Not the Answer

By Greg Nojeim

Greg Nojeim is Director of the Freedom, Security and Technology Project at the Center for Democracy and Technology, a Washington, D.C. NGO dedicated to Internet freedom.  Greg specializes in protecting privacy in the digital age as against intrusion by the government.   He leads CDT's cybersecurity work, testifying in the U.S. Congress on the impact of cybersecurity proposals on privacy.

The Senate is expected to consider the Cybersecurity Information Sharing Act (CISA) (S. 754) soon. Information sharing legislation that would fill gaps in existing law to make it easier for companies to share cyber threat indicators (CTIs) is probably necessary. Unfortunately, CISA is not the answer for many reasons.

First, CISA is actually a surveillance bill dressed in cybersecurity clothing.  The bill allows the government to use – for completely unrelated criminal investigations – the CTIs companies share for cybersecurity purposes, bypassing warrant requirements that would otherwise apply.  In addition, CISA requires the Department of Homeland Security (DHS) to share in real time the CTIs it receives with all “appropriate government agencies.” As a result, CTIs must immediately be given to the NSA, without any time to put in place privacy-protective measures beforehand.

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Sign Up Log In

Categorized as:Reporting Tech/CyberTagged with:

Related Articles

Search

Close