Cybersecurity Information Sharing Act

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Boomshadow (talk | contribs) at 15:45, 21 October 2015 (→‎Government officials: "warantless" -> "warrantless"). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

See also: Cyber Intelligence Sharing and Protection Act
Cybersecurity Information
Sharing Act of 2015
Great Seal of the United States
Long titleTo improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes
Acronyms (colloquial)CISA
Legislative history

The Cybersecurity Information Sharing Act (CISA S. 2588 (113th Congress), S. 754 (114th Congress)) is a proposed law to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes".[1] The law would allow the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The bill was introduced in the U.S. Senate on July 10, 2014, but has not yet been considered or voted upon by the full Senate. Opponents question CISA's value, believing it will move responsibility from private business to the government, thereby increasing vulnerability of personal private information, as well as dispersing personal private information across seven government agencies, including the NSA and local police.

History

The Cybersecurity Information Sharing Act was introduced on July 10, 2014 during the 113th Congress, and was able to pass the Senate Intelligence Committee by a vote of 12-3.[2] The bill did not reach a full senate vote before the end of the congressional session.

The bill was reintroduced for the 114th Congress on March 12, 2015, and the bill passed the Senate Intelligence Committee by a vote of 14-1.[3] Senate Majority Leader Mitch McConnell, (R-Ky) attempted to attach the bill as an amendment to the annual National Defense Authorization Act, but was blocked 56-40, not reaching the necessary 60 votes to include the amendment.[4][5] Mitch McConnell hoped to bring the bill to senate-wide vote during the week of August 3-7,[6] but was unable to take up the bill before the summer recess. The Senate has tentatively agreed to limit debate to 21 particular amendments and a manager's amendments,[7] but has not set time limits on debate. As of October 2015, the US Senate plans to take up the bill following legislation concerning sanctuary cities.[8]

Provisions

The main provisions of the bill make it easier for companies to share cyber threat information with the government. Without requiring such information sharing, the bill creates a system for federal agencies to receive threat information from private companies. The bill also provides legal immunity from privacy and antitrust laws to the companies which provide such information.

With respect to privacy, the bill includes provisions for preventing the act of sharing data known to be both personally identifiable and irrelevant to cyber security. Any personal information which does not get removed during the sharing procedure can be used in a variety of ways. These shared cyber threat indicators can be used to prosecute cyber crimes, but may also be used as evidence for crimes involving physical force.[9]

Positions

Businesses and Trade groups

The CISA has received some support from advocacy groups, including the United States Chamber of Commerce,[10] the National Cable & Telecommunications Association, and the Financial Services Roundtable.[9]

A number of business groups have also opposed the bill, including the Computer & Communications Industry Association,[11] as well as individual companies like Twitter, Yelp, and Reddit.[12]

BSA (The Software Alliance) appeared initially supportive of CISA, sending a letter on July 21, 2015 urging the senate to bring the bill up for debate.[13] On September 14, 2015, the BSA published a letter of support for amongst other things cyber threat information sharing legislation addressed to Congress, signed by board members Adobe, Apple Inc., Altium, Autodesk, CA Technologies, DataStax, IBM, Microsoft, Minitab, Oracle, Salesforce.com, Siemens, and Symantec.[14] This prompted the digital rights advocacy group Fight for the Future to organize a protest against CISA.[15] Following this opposition campaign, BSA stated that its letter expressed support for cyber threat sharing legislation in general, but did not endorse CISA, or any pending cyber threat sharing bill in particular.[16][17]

Government officials

Proponents CISA include the bill's main cosponsors, senators Dianne Feinstein (D-CA) and Richard Burr (R-NC).[8]

Some senators have announced opposition to CISA, including Ron Wyden (D-OR), Rand Paul (R-KY), and Bernie Sanders (I-VT).[18]

Senator Ron Wyden (D-OR) has objected to the bill based on a classified legal opinion from the Justice Department written during the early George W Bush Administration. The Obama administration states that it does not rely on the legal justification laid out in the memo.[19][20] Wyden has made repeated requests to the US Attorney General to declassify the memo,[21] dating at least as far back as when a 2010 Office of Inspector General report cited the memo as a legal justification for the FBI's warrantless wire-tapping program.[22]

On August 4, 2015, White House spokesman Eric Schultz endorsed the legislation, calling for the senate to "take up this bill as soon as possible and pass it".[23]

The United States Department of Homeland Security initially supported the bill, with Jeh Johnson, the secretary of the DHS, called for the bill to move forward on September 15th.[24] However, in an August 3rd letter to senator Al Franken, the deputy secretary of the DHS, Alejandro Mayorkas, expressed privacy concerns concerning the bill. In the letter, the DHS found issue with the direct sharing of information with all government agencies, advocating instead that the DHS be the sole recipient of cyberthreat information, allowing it to scrub out private information.[25]

Civil liberties groups

CISA has been criticized by advocates of Internet privacy and civil liberties, such as the Electronic Frontier Foundation and the American Civil Liberties Union.[26][27] It has been compared to the criticized Cyber Intelligence Sharing and Protection Act proposals of 2012 and 2013, which passed the U.S. House, but did not pass the Senate.

See also

References

  1. ^ "Discussion Draft of the 'Cybersecurity Information Sharing Act of 2014' (S.2588)", 113th Congress, 2d Session, June 11, 2014.
  2. ^ Gregory S. McNeal (9 Jul 2014). "Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee". Forbes. Retrieved 31 Jul 2015.
  3. ^ Andy Greenberg (12 Mar 2015). "CISA Cybersecurity Bill Advances Despite Privacy Concerns". Wired. Retrieved 27 Jul 2015.
  4. ^ Charlie Mitchell (22 Jun 2015). "Senate vote falls short of approving defense act with CISA amendment". The Washington Examiner. Retrieved 28 Jul 2015.
  5. ^ Erin Kelly (11 Jun 2015). "Democrats block effort to attach cybersecurity legislation to defense bill". USA Today. Retrieved 28 Jul 2015.
  6. ^ Charlie Mitchell (20 Jul 2015). "Senate, once again, looks to bring back CISA". The Washington Examiner. Retrieved 27 Jul 2015.
  7. ^ Katie Bo Williams (1 Oct 2015). "House Intel chief says cyber-sharing bill will pass 'overwhelmingly'". The Hill. Retrieved 4 Oct 2015.
  8. ^ a b Kaveh Waddell (20 Oct 2015). "Cybersecurity Bill Nears Crucial Senate Vote". National Journal. Retrieved 20 Oct 2015.
  9. ^ a b Andy Greenberg (20 Mar 2015). "CISA Security Bill: An F for Security But an A+ for Spying". Wired. Retrieved 31 Jul 2015.
  10. ^ Dibya Sarkar (Mar 5, 2015). "Industry rep: Businesses get stronger liability protection for sharing cyber threat info under CISA". Fierce Homeland Security. Retrieved July 27, 2015.
  11. ^ Chris Bing (20 Oct 2015). "Apple, Google and Friends Join Forces Ahead of Crucial CISA Decision". Retrieved 20 Oct 2015.
  12. ^ James Rogers (20 Oct 2015). "Twitter slams controversial cybersecurity bill". Fox News. Retrieved 20 Oct 2015.
  13. ^ Cory Bennett (July 21, 2015). "Software industry urges action on Senate cyber bill". The Hill. Retrieved July 27, 2015.
  14. ^ "Congressional Leadership Data Agenda Letter" (PDF). BSA. September 14, 2015.
  15. ^ "Betrayed by Tech". Fight for the Future.
  16. ^ Barb Darrow (24 Sep 2015). "Apple, Microsoft, others slammed for supporting cybersecurity bill". Fortune. Retrieved 4 Oct 2015.
  17. ^ Julie Bort (28 Sep 2015). "A few tweets from Salesforce's Marc Benioff threaten to squash a cyber-spying law". Business Insider. Retrieved 4 Oct 2015.
  18. ^ Eric Geller (12 Oct 2015). "Bernie Sanders comes out against CISA, a controversial cybersecurity bill". Daily Dot. Retrieved 20 Oct 2015.
  19. ^ Dustin Volz (July 27, 2015). "What's Inside the Justice Department's Secret Cybersecurity Memo?". National Journal. Retrieved July 28, 2015.
  20. ^ Trevor Timm (June 13, 2015). "A government surveillance bill by any other name is just as dangerous". The Guardian. Retrieved July 28, 2015.
  21. ^ Mike Masnick (4 Feb 2015). "Senator Wyden Follows Up With Eric Holder On All Of The Requests The DOJ Has Totally Ignored". Tech Dirt. Retrieved July 31, 2015.
  22. ^ Marc Ambinder (February 1, 2010). "Obama's Secret Wiretap Memo". The Atlantic. Retrieved July 31, 2015.
  23. ^ Cory Bennett (4 Aug 2015). "White House endorses Senate cyber bill". The Hill. Retrieved 4 Oct 2015.
  24. ^ 16 Sep 2015. "Homeland Security chief pushes Senate to move cyber bill". The Hill. Retrieved 20 Oct 2015.{{cite web}}: CS1 maint: numeric names: authors list (link)
  25. ^ Eric Geller (3 Aug 2015). "Homeland Security joins privacy groups in pushback against CISA". The Daily Dot. Retrieved 20 Oct 2015.
  26. ^ "A Zombie Bill Comes Back to Life: A Look at The Senate's Cybersecurity Information Sharing Act of 2014", Mark Jaycox, Electronic Frontier Foundation (EFF), June 29, 2014.
  27. ^ "Beware the Dangers of Congress’ Latest Cybersecurity Bill", Sandra Fulton, ACLU (Washington), June 27, 2014.

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Cybersecurity_Information_Sharing_Act&oldid=686826259"