Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
CISA Goes to Obama Tucked Into Budget Bill
December 22, 2015
As SC Magazine reported last Friday, the U.S. House approved controversial cybersecurity legislation buried within a $1.1 trillion government spending agreement that was needed to prevent a government shutdown. In fact, apparently all kinds of legislation is buried in that bill. Seems to happen way too often.
The bill passed the House Friday morning with a vote of 316-113, and was approved by the Senate with a 65-33 vote in the afternoon. The Cybersecurity Information Sharing Act (CISA) has been contentious since the beginning of its life . . .
“Chief information officers are not excited about this,” Matthew Green, a cryptographer and professor at Johns Hopkins University told SCMagazine.com. “They are saying, we don't want anything to do with this.”
While CISA includes providing liability relief for companies sharing data with government agencies, many multinational corporations are concerned about reputational risk, especially as they try to navigate international issues such as Safe Harbor, which was ruled invalid by the European Commission in October.
“How that is all going to be resolved?” asked Green. “I have no idea, but it is the last thing that tech firms want to deal with right now.”
The act creates a voluntary cybersecurity sharing process allowing the public and private sectors to share information on cyber threats and attacks with the federal Department of Homeland Security without legal liability issues and while protecting private information. Companies would be required to review and remove any personally identifiable information unrelated to cyber threats before sharing information with the government.
Some industry groups, such as banking, have groups for sharing information about online threats, but the bill seeks to increase sharing, especially with government agencies, said David Ries, a member at Clark Hill PLC.
The key, he said, is “striking a balance between information the federal government really needs for a coordinating role and security, and not giving them too much that identifies unnecessary private details or business information.” Many readers will recognize Dave as a frequent source of RTL stories – and our regular co-author.
The bill is “dangerous” for giving intelligence agencies too much authority, and it does not go far enough to address existing problems such as unencrypted files, out-of-date software and user errors, said the Electronic Frontier Foundation, a San Francisco nonprofit that advocates for Internet privacy.
“CISA — and its amendments — do not even begin to address these serious problems,” the foundation said in a statement. “Instead, they mandate information sharing with the intelligence community, creating even more cyberspying.”
Like many others, I worry that CISA pretends to be a sheep when it is really a wolf, thinly disguised.
This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.