Of course, the legislation itself has already attracted heavy criticism from the US privacy advocates – for example, the EFF points out that the cybersecurity laws that would be broadened by CISA bill were used to prosecute the late founder of Demand Progress for downloading articles from the digital library of academic journals.
The stated purpose of the Cybersecurity Information Sharing Act is to establish a reporting system for private industry that would allow any company with a digital record of consumer behavior to pass threat information to the Department of Homeland Security. The latter, in its turn, would be then required to pass the information to the Federal Bureau of Investigation and other relevant authorities. This is why the DHS didn’t like the idea at all and has come out against the bill, claiming that such approach could sweep away important privacy protections. Unsurprisingly, the controversial bill is also facing mounting pressure from tech firms, which want it to be rewritten or scrapped altogether.
Another problem is that the CISA would also block any disclosures about what data about the cyber threat indicators had been shared. Republican senator Rand Paul proposed an amendment to the CISA which would disallow it from breaking user agreements between companies and their users. However, this particular amendment failed to pass, 32-65. In the meantime, Republican senator Richard Burr claimed that he would not entertain any more amendments to the Cybersecurity Information Sharing Act bill, and it is now expected to receive a vote in a few days.
