The Senate on Tuesday overwhelmingly approved the Cybersecurity Information Sharing Act (CISA), which would allow companies to share consumer data with the government in the event of cyber attacks.
The CISA aims to improve sharing of information on cyber threats between companies, and allows companies to share customer information with the Department of Homeland Security (DHS) without being in violation of existing privacy regulations, such as the Freedom of Information Act. The DHS can then share the information with the NSA and FBI as it feels is appropriate.
The legislation has been opposed by many in the tech industry, including by the Computer & Communications Industry Association (CCIA), which counts Sprint and T-Mobile among its member companies.
“CCIA is unable to support CISA as it is currently written. CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” read the statement. In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties.”
Senator Ron Wyden, (D-Ore.) called the vote an “early, flawed step in what is sure to be a long debate over how the U.S. can best defend itself against cyber threats.”
“As even the sponsors have acknowledged, this bill will do little to protect Americans from sophisticated hacks,” Wyden said in a statement. “At the same time, it will allow large volumes of Americans’ personal data to be unnecessarily shared with government agencies from the NSA to the FBI.”
Wyden wasn’t the only one speaking out against the bill. Whistleblower Edward Snowden on tweeted that “a vote for #CISA is a vote against the Internet.”
Experian, which recently suffered a hack revealing troves of information on people who had applied for credit with T-mobile, has come out in favor of the legislation.
“Experian supports legislation that would facilitate greater sharing of cyber threat information among appropriate private and government entities,” the company said in a statement. “Congress has the responsibility to balance the need for facilitating greater information sharing, and thereby enhancing cybersecurity, with important consumer privacy concerns.”
The White House has come out in support of the bill, which will have to be reconciled with a House version in April.
Filed Under: Industry regulations, Cybersecurity