Credit: Reuters/David Moir
The controversial CISA (Cyber Information Sharing Act) has been reviled in tech and privacy circles for offering governments and the private sector a way to sidestep privacy and Net neutrality rules. But earlier this week, the Senate Select Committee on Intelligence voted by 12-3 to approve the bill, thus nudging it closer to the Senate floor.
Originally devised as a way to allow freer information sharing between the government and businesses for the sake of thwarting or minimizing damage from cyber attacks, CISA has come under fire for the way it implements those concepts.
For example, businesses that provide personal information with the government under the guise of informing them of a security threat are rendered immune from lawsuits. That provision's clearly intended to allow companies to share needed information without fear of reprisal, but it might also embolden them to act recklessly.
CISA's chief proponents, Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.), claim the bill has sufficient privacy and liability protections in place and requires reports on how it's implemented to be presented to various agencies and offices.
The bill's defenders claim its wording and intentions are narrow enough. "The focus of the bill is narrowly on cyber security information sharing," said Feinstein's office in a statement, "and it does not affect intelligence programs, Net neutrality, or the establishment of cyber standards." The statement noted that amendments while the bill was in committee were made "to further strengthen privacy protections in the bill, clarify authorization language, and make technical changes."
But Senators Ron Wyden (D-Or.) and Mark Udall (D-Co.), who voted against the bill, says it "lacks adequate protections for the privacy rights of law-abiding Americans, and that it will not materially improve cyber security. We opposed the bill for these reasons, but we stand ready to work with our colleagues to address its shortcomings."
A key reason for criticism of the bill's wording is the open-ended protection for those who fall under its umbrella, allowing actions to be taken under its provisions to circumvent privacy or Net neutrality. In one widely discussed example, the bill could conceivably be used an excuse by an ISP to throttle Netflix as a defensive measure. It isn't clear if the version of the bill that passed the committee prevents such scenarios, since the full text of the revised bill won't be released until next week.
Versions of CISA have bubbled up before and been defeated for many of the same reasons -- that it provides far more loopholes for domestic spycrafting than it does useful tools for addressing cyber attacks. Last year's CISPA (Cyber Information Sharing and Protection Act), the previous incarnation of the bill, made it as far as the House, but it was blocked in the Senate and faced a flat-out veto by President Obama. Given that history, the current version of the bill might share the same fate.
Other initiatives for sharing information about cyber threats, outside of legislative avenues, have been taking shape. Most recently, Microsoft created Interflow, a cyber crime data sharing and collaboration platform for both business and government users, although there were concerns such a thing would be hidebound by it being deployed via Microsoft's proprietary platform.
This story, "CISA bill -- and Internet privacy rights -- moves to Senate for a vote," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.