The controversy cybersecurity information sharing Act (CISA) was approved by the US Senate on Tuesday with a final vote of 74-21.
While CISA has collected a wealth of support from many companies, including LinkedIn, many more of the biggest household names in technology, including Apple, Google, Yahoo and Twitter oppose highly Bill because it fails to protect the privacy and safety of users.
What is the law on sharing information on cyber security?
because of the number of attacks against businesses, including Sony Pictures and the massive data breach to the Office of Personnel Management recently, the need to promote cybersecurity in the US is considered by many (including Cisco and Verizon), as a necessary step that must be implemented. How could this be achieved? By sharing information between technology and other companies with the US government to thwart cybercriminals and hackers to launch cyber attacks. Its fair enough?
CISA look in more detail and, if made law, it could mean for users.
The current situation regarding consumer privacy means that companies are not allowed to share information with a third party or the government without the explicit consent of the user. However, the Act on the sharing of information on cyber security aims to change that by claiming that the sharing of information is essential to cybersecurity. On the face of it, the reasoning seems legitimate, that is, until you start to dig a little deeper. First, the bill allows companies to launch against measures (now called "defensive measures" in the bill) to a "goal of cybersecurity" against a "threat to cyber security." These definitions are so vaguely defined to include actively exploiting someone's computer and spy on a user engaged in a potentially innocent activity. "Against" are also given a broad definition as to allow companies to unlock their disposal against anyone they consider to be a "threat to cybersecurity." Taken to the extreme, and given the wording of draft law, a "threat of cybersecurity" could be someone who takes a wrong turn in the hallway and mistakenly tries to open the computer server room, rather than the fixed cabinet.
Second, the Act respecting the sharing of information adds a new cybersecurity authority for companies to monitor the information systems to protect the hardware or software entity. Again, the broad definitions could be used in conjunction with the monitoring clause to actively spy on users "just in case". Once collected, companies can then share information, which is also called "indicators cyber threats," freely with government agencies such as the NSA. But that's not all! Once that government agencies have the information, the bill gives them the right to use it for anything, not just cybersecurity purposes.
If the Act cybersecurity information sharing becomes law, we might consider a situation where private companies are given carte blanche to actively spy on users, then pass the information to anyone, to use in any way they want. If your health insurance premium or double annual car suddenly you know where to look!
in short, the Act on information sharing, cyber security is a proposed mass surveillance law posing as a cyber one, with millions users' personal data shared between the companies and the US government. And if made into law, mass surveillance would be legal. Still ring true?
Those against the Act respecting the sharing of information on cyber security
The non-profit organization CCIA (Computer and Communications Industry Association) who is representing dozens of high technology companies oppose the bill, states: "mechanism prescribed Cisa for sharing information about threats cyber does not adequately protect the privacy of users or appropriately limit the permitted uses information shared with the government. In addition, the bill authorizes the entities to employ network defense measures that could cause damage to innocent third parties safeguards systems. "
Privacy advocates also against the law on the sharing of information on cyber security, including the Electronic Frontier Foundation, adding to the argument that" CISA is fundamentally flawed . broad immunity clauses of the bill, vague definitions, and aggressive spying powers combine to make the bill a law draft monitoring in disguise. in addition, the bill does not address the problems of recent high-profile computer data breaches that were caused by unencrypted files poor iT architecture not updated servers , and employees (or contractors) by clicking on the malware links. "
of other critics of the bill include Se. Ron Wyden (D-Ore.), Who opposes the bill for its lack of privacy security
Wyden said :. "Information sharing on cyber threats is a worthy goal ... but if you share more information without protection of confidentiality strong, millions of Americans will say, 'This is not a project law on cyber security. it is a project of monitoring law. "
Then there are those who say that although CISA became law, it would fail to do the job it was intended for, other that infringe more on the users right to privacy, and just another measure to expand their surveillance capabilities
Timothy B. Lee senior correspondent for Vox wrote. "It is far to be clear that the laws on privacy are effectively hampering efforts to strengthen the defenses of the internet. I am covering the debate on sharing legislation of the information for more than three years, and I have yet to see a clear example where sharing more information could have thwarted an attack. "
What do you think about the law on sharing information on cybersecurity? Share your opinion on CISA with us here on our blog.
0 Komentar