Why the CISA amendment further erodes our right to privacy

Increasingly, governments are becoming the enemies of data protection

US Senate

A much-debated amendment to the 'Cybersecurity Information Sharing Act' (CISA) is splitting US authorities and the country's technology giants.

Last night the amendment passed through the first stages of a US Senate voteby 83 to 14, and if it passes a full Senate vote next week it will allow US courts to pursue foreign nationals accused of cybercrimes, even if they were perpetrated against other foreign citizens.

In other words, it considerably lowers the barriers for prosecuting cybercrime committed abroad, and means the US could prosecute anyone who steals data from anyone or any entity, regardless of where that crime occurs or whether a US entity is involved.

Extradition treaties mean that those accused of such crimes could then be brought back to the US to stand trial and face possible jail time.

For many people, including politicians from both sides of the house and a broad sweep of the business community, the amendment is a positive, strengthening IT security.

Within the technology sector, however, the likes of Apple, Dropbox, Facebook, Google, Twitter and the Wikimedia Foundation have revolted against it, citing privacy concerns.

Not all tech companies are convinced that the amendment to CISA will actually improve security and many are concerned about the privacy implications it poses.

Here's the thing - while the internet means we all live in an ever-shrinking world, that does not translate into expanding the scope of national law enforcement and justice. Different countries have widely varying views on what is and isn't suitable punishment to fit a given crime.

This is why it's important to put this US attempt at becoming the world's cyberpolice and cybercourts into perspective: should a German national living in France who hacks the credit card of an Italian citizen be subject to the laws of the US and face prison time there? Most people, I suspect, would think not. People should be prosecuted for their crimes, but the justice they face should be home-grown and not outsourced to another country.

The message from the dissenting tech giants is clear - the sharing of threat data is important but should not be at the expense of users' privacy. The mantra for all companies should be if you can't protect it, don't collect it'.

However, proposed legislation such as CISA in the US and the Snooper's Charter here in the UK move the protection goalposts somewhat. You have to ask yourself the question of who companies be protecting our data from. It's increasingly clear that it's not just the cybercriminals, but governments as well who want our data.

Ironically, given the IT security record of government agencies in the US over the last couple of years, once that information has been passed to them it's probably at greater risk of being hacked.

When it comes to privacy there is little room for much confusion or doubt. This part of the CISA bill should worry anyone: "Cyber threat indicators and defensive measures provided to the Federal Government under this Act shall be deemed voluntarily shared information and exempt from disclosure".

Yep, the Freedom of Information Act would not give anyone the right to know what data had been disclosed or by whom. Few corporates will actually take on 'the powers that be' when push comes to shove, which means that ultimately we can trust nobody but ourselves to protect our data from the grip of government surveillance.

At the end of the day my trust in both government and big business is already at a low, but this bill just drops it further down.

I am always being told whenever I rally against such moves as this that done nothing wrong, nothing to fear'. Well, I prefer to think in terms of done nothing wrong, deserve the right to a little privacy'...

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Hackers sell $38 million in gift cards on Russian marketplace
hacking

Hackers sell $38 million in gift cards on Russian marketplace

7 Apr 2021
Personal data of 533 million Facebook users found on hacking forum
data protection

Personal data of 533 million Facebook users found on hacking forum

5 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021