New Cybersecurity Bill Protects Companies as Government Snitches

A new bill passed this week will grant protection from prosecution of for violation of privacy laws to companies who share private data.  While it is allegedly limited to specific types of information, the concerns of lawmakers and privacy groups is that this law will open the door to government encroaching on the rights of the citizenry.

The Washington Post Reports

The Senate on Tuesday passed a cybersecurity bill that would give companies legal immunity for sharing data with the federal government, over the protests of some lawmakers and consumer advocates who say that the legislation does not adequately protect Americans’ privacy.

The Cybersecurity Information Sharing Act, or CISA, must now be reconciled with legislation passed earlier this year by the House.

The Obama administration and lawmakers in both parties have been seeking for years to enact information-sharing legislation, and it now seems likely to become law.

The 74-to-21 vote comes as digital attacks against private industry and the government alike put pressure on lawmakers to address information security.

“For me this has been a six year effort … and it hasn’t been easy because what we tried to do was strike a balance and make the bill understandable so that there would be a cooperative effort to share between companies and with the government,” Sen. Dianne Feinstein (D-Calif.), vice-chairman of the Intelligence Committee and a co-author of the bill, said on the Senate floor.

But privacy activists argue that the bill lacks robust privacy protections. They expressed concerns with provisions that allow the Department of Homeland Security to share information gathered in the program with other government agencies, such as the FBI or the National Security Agency. Critics say that effectively turns the legislation into a backdoor surveillance bill that benefits the intelligence community.

Let the fishing expeditions commence!  Federal agencies will now be able to use all sorts of reasons to apprehend your private information from businesses, and the businesses will not be able to use the law as protection to decline.  The government is setting itself  up to be able to use your own information against you.

More from The Washington Post:

In theory, the information shared would be limited to “threat indicators” — data such as technical information about the type of malware used or the ways that attackers covered their tracks while sneaking through systems.

But the bill also would give participating companies liability protections that could prevent customers from suing them for sharing private data, even in ways that violate a company’s own privacy policy, privacy advocates said.

Reactions of businesses to the bill have been mixed.  IBM supported it as “critical to strengthening America’s cyberdefenses,” while Apple issued this statement:

“We don’t support the current CISA proposal,” the company said in a statement last week. “The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy.”

Privacy advocates are concerned that the bill is overreaching.  With this sort of blanket protection, who will be able to stop individuals who are not trustworthy from misusing the information of private citizens?

The concerns are legitimate.  If Big Brother is watching and is allowed to know everything about you, who will make sure Big Brother doesn’t snitch?