What is CISA & Why should you care?
Yesterday was a historic day in cyber security and privacy. The Senate passed CISA, Cyber Security Information Sharing Act, 74 to 21. This version is very similar to the others that passed in the House earlier this year. Now that the Senate passed it, this version will have to be reconciled with the 2 House versions before heading to President Obama’s desk.
What is it? And why is it controversial?
Cyber Security Information Sharing Act (CISA) will allow corporations to share information with the government in hopes of preventing cyber-attacks. Included in the bill is legal protection for those companies who share information with the government. Companies, if sharing threat indicator information, will be safe from lawsuits. After learning of a threat, alerts will be sent across all industries. Industries will no longer be silos, but with this bill all industries will be alerted when one industry experiences a cyber security compromise.
The bill promotes security, however, many argue it sacrifices privacy. Apple opposes CISA because they don’t think that privacy should have to be sacrificed to promote security. Additionally, Apple strongly values the trust of their customers. Throughout the years, they have built up that trust and designed their services in hopes of maintaining the users’ privacy and trust.
Apple is not alone in their opposition, other tech companies such as Dropbox, Yelp, reddit, Twitter and the Wikimedia Foundation (runs Wikipedia) all have voiced their opposition towards the bill.
Others argue that the bill, while the intention is good, does not solve the real issue at hand. This bill does not require that companies heighten their cyber security. It will allow the company to foolishly handle someone’s data, yet still be protected because they will be sharing threat indicators. It still doesn’t take care of the real issue at hand and in some ways, serves as a Band-Aid to the problem.
Senator Ron Wyden (D-Ore.) also opposes the bill. He highlights the fact that there must not be adequate privacy standards because of the number of tech companies which oppose the bill. He wrote and proposed an amendment that would have required more personal data to be removed prior to sharing it with the government. However, that amendment along with the four other proposed amendments lost in yesterday’s vote.
What does this mean to you?
As a consumer, this means that potentially your privacy could be compromised and essentially there is nothing you can do about it.
As a business, be careful what you share and how you share it. If necessary, remind your customers that you value their privacy and will only share necessary information with the government in an extreme circumstance. Don’t let this be an excuse for laziness. Instead, take some time and make sure that your security is up-to-date and you have the proper companywide security procedures.