Despite privacy concerns, cybersecurity bill poised for passage

Source: Al Jazeera America

While the House of Representatives garnered all of the media attention last week — with the GOP’s pursuit of Paul Ryan and the Benghazi committee’s pursuit of Hillary Clinton — Senators just across the Capitol rotunda were making decisions that could have much deeper implications for United States security and the privacy of millions of less famous Americans. A bill known as CISA — the Cybersecurity Information Sharing Act — cleared its cloture vote on Oct. 22 and, with the qualified support of the White House, is headed for floor debate and an expected final vote late Tuesday.

The legislation, according to proponents, is a comprehensive step toward securing private data networks against malicious hackers — a means by which companies can share early “cyberthreat indicators” with the Department of Homeland Security. But according to CISA’s critics (and there are many), the bill represents a solution to a problem that doesn’t exist. They sat it’s an ineffective bulwark against cyberthreats and a potentially grave threat to the privacy rights of U.S. citizens.

CISA is sponsored by North Carolina Republican Richard Burr, chairman of the Senate Select Committee on Intelligence (SSCI), and Dianne Feinstein of California, the committee’s ranking Democrat. And therein lies the first clue to what this bill is about.

"This is coming out of the Senate Intelligence Committee, not the Commerce or Homeland Security Committees," said Eli Dourado, who runs the tech policy program at George Mason University’s Mercatus Center.

Dourado explained to Vox that if this were primarily an issue of protecting private U.S. electronic infrastructure from hacks, one would expect the latter two committees to take the lead. While there are elements of CISA that are generous to private-sector business interests, he said, "I don't hear very much arguing outside of the Intelligence Committee that we need this for cybersecurity."

But you will hear plenty of arguments about why the U.S. does not need CISA — and why private citizens should be very wary of the legislation.

<snip>

“It's far from clear that [current] privacy laws are actually hampering efforts to beef up the Internet's defenses,” wrote Vox’s Timothy B. Lee. Companies already share a good deal of information, he said, and that info is already “carefully curated by security experts.”

“These experts write reports that succinctly provide technical details about an emerging threat, without including any users' personal information,” he said.

CISA, say critics, would create a problem, since the amount of data the bill proposes sharing makes it impossible for humans to do the filtering. It would require the use of imperfect automated algorithms instead, thus upping the odds of distributing personal data.

<snip>

Read more: http://america.aljazeera.com/articles/2015/10/26/despite-concerns-cybersecurity-bill-heads-to-vote.html