They wouldn't do that, would they?The Senate Intelligence Committee advanced a terrible cybersecurity bill called the Cybersecurity Information Sharing Act of 2015 (CISA) to the Senate floor last week. The new chair (and huge fan of transparency) Senator Richard Burr may have set a record as he kept the bill secret until Tuesday night.
[...]
This fatally flawed bill must be stopped. It's not a cybersecurity, but a surveillance bill.
[...]
CISA marks the fifth time in as many years that Congress has tried to pass "cybersecurity" legislation.
[...]
Last year, President Obama signed Executive Order 13636 (EO 13636) directing the Department of Homeland Security (DHS) to expand current information sharing programs. In February, he signed another Executive Order encouraging regional cybersecurity information sharing and creating yet another Cyber Threat Center.
[...]
Aside from its redundancy, the Senate Intelligence bill grants two new authorities to companies. First, the bill authorizes companies to launch countermeasures (now called "defensive measures" in the bill) for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system.
[...]
Second, the bill adds a new authority for companies to monitor information systems to protect an entity's hardware or software. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called “cyber threat indicators,” freely with government agencies like the NSA.
[...]
Its new role in the bill mandates DHS send information to agencies—like the NSA—"in real-time." The bill also allows companies to bypass DHS and share the information immediately with other agencies, like the intelligence agencies, which ensures that DHS's current privacy protections won’t be applied to the information.
[...]
Once the information is sent to any government agency (including local law enforcement), it can use the information for reasons other than for cybersecurity purposes.
EFF
I suspect this is one of those times when they need to make a law to cover something they're already doing. And I don't understand why they're so secretive about it. The majority of US citizens would surely scrap the constitution in order to give law enforcement agencies any powers they say they need to catch terrorists AND criminals. Well, certain KINDS of criminals.
And with TPP, corporations would essentially be the supreme law. All they need then is to have their own armies. Hmmm....come to think of it, during the Occupy protests, I do believe there were army-geared police standing guard in front of a bank or three.The bill also retains near-blanket immunity for companies to monitor information systems and to share the information as long as it's conducted according to the act. Again, "cybersecurity purpose" rears its overly broad head since a wide range of actions conducted for a cybersecurity purpose are allowed by the bill. [...] It remains to be seen why such immunity is needed when just a few months ago, the FTC and DOJ noted they would not prosecute companies for sharing such information.
Mission accomplished.
...but hey, do what you want...you will anyway.
UPDATE 6:00pm:
UPDATE: 12/19/15 - CISA passed the House handily.
No comments:
Post a Comment