http://www.defenseone.com/threats/2015/10/even-dhs-doesnt-want-power-it-would-get-under-cisa/123015/
By PATRICK TUCKER
defenseone.com
OCTOBER 21, 2015
The Senate is currently debating a bill to give Department of Homeland
Security unprecedented access to personal information, a measure intended
to help to protect the nation from cyber attacks. Yes, that DHS, whose
director had his Comcast account hacked yesterday. Even stranger: DHS
doesn’t even want the power it would be granted.
The bill is the Cyber Information Sharing Act, or CISA. It would give
companies legal immunity to send DHS a broad range of information about
the users of their websites. DHS would then be allowed to speed that
(nominally anonymized) information along to the NSA, DoD, FBI, the FCC or
other bodies. Through a byzantine series of twists and turns, that could
potentially include foreign militaries.
In July, DHS officials pointed out various problems with CISA in a
seven-page memo. They argued, among other things, that the bill “could
sweep away important privacy protections, particularly the provisions in
the Stored Communications Act limiting the disclosure of the content of
electronic communications to the government by certain providers.”
But hey, what’s a little privacy loss in the name of better security?
Unfortunately, according to DHS’s memo, CISA fails there, too. “These
provisions would undermine the policy goals that were thoughtfully
constructed to maximize privacy and accuracy of information, and to
provide the NCCIC with the situational awareness we need to better serve
the nation’s cybersecurity needs,” it said.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
