Why You Should Be Concerned About The Cybersecurity Information Sharing Act

I really do wish I understood why lawmakers seem so gung-ho on tearing apart technologies they don’t understand, and freedoms they hardly think about. Frankly, it’s starting to get exhausting — and more than a little difficult to keep straight all the legal bungles belched out by senators and their lobbyists.

Until now, we’ve been lucky; most of the ill-conceived legislation has died on the Senate floor.

Unfortunately, it seems our luck may have run out. In a move that demonstrates a clear disinterest in listening to the people who actually know what they’re talking about, the United States House of Representatives in mid-December forced through a bill containing a $1.15 trillion spending plan, as well as controversial cybersecurity legislation — the Cybersecurity Information Sharing Act (CISA). Because the two have so much to do with one another, right?

And as of December 18, the bill has been signed and passed into legislation. Merry Christmas, America. Hope you weren’t enjoying your privacy.

“In a nutshell, CISA was meant to allow companies to share information on cyber attacks — including data from private citizens — with other companies and the Department of Homeland Security,” writes Chris Velazco of Engadget. “Once DHS had all the pertinent details, they could be passed along to the FBI and NSA for further investigation and, potentially, legal action. The thing is, critics saw the bill as way for government agencies to more easily keep tabs on Americans without their knowledge. CISA was derided by privacy advocates and tech titans alike, with companies like Amazon, Apple, Dropbox, Google, Facebook and Symantec (to name just a few) issued statements against an earlier version of the bill.”

That’s right — some of the largest tech companies in the world came out as opponents of CISA, and the government forced it through anyway. How bad is it, though? Should we really be that concerned?

The short answer is yes.

“This misguided cyber legislation does little to protect Americans’ security, and a great deal more to threaten our privacy than the flawed Senate version,” Senator Ron Wyden explained to Mashable. “Americans demand real solutions that will protect them from foreign hackers, not knee-jerk responses that allow companies to fork over huge amounts of their customers’ private data with only cursory review.”

This culture of fear that’s grown up around the Internet needs to be brought to heel.

“It contains substantially fewer oversight and reporting provisions than the Senate version did,” Wyden continued. “That means that violations of Americans’ privacy will be more likely to go unnoticed. And the Intelligence Authorization bill strips authority from an important, independent watchdog on government surveillance, the Privacy and Civil Liberties Oversight Board. This will make it easier for intelligence agencies — particularly the CIA — to refuse to cooperate with the Board’s investigations.”

In other words, organizations like the NSA and CIA now have even more government protections allowing them to play fast and loose with personal privacy. And our private information — already clearly at risk, given the large quantity of data breaches of late — is now even more freely available. This isn’t just a bad thing from a consumer perspective, though. It also has the potential to harm enterprise, too.

Consider the fact that the Snowden scandal might potentially cost U.S. businesses tens of billions of dollars, as non-Americans look to companies that they feel will actually respect their privacy. Now consider that we’ve just passed a law that effectively states, openly, that the NSA has access to personally identifiable information if there’s a breach. Surely, you see the issue, no?

This culture of fear that’s grown up around the Internet needs to be brought to heel. Because frankly, it’s starting to become absurd. And consider too: If lawmakers didn’t listen to companies about CISA, what else are they going to disregard?