US Government Passes CISA (Cybersecurity Information Sharing Act)
By Paul Liu
Friday, April 22nd, 2016
The US Government has sneakily passed CISA (Cybersecurity Information Sharing Act) along with the emergency budget omnibus bill. When it was first introduced, CISA faced near unanimous opposition from American citizens, civil liberty groups as well as major tech companies. By inserting the Act into the year-end budget bill, the government has not only ensured that the Act would get approved without any opposition, it has actually managed to pass a much harsher and invasive version of the original Act. Dubbed as Cybersecurity Act of 2015, the new bill is aimed at reducing cyber attacks by allowing private organizations to share data with the federal agencies.
The newly passed CISA Act not only allows intelligence agencies to collect information from the American citizens in the name of cybersecurity, it even permits criminal prosecutions for unrelated offences based on that data. Not only that, law enforcement agencies would be permitted to make arrests without needing a warrant should anyone be considered a security threat based on the information collected from him/her.
While the earlier version of CISA permitted information sharing between organizations and federal agencies only in the case of emergencies and specific threats, the approved version eases information sharing between public and private sector companies and even shields them from liabilities arising out of these information sharing activities. This means that security agencies like NSA are free to procure data from private sectors companies and these organizations are free to share the private data of civilians without facing expensive lawsuits. The lack of any safeguard makes this Act especially dangerous since civilians would no longer be allowed to sue the government or any organization in the event their personal data is misused by the criminals. This could also lead to the abuse of the Act and create a surveillance based state.
It is interesting to note here that the earlier version of CISA was opposed by a large number of tech companies including online giants like Apple, Facebook, Twiiter, Amazon, Yelp and Reddit. Since these organizations would no longer face expensive lawsuits even if they share personal information of their users, the opposition to the passed Act would be much more muted. It can also be said that federal agencies as well as private companies would no longer be held accountable for sharing private data of American citizens.
Ultimately, it remains to be seen whether the Act would fulfill its desired purpose (preventing cyber attacks in the future). Even many members of the Congress are not sure about what the Act is supposed to do. However, it is amply clear that the Act has just made it a lot easier for the intelligence agencies to collect personal data of American citizens and use it without any oversight or fear. It would not be wrong to say that the just passed CISA Act is nothing but a surveillance program in disguise which would compromise the privacy of millions of Americans. Expect the government surveillance to become much more invasive in the near future!