CISA : Cybersecurity Information Sharing Act
The main provisions of the bill make it easier for private companies to share cyber threat information with the government. Without requiring such information sharing, the bill creates a system for federal agencies to receive threat information from private companies. The bill also provides legal immunity from privacy and antitrust laws to the companies which provide such information.
→ A company can promise to keep your data private, and then break that promise, leaving you with no legal recourse.
▻https://en.wikipedia.org/wiki/Cybersecurity_Information_Sharing_Act
Opponents question CISA’s value, believing it will move responsibility from private business to the government, thereby increasing vulnerability of personal private information, as well as dispersing personal private information across seven government agencies, including the NSA and local police.
▻http://www.wired.com/2015/03/cisa-security-bill-gets-f-security-spying
CISA goes far beyond [cybersecurity], and permits law enforcement to use information it receives for investigations and prosecutions of a wide range of crimes involving any level of physical force,” reads the letter from the coalition opposing CISA. “The lack of use limitations creates yet another loophole for law enforcement to conduct backdoor searches on Americans—including searches of digital communications that would otherwise require law enforcement to obtain a warrant based on probable cause. This undermines Fourth Amendment protections and constitutional principles.
[...]
Sophisticated DDOS attacks often impersonate legitimate traffic, raising the risk that innocent traffic—and identifying IP addresses—would be included in data shared with the government. “At the time of sharing it will be very unclear if it’s innocent activity,” says Sanchez. “And there’s no obligation to do due diligence to figure out if it’s innocent or isn’t.”
But a problem is that CISA does not do what it claims (protect us from cyber attacks) but instead makes it easier for the government to spy electronically. Moreover, it is expected that most data alerts from systems shared under CISA will be false alarms.
And also, the CISA does not require the government to further strengthen its own cybersecurity systems. Currently, governmental organisations even fail in installing basic security mechanisms such as two-factor authentication and encryption. There is still too much of an insouciance toward cybersecurity.
(eg. the Office of Personnel Management (#OPM) data breach of 21.5 million social security numbers [1])
And now they want American citizens to hand them over even more sensitive data?
Non mais allô quoi.
An informational video about CISA
Follow the bill & its status, or read the full text:
▻https://www.congress.gov/bill/114th-congress/senate-bill/754
[1]
Hacking of Government Computers Exposed 21.5 Million People
▻http://www.nytimes.com/2015/07/10/us/office-of-personnel-management-hackers-got-data-of-millions.html?_r=0
OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought
▻https://www.washingtonpost.com/news/the-switch/wp/2015/09/23/opm-now-says-more-than-five-million-fingerprints-compromised-in-brea