The US Senate voted overwhelmingly to pass a version of the Cybersecurity Information Sharing Act (CISA), a bill that has been debated for a long because it will authorize government pervasive monitoring of citizens.
Many politicians, tech giants, privacy advocates, and civil liberties groups are expressing their disappointment and consternation to the decision of the US Senate. The CISA bill passed with a final vote of 74 to 21, it requires companies to share information about potential threats with the government.
The exponents of the senate that voted the bill consider it a necessary a measure against the numerous data breaches suffered by the US companies, including Sony Pictures, JP Morgan Chase, Anthem and the Office of Personnel Management.
The CISA is severely criticized because it will only advantage the Government Agencies to collect information about users, data that will be collected by the Department of Homeland Security and shared with the FBI and NSA.
The privacy advocates and part of the security industry believe that the CISA bill doesn’t address the problems that caused the long series of data breaches.
— Edward Snowden (@Snowden) 27 Ottobre 2015
“The bill is fundamentally flawed due to its broad immunity clauses, vague definitions, and aggressive spying authorities. The bill now moves to a conference committee despite its inability to address problems that caused recent highly publicized computer data breaches, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.” states the EFF disappointing as CISA Passes Senate.
The conference committee between the House of Representatives and the Senate will determine the bill’s final language, but experts are skeptical about the possibility to modify it to address the real cybersecurity problems in a correct way.
The Cybersecurity Information Sharing Act is considered the reincarnation in a new guise of the CISPA that passed in the United States House of Representatives on April 18, 2013,but has been blocked by the Senate.
While the CISPA was hampered by the Obama administration due to privacy concerns, the CISA has received the consensus of the President.
“The passage of CISA reflects the misunderstanding many lawmakers have about technology and security,” continues the EFF. “With security breaches like T-mobile, Target, and OPM becoming the norm, Congress knows it needs to do something about cybersecurity. It chose to do the wrong thing. EFF will continue to fight against the bill by urging the conference committee to incorporate pro-privacy language.”
CISA requests sharing of “cyber threat indicators,” but doesn’t address privacy issues.
The Sen. Ron Wyden (D-Ore) is one of the opponents of the CISA bill that he considers “flawed” and just “feel-good legislation.”He warned about the abuses that could result from the application of the CISA.
“The fight to secure Americans’ private, personal data has just begun,” said Wyden. “Today’s vote is simply an early, flawed step in what is sure to be a long debate over how the U.S. can best defend itself against cyber threats.”
Prior to the final vote, the principal IT companies, including Apple, Google and Microsoft, also expressed their privacy concerns over the CISA and its request to share sensitive customer data to the US Agencies.
“We don’t support the current CISA proposal. The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy.” said an Apple spokesperson before the final vote.
(Security Affairs – CISA Bill, law)