nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

CISA latest: Law urging tech giants to share your info with the Feds shows no sign of stopping

Rand Paul spoiler amendment shot down in flames

By Iain Thomson, 22 Oct 2015

On Thursday morning the proposed Cybersecurity Information Sharing Act (CISA) moved a step closer to reality when the US Senate voted 83 to 14 to end debate on a package of amendments.

The CISA legislation invites internet giants and other companies to quietly give people's private and personal information to the federal government so that it can be analyzed for evidence of criminal activity and hacking.

In return, the businesses get secret intelligence on cyber-attacks and security vulnerabilities, and immunity from lawsuits by customers peeved about their data being volunteered to Uncle Sam.

Under the proposed law, citizens can't use the Freedom of Information Act and similar mechanisms to force companies to confirm whether or not they are participating with the Feds via CISA. In other words, if a company boasts it is not volunteering people's information, this cannot be verified by an FoI, which makes launching a legal case tricky if not impossible.

The bill is strongly opposed by technology companies including Microsoft, Apple, and Google, which say it sacrifices people's privacy for very little gain, and will be ineffective at stopping online attacks. Even the US Department of Homeland Security has objected to CISA as it stands.

In a sometimes heated debate on Wednesday, the CISA legislation was alternatively praised as a vital tool for g-men to keep Americans safe – and condemned as a bill to legalize state surveillance that adds nothing to improving the nation's IT security infrastructure.

The Senate voted on a bundle of amendments that slightly increased the privacy protections of the bill by requiring the Department of Homeland Security to strip out some personal information before disseminating the data to other federal and local law enforcement agencies.

One amendment that didn't make it onto the statute books came from Senator Rand Paul (R-KY) and would have made companies who break privacy statements by using CISA lose legal immunity.

Senator Dianne Feinstein (D-CA), one of CISA's sponsors, described Paul's amendment as a "bill killer" and came out strongly against it. Paul's amendment garnered only 31 votes when it came up for a vote, well short of the 51 needed.

Further amendments will now be debated, but it looks as though the final bill will be voted on early next week. The House of Representatives has already approved CISA-style legislation, and the differences between the two chambers' legislation shouldn't be too hard to bridge.

Once those steps have taken place, it'll be up to President Obama to decide if he wants to sign it into law. Despite coming out against CISA's predecessor bill, CISPA, the White House has indicated that it won't have a problem signing off on the new legislation. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing