Why the CISA amendment further erodes our right to privacy

Increasingly, governments are becoming the enemies of data protection

US Senate

A much-debated amendment to the 'Cybersecurity Information Sharing Act' (CISA) is splitting US authorities and the country's technology giants.

Last night the amendment passed through the first stages of a US Senate voteby 83 to 14, and if it passes a full Senate vote next week it will allow US courts to pursue foreign nationals accused of cybercrimes, even if they were perpetrated against other foreign citizens.

In other words, it considerably lowers the barriers for prosecuting cybercrime committed abroad, and means the US could prosecute anyone who steals data from anyone or any entity, regardless of where that crime occurs or whether a US entity is involved.

Extradition treaties mean that those accused of such crimes could then be brought back to the US to stand trial and face possible jail time.

For many people, including politicians from both sides of the house and a broad sweep of the business community, the amendment is a positive, strengthening IT security.

Within the technology sector, however, the likes of Apple, Dropbox, Facebook, Google, Twitter and the Wikimedia Foundation have revolted against it, citing privacy concerns.

Not all tech companies are convinced that the amendment to CISA will actually improve security and many are concerned about the privacy implications it poses.

Here's the thing - while the internet means we all live in an ever-shrinking world, that does not translate into expanding the scope of national law enforcement and justice. Different countries have widely varying views on what is and isn't suitable punishment to fit a given crime.

This is why it's important to put this US attempt at becoming the world's cyberpolice and cybercourts into perspective: should a German national living in France who hacks the credit card of an Italian citizen be subject to the laws of the US and face prison time there? Most people, I suspect, would think not. People should be prosecuted for their crimes, but the justice they face should be home-grown and not outsourced to another country.

The message from the dissenting tech giants is clear - the sharing of threat data is important but should not be at the expense of users' privacy. The mantra for all companies should be if you can't protect it, don't collect it'.

However, proposed legislation such as CISA in the US and the Snooper's Charter here in the UK move the protection goalposts somewhat. You have to ask yourself the question of who companies be protecting our data from. It's increasingly clear that it's not just the cybercriminals, but governments as well who want our data.

Ironically, given the IT security record of government agencies in the US over the last couple of years, once that information has been passed to them it's probably at greater risk of being hacked.

When it comes to privacy there is little room for much confusion or doubt. This part of the CISA bill should worry anyone: "Cyber threat indicators and defensive measures provided to the Federal Government under this Act shall be deemed voluntarily shared information and exempt from disclosure".

Yep, the Freedom of Information Act would not give anyone the right to know what data had been disclosed or by whom. Few corporates will actually take on 'the powers that be' when push comes to shove, which means that ultimately we can trust nobody but ourselves to protect our data from the grip of government surveillance.

At the end of the day my trust in both government and big business is already at a low, but this bill just drops it further down.

I am always being told whenever I rally against such moves as this that done nothing wrong, nothing to fear'. Well, I prefer to think in terms of done nothing wrong, deserve the right to a little privacy'...

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

Capcom data breach adds another 40,000 estimated victims
data breaches

Capcom data breach adds another 40,000 estimated victims

13 Jan 2021
Parler suffers data leak before being taken offline
social media

Parler suffers data leak before being taken offline

12 Jan 2021
United Nations suffers potential data breach
data breaches

United Nations suffers potential data breach

11 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021