CISA: You have the right to remain spied upon

The Cybersecurity Information Sharing Act (CISA) bill has been passed by an alarmingly large majority in the US Senate. Amazingly, given the amount of high profile and intelligent debate from some of the biggest names in the technology industry, the bill was passed by a vote of 74 to 21. But what is CISA, why does it matter to everyone who uses the Internet and what does the IT security industry have to say about it? CISA, better known as the Cybersecurity Information Sharing Act (S. 754) of 2015, is a bill that essentially enables private businesses to share data regarding cyber-threats with the federal government (including the National Security Agency) in order to fight cybercrime, hacking and state sponsored threats. The data concerned includes, of course, the personal user data of their customers. In order to enable this without breaking other laws, CISA offers protection from lawsuits regarding the sharing of personal data to those companies who participate. In other words, it gives a whole bunch of federal, government, agencies access to private information whilst neutralising the US Freedom of Information Act. The people whose data is being shared will be none the wiser, as CISA doesn’t require them to be told. Indeed, an amendment that would have required just such a notification to those whose data was being examined in this way was voted down by the Senate. CISA is, and always was, a surveillance bill by another name. Bear in mind that much of the data we are talking about, from private industry across all sectors, is that which the government has never been allowed access to (officially at least) in any form before CISA. What private business does already have, courtesy of the IT security industry, is access to shared threat data that is already being used to help protect them from attack. The only people that will benefit from CISA, at the end of a very long day, are going to be the government and the federal agencies attached to it.