Despite its controversial nature, the US Senate has passed the Cybersecurity Information Sharing Act (CISA).
Detractors are concerned because CISA would open up an information exchange between the public and the private sectors: government would give companies classified information about potential threats, but the bill also incentivizes companies to funnel information to local law enforcement and the Department of Homeland Security, which must share the information with the National Security Agency “in real time.” And that brings up potential privacy issues.
Dozens of technology companies, including Twitter, Apple and Google, have lobbied against the bill.
But the bill isn’t just troubling from a privacy perspective, some say; it’s also troubling from an economic perspective, because it could discourage international organizations from doing business with US firms, thus jeopardizing the health of the technology sector.”
“This is bad news,” said Mike Weston, the CEO of data science consultancy Profusion. “Just as the EU makes it clear that the ease with which security agencies gain access to commercially held personal data is a serious problem, the US government makes it even easier for this snooping to happen.
He added, “The Cybersecurity Information Sharing Act will make it significantly harder for the US and Europe to agree on a replacement for the collapsed safe harbour provisions. Without assurances that European citizens’ personal data is protected, it’s hard to see how such an agreement might be reached, putting the ‘thriving transatlantic digital economy’ at risk of stuttering, or worse.”
However, the Financial Services Roundtable (FSR) called the passage “an integral step toward better protecting American businesses and consumers from attacks by cyber-criminals.” FSR for years has advocated for CISA on behalf of the financial services industry.
“This bill will improve efforts to defend against cyber-criminals and better protect consumer financial data,” said FSR president and CEO, Tim Pawlenty. “We applaud the Senate for its efforts and urge both the House and Senate to resolve their differences in a conference committee.”
The Retail Industry Leaders Association (RILA) is also behind the bill.
“Today was a win for retailers and those committed to stepping up the fight against overseas hackers and cyber thieves targeting American businesses and our customers,” said Nicholas Ahrens, RILA’s vice president of privacy and cybersecurity. “Cyber-attacks are not going away; in fact, hackers are only growing more sophisticated in their ability to attack businesses, institutions and governments.”
He added, “Common-sense legislation that gives businesses the tools and legal protections needed to share cyber-threat indicators is a step in the right direction to thwart future attacks. We urge Congress to finish the job and get this legislation to the President’s desk as quickly as possible.”
Before Congress can send the bill to President Obama’s desk to be signed into law, the House and Senate must resolve differences between their respective bills, including a discrepancy between incorporating mandatory and voluntary requirements.