The much debated Cybersecurity Information Sharing Act passed with a 74 to 21 votes in the Senate last week, but what exactly is it and what does that mean for us?
The bill was drafted to combat the wave of cyberattacks and data breaches of major companies like Target, Experian, and Sony. The law would allow companies to voluntarily share their data with Homeland Security—that could in turn then share it with the NSA or FBI—and avoid private lawsuits.
There are many parties on either side of the debate. Opponents of the bill question whether the sharing would actually be voluntary, and insist that the bill would only allow authorities and the government greater reach into companies' data. Some opponents include tech-giants like Twitter, Apple, and Reddit.
Proponents of the bill say that the law will engender better cooperation between companies and the government as well as create a shared database of information with which authorities will be better equipped to prosecute hackers. Both the Wall Street Journal and the Washington Post wrote editorials in favor of the bill and social media maven, Facebook, is allegedly also a supporter.
So which is it? Is CISA a badly disguised attempt from the government to surveil Americans or is this the answer to cutting down on data breaches?
The jury is still out. Investigative reported and bestselling author, Brian Krebs, points out that many opponents of the bill have sounded the alarm not based on the bill itself, but the many amendments that could be added between voting and it's actual inception.
There are several amendments on the table and only time will tell which ones and if they will make it onto the legislation.
Amendments aside, some of the worries about the bill include:
- The bill is presented as a cybersecurity protection bill, but says very little about the actual prevention of cyber threats and fails to encourage companies to strengthen their own security protections against hackers.
- The bill would allow companies to collect large amounts of information and hand it out "freely" to the government with little regard to privacy.
- The government has already made grievous missteps in protecting personal information as can be seen by the OPM hack and may likely be unprepared to secure any information given to them by companies.
Experts and reporters will continue to delve into the finer points of the law and will distribute the knowledge to the public as it comes to light, but for the now the bill has not been signed into law by the President.
Whether this bill becomes law is out of our hands, but it does highlight the importance of using caution in how much information we allow companies to receive from us. It's impossible to keep everything private, but there are ways to limit how much information we give out, for example, through privacy settings on our social media networks and by reading the long terms of service agreements we usually thoughtlessly agree to.
We will keep you updated on this story as it develops, but until then, stay safe!