With the latest terrorist threats against numerous countries, US law makers introduced the Cybersecurity Information Sharing Act (CISA) this past October. The overall idea is to allow private technology companies to share information with US government officials including the NSA, local police and homeland security. The positive side is the possible speed in which law enforcement can deal with terrorist threats. However, the opposing side brings about privacy violations and possible vulnerabilities.
The bill protects private companies from sharing personal information with US government agencies. This means that your data can be collected, monitored, tracked, and given freely to the government without any liabilities should that data be exposed or used in any way. In other words, if your private data is mishandled or shared without your knowledge, you have no legal grounds to sue for damages. Government agencies can demand information about Internet security without any warrant or subpoena. This gives US government entities the ability to use data collected by huge information-gathering silos including Google, Facebook and Twitter.
Some lawmakers attempted to shield some data from being shared. For instance, Senators Ron Wyden and Dean Heller pushed for private companies to strip private information from the cyber data and Internet traffic collected. Some privacy measurements were included to appease privacy advocates. For instance, any sharing procedures must be publicly accessible.
What’s largely worrisome is that these government agencies can demand information directly from upstream providers who are the backbone of the Internet. The Internet backbone is owned by the larger providers such as AT&T and Comcast. They control the wires that feed the majority of Internet traffic regardless of your location. At some point, your traffic is sent over a larger wire to reach its intended destination. All of this information is now legally accessible by US government agencies without the provider demanding a warrant before it will release private data.
To understand a little more about what this act means for you, here is a breakdown of its detail.
- Large private businesses that store huge amounts of private data have capabilities to detect terrorist threats – think sites that gather large amounts of data such as Google, Facebook, Twitter, Comcast, Verizon, and AT&T.
- When a terrorist threat is detected, they can share this information with government agencies such as the NSA or the Department of Homeland Security. Previously, sharing data indiscriminately required permission from the owner or an official warrant from the government agency.
- The data is then shared with other law officials, and the DHS and NSA have free reign to use the data as they see fit.
This new law gives the NSA more flexibility in securing user private data, and it’s known through Snowden-leaked documents that they have eavesdropping and interception equipment that connect directly to the Internet’s backbone. As these laws continue to pass, holes in previous privacy laws continue to leave private data open to questionable activity.
To read more about CISA, you can read the official documents here.
Leave a Comment