On October 27, 2015, the Senate passed the Cybersecurity Information Sharing Act (S. 754), “CISA”. The bill addresses internet data breaches and cybersecurity.
It does not “contain any provisions that would directly improve computer or network security.
Instead it would encourage private entities to share information with the federal government about possible threats to industrial control systems and other computer networks and information technology systems”.
“Private entities would be given authority to monitor networks for cybersecurity purposes. If they find any “cyber threat indicators” they are encouraged to share that information with the government. Any monitoring or information sharing would be legally immune from privacy laws and contracts (such as user agreements), and any shared information would be exempt from use by the government in pursuing regulatory enforcement actions”.
According to the sponsor, CISA could help prevent and prosecute cyber crimes. However, civil liberties and Internet freedom organizations and top technology companies are criticizing the bill and consider it a step backwards for both privacy and Internet security. Consumers would not have recourse if their personal information is improperly shared with the government, and the legal immunity provisions would discourage companies from working harder on improving their own security measures, they argue.
The Bill will now go to the House for consideration.
More information on the status of the CISA is available at https://www.govtrack.us…
For more information, Francesca Giannoni-Crystal