Why the CISA amendment further erodes our right to privacy

Increasingly, governments are becoming the enemies of data protection

US Senate

A much-debated amendment to the 'Cybersecurity Information Sharing Act' (CISA) is splitting US authorities and the country's technology giants.

Last night the amendment passed through the first stages of a US Senate voteby 83 to 14, and if it passes a full Senate vote next week it will allow US courts to pursue foreign nationals accused of cybercrimes, even if they were perpetrated against other foreign citizens.

Advertisement - Article continues below

In other words, it considerably lowers the barriers for prosecuting cybercrime committed abroad, and means the US could prosecute anyone who steals data from anyone or any entity, regardless of where that crime occurs or whether a US entity is involved.

Extradition treaties mean that those accused of such crimes could then be brought back to the US to stand trial and face possible jail time.

For many people, including politicians from both sides of the house and a broad sweep of the business community, the amendment is a positive, strengthening IT security.

Within the technology sector, however, the likes of Apple, Dropbox, Facebook, Google, Twitter and the Wikimedia Foundation have revolted against it, citing privacy concerns.

Not all tech companies are convinced that the amendment to CISA will actually improve security and many are concerned about the privacy implications it poses.

Advertisement - Article continues below

Here's the thing - while the internet means we all live in an ever-shrinking world, that does not translate into expanding the scope of national law enforcement and justice. Different countries have widely varying views on what is and isn't suitable punishment to fit a given crime.

Advertisement - Article continues below

This is why it's important to put this US attempt at becoming the world's cyberpolice and cybercourts into perspective: should a German national living in France who hacks the credit card of an Italian citizen be subject to the laws of the US and face prison time there? Most people, I suspect, would think not. People should be prosecuted for their crimes, but the justice they face should be home-grown and not outsourced to another country.

The message from the dissenting tech giants is clear - the sharing of threat data is important but should not be at the expense of users' privacy. The mantra for all companies should be if you can't protect it, don't collect it'.

However, proposed legislation such as CISA in the US and the Snooper's Charter here in the UK move the protection goalposts somewhat. You have to ask yourself the question of who companies be protecting our data from. It's increasingly clear that it's not just the cybercriminals, but governments as well who want our data.

Advertisement - Article continues below

Ironically, given the IT security record of government agencies in the US over the last couple of years, once that information has been passed to them it's probably at greater risk of being hacked.

When it comes to privacy there is little room for much confusion or doubt. This part of the CISA bill should worry anyone: "Cyber threat indicators and defensive measures provided to the Federal Government under this Act shall be deemed voluntarily shared information and exempt from disclosure".

Yep, the Freedom of Information Act would not give anyone the right to know what data had been disclosed or by whom. Few corporates will actually take on 'the powers that be' when push comes to shove, which means that ultimately we can trust nobody but ourselves to protect our data from the grip of government surveillance.

At the end of the day my trust in both government and big business is already at a low, but this bill just drops it further down.

I am always being told whenever I rally against such moves as this that done nothing wrong, nothing to fear'. Well, I prefer to think in terms of done nothing wrong, deserve the right to a little privacy'...

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular


Ransomware collective claims to have hacked NASA IT contractor

3 Jun 2020

How data science is transforming business

29 May 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020