Some of the bill’s opponents—including the American Civil Liberties Union, the Free Press Action Fund, the New America Foundation and 45 others—sent a letter this month to the Senate Select Committee on Intelligence, arguing that, despite the bill’s name, CISA would do little to strengthen cybersecurity and would actually expand unnecessary surveillance on Americans.
The proposed law, which is currently being considered by the Senate panel, would set up a new network for private corporations to share customer data with nearly all levels of law enforcement and intelligence. That data might include anything from customers’ names to their Internet histories to the content of their communications. However, the bill does not include any measures to increase protection of such sensitive personal information.
“Congress has been pursuing deeply flawed info-sharing bills like CISA for nearly half a decade, and each bill has stalled because of serious concerns raised by the privacy community,” Robyn Greene, policy counsel with New America’s Open Technology Institute, said in a statement. “Now that security experts are joining our opposition, and telling them that CISA isn’t just bad for privacy but bad for cybersecurity itself, perhaps Congress will finally reassess its approach.”
According to Greene, the level of sharing permitted under CISA would extend the reach of NSA surveillance because there would be no checks or balances on the new authorities that it would grant. In contrast, at least a court is involved in approving the actions of the intelligence agencies conducting surveillance under the Foreign Intelligence Surveillance and Patriot Acts.
CISA would allow “private companies to share any information deemed to be an indicator of a cyberthreat (called a signature)—free of liability and without any guarantee that a review process has taken reasonable steps to remove personal information beforehand,” privacy expert Joshua Kopstein, who did not sign the letter, wrote at Al Jazeera America. “Once shared, the National Security Agency will be able to access all the data in real time, and law enforcement agencies will be allowed to retain and use it for a broad set of purposes, not just imminent threats to life and limb.”
One other alarming provision of CISA as it is currently written would allow companies to instigate “countermeasures” against possible cyberthreats while being given immunity from prosecution for wrongful attacks.
The bill would give “companies permission to retaliate against hackers, as long as they don’t intentionally damage another U.S. entity’s computer systems in the process,” Kopstein wrote.
But for a company to instigate countermeasures against a possible cyberthreat, it would likely have to destroy data or block data channels. In carrying out those measures, it could damage networks and servers unrelated to the alleged threat, which could have unintended consequences.
For example, if a real hacker routed his or her attacks through an innocent bystander’s network—a hospital’s, let’s say—those countermeasures could have disastrous consequences, and because a company instigating such a clumsy counterattack would know that it could not be prosecuted, it would have little reason to consider alternative responses.
CISA would also permit law enforcement to use data from citizens for investigations not related to cybersecurity. As the signers of the letter put it: The bill would permit “law enforcement to use information it receives for investigations and prosecutions of a wide range of crimes involving any level of physical force, including those that involve no threat of death or significant bodily harm.” In other words, law enforcement could use personal data to aid all kinds of investigations not directly connected to the data, even very minor ones.
The intelligence committee can decide either to reject the bill or to add amendments and move it forward to the full Senate for a final vote. Amendments could still be added at that point, Greene told Truthdig, but it is unlikely that they would be significant.
Original Article
Source: truthdig.com/
Author: Thor Benson
No comments:
Post a Comment