Passions Flare Up as Cybersecurity Bill Nears Senate Vote
Ahead of an expected vote on the Cybersecurity Information Sharing Act (CISA), tech and privacy groups are intensifying their collective efforts against the bill, saying it sacrifices privacy in its push for security. A key financial services group, however, says this claim is overblown—using the text of the bill itself as its argument.
Cybersecurity is back on the table in the Senate, and the tech world couldn’t be more frustrated by the news.
Tech groups and the companies they represent, along with digital-privacy advocates, contend that the Cybersecurity Information Sharing Act (CISA) fails at its intended mission of improving computer security through the sharing of cyberthreat warnings and endangers people’s privacy in the process. The Business Software Alliance (BSA) and the Computer & Communications Industry Association (CCIA) are among those opposing the bill.
In a blog post last week, CCIA emphasized that while it supports the goal of improving the sharing of information on cybersecurity threats between the government and the private sector, the legislation’s means of accomplishing this is insecure and ineffective.
“CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” the group’s Bijan Madhani stated. “In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties.”
BSA, meanwhile, opposes both CISA and two other recent cybersecurity bills that passed the House, arguing that the measures need strong privacy protections. (A key BSA member, Apple, came out separately in opposition to CISA.)
The bill has led to the rise of advocacy campaigns against the legislation by key groups, including one by the Electronic Frontier Foundation that has characterized the bill as a reawakening of the Cyber Intelligence Sharing and Protection Act (CISPA), a failed 2013 measure that drew similar passion from tech advocates.
“CISA is fundamentally flawed in its approach to cybersecurity,” EFF’s Amul Kalia wrote in a recent blog post. “Its information sharing regime wouldn’t even fix the most recent public breaches, since it doesn’t address basic problems, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.”
An Annotated Fight
The Financial Services Roundtable (FSR), one of the key advocates supporting CISA, has pushed some campaigns of its own, including a novel infographic that annotates the text of the bill with notes emphasizing that it doesn’t endanger Americans’ security.
“It doesn’t get a whole lot clearer—CISA requires the removal of personal information,” FSR emphasizes in the infographic.
But FSR wasn’t alone in coming up with this idea. Sen. Ron Wyden, the ranking member of the Finance Committee, responded by sharing more detailed annotations [PDF] from privacy and policy advocates such as Robyn Greene of the New America Foundation and Patrick G. Eddington of the Cato Institute.
It’s an interesting way to highlight a political debate, to say the least.
A Financial Services Roundtable infographic that annotating the Cybersecurity Information Sharing Act. (Financial Services Roundtable)