Earlier this week, the U.S. Senate passed the Cybersecurity Information Sharing Act (CISA). This piece of legislation is meant to make it easier for companies, law enforcement and the government to share information about potential cyber threats. But the language of the act has concerned organizations like the Electronic Frontier Foundation (EFF).
At the heart of the matter is the way companies are being encouraged to participate in an information-sharing program. It's opt-in, so companies don't have to take part. If they choose to cooperate, they'll end up sending automated, real-time messages to law enforcement and government agencies.
In return, companies will receive immunity from legal proceedings as a result of sharing that information. The act also calls for companies to strip out any information that might identify customers as a nod to privacy. But critics aren't satisfied with this move.
It takes very little information to identify a person. Researchers at Harvard's Data Privacy Lab have shown that just a zip code, gender and birth date are enough to of people living in the United States. We often consider our names to be important to who we are, but as it turns out they're not necessary to connect data relevant to us.
And should some agency mistakenly act upon erroneous information, the people affected will have no legal recourse to pursue against the company that handed their information over in the first place. Critics say that this legislation would protect companies, not citizens. It also would greatly increase the amount of surveillance being performed on American citizens.
The EFF goes a step further and says the legislation is ignoring the underlying problems of cybersecurity. The organization points out that the big issues in security are linked to poorly encrypted or unencrypted data, outdated computer architecture and good old-fashioned human error. CISA does nothing to address those underlying issues.
While the act passing the Senate is a blow to the critics, CISA hasn't been signed into law yet. It's now being handled by a committee to resolve differences in the Senate and House versions of the act. You can read the act in full online. And if you haven't already, you can watch our CISA primer video above, too.