' CISA Passes to the Dismay of Many | MTTLR

CISA Passes to the Dismay of Many

On Tuesday, the Senate passed the Cybersecurity Information Sharing Act (“CISA”) by an overwhelming 74-21 majority vote.   Introduced back in July 2014 by Senator Dianne Feinstein (D-Calif.), CISA quickly proved to be a controversial piece of legislation.  Supporters of the bill, which also include the U.S. Chamber of Commerce and advocacy groups for the U.S. financial services industry, view it as the natural federal response to the recent slew of cyber attacks on high-profile targets including Sony Pictures Entertainment, Target stores, and the Office of Personnel Management.   To combat these breaches, the bill purports to create a voluntary communication pipeline between corporations and government agencies that will work to share information on digital signatures, hacking techniques, and risk factors.  To incentivize participation, the bill plans to grant certain legal immunities to organizations who share collected data.

Since its inception in 2014, opposition to the bill has been significant and vocal.  Critics claim that it is a wholly insufficient fix to many of the true cybersecurity threats currently faced by the US.  While low level breaches may be slowed, sophisticated individuals and state-sponsored hackers have developed techniques that would not be deterred by the proposed measures.   Opponents argue that the current bill fails to address the problems that lie at the heart of the recent breaches, which include “unencrypted files, poor computer architecture, un-updated servers, and employees clicking malware links.” 

In addition, privacy advocates contend that CISA is problematic for other fundamental reasons.  These groups are concerned that the bill will fuel government surveillance by effectively creating a “backdoor” to current laws designed to protect user privacy.  By including broad immunity clauses for participating organizations, privacy advocates believe that the bill will incentivize the warrantless monitoring and reporting of user data on a significant scale. 

The bill will next need to be conferenced together with similar bills already passed by the House.  While CISA appears to be an imminent reality, it remains to be seen how something of this magnitude will be implemented in practice.

———————————————————————————————————————————-

Yifu Chen is an editor on the Michigan Telecommunications and Technology Law Review, and a member of the University  Michigan Law School class of 2017.

Submit a Comment

Your email address will not be published. Required fields are marked *