CISA Is Coming
By the end of the week CISA will be passed into law. Have you read it? There’s really not much to it, as it’s designed like Obamacare — granting a government department the ability to develop its own policies, procedures, rules and exceptions, as long as they follow rather generic rules about collection and disclosure.
CISA provides businesses immunity from all liability and antitrust laws if they share “automated” data — even if doing so is in direct violation of their own terms of service or contracts.
The “immunity” is written rather interestingly. Not only does it immunize businesses that share information about their customers, but it also provides immunity to any individual hacker that actually performs attacks against any US individual or business as long as they share “some” of their results with the government. The government essentially provides free reign for the creation of a new class of American trespasser/digital B&E, as long as they tithe the State.
CISA allows the federal government to collect all digital data, permanently, to “fight terrorism.”
It allows this data to be used to “regulate” the lawful activities of ordinary Americans, as long as the data isn’t collected “only” for that purpose (and since it’s collected to “fight terror”, it gets an immediate green light). This means they can create a database collecting every email relationship to ferret out personal details. For example, collecting political leanings and use that information to create lists of gun owners, gays, and foodies. The information can then be used to target them the same way the IRS targeted conservatives or Hitler targeted Jews.
One of my main concerns is that this will eventually lead to a US-based equivalent of the Great Firewall of China. The last thing the US needs as we head to war with Russia, and inevitably China, is any real or perceived cap on our ability to obtain legitimate news from the rest of the world. We’re sure not going to get it at home.
The most terrifying aspect of the law is that it only requires the new government department to report to congress every two years, while the security implications of pretty much all digital activity changes, literally, from minute to minute. Most tech security automation today is designed to auto-expire attack and hack filters within 24 hours. This means that by the time congress is able to act on specific implementations or changes, years may have passed.
Just remember: when Rand and Bernie agree, something is very wrong.