Personal Identifiable Information (PII) that is not related to an investigation before submitting documents.
3. Sen. Dean Heller submitted the Heller Amendment when the Wyden Amendment failed in hopes of strengthening protection for the PIIs of, at least, the individuals in federal service.
4. The Coons Amendment from Se. Chris Coons wanted to give DHS time to censor PIIs to protect the consumers before sharing the collected information to other Federal Agencies.
5. Last but most definitely not the least is the Leahy Amendment from Sen. Pat Leahy who wanted to protect the freedom of information since part of CISPA allows companies and government agencies to exchange information of private individuals who are affected by cyber attack but disallows the both media and the affected persons themselves to inquire about it. Transparency? What's that?
With the way things are going, it's only a matter of time before CISA gets signed into law. The best thing that could happen is if U.S. Citizens read and try to understand CISA or expert explanations of its details so they can make informed decisions on their stance with regard to the positive and negative sides of the bill.