When I first heard about Cyber Security Information Sharing Act (CISA) concept, it appeared to make some sense. If one company encounters a cyber attack, or discovers a serious vulnerability, it should be required to notify a government agency and its peers ASAP to help protect all other government agencies and companies, as well as the overall network. If a company reports such an attack or vulnerability in good faith, and the report was later determined to be a false alarm, the company should not be subject to a lawsuit for false reporting. A law that would allow that seems fair and reasonable. It would help protect all users of the internet and help to catch the "bad guys."
The concept of the bill sounds good, but like a Trojan Horse, it may have an enemy hiding inside it -- a serious attack on privacy. According to recent articles about the CISA) (See this one in The Guardian by Sam Thielman), the big database companies Government law enforcement agencies, and credit reporting businesses have piled onto this bill with heavy lobbying and big campaign donations in order to expand the bill to increase surveillance over all Americans with no recourse or liability to them. See this on TechCrunch. They will be able to buy, sell and exchange information about what sites we visit, what we buy, our banking etc. We will not be able to know when the exchanges occur, or to whom they were given. Information about us could be available to all Government agencies, and since most corporations are international businesses now, the same information could be made available to Governments of other countries.
I believe the CISA bill should be stripped of those provisions before it is passed. However I have my doubts it will happen. We have a "perfect storm" in congress now. Republicans have always voted to increase Government law enforcement, and have consistently been against any attempt for individual freedoms. Democrats who typically stand up for individual freedoms, appear now to think of themselves as trying to appear to be tough on terrorism, may vote to approve the bill as written. Pretty scary!
We had a similar situation in 1998 when the terrible Digital Millennium Copyright Act (DMCA) was passed. The concept that as publishing moved to the digital world, laws needed to change to reflect the new world of the internet. That was the "horse" -- but the Trojans inside were much more evil, and, of course, lucrative, for the industry. We had a Republican majority in congress, and Bill Clinton as Democratic President. The President wanted to support the movie industry and the Republicans were getting tremendous pressure (and huge political donations) from Disney, and the publishing industry. The Disney and the publishers wanted to be able to merge and expand their monopolies across print, radio and TV, and didn't seem to care about individual rights. Disney also wanted to prevent their very old "Mickey Mouse" copyrights from expiring and being transferred to the public domain. The law passed easily and the large corporations reaped windfall profits of hundreds of billions of dollars over the past 17 years.
