A controversial new cybersecurity bill, the Cybersecurity Information Sharing Act (CISA), could further jeopardize online privacy.
CISA would allow tech companies and data collection agencies to share user information with the government. In a letter to Sen. Al Franken, Department of Homeland Security deputy secretary Alejandro Mayorkas said the bill, as written, does not do enough to address privacy concerns and could “sweep away important privacy protections.” He also claimed the definition of “cyber threat indicators” in the bill was too expansive, which could allow for unrelated information to be shared.
“It is important… to be able to apply a privacy scrub to incoming data, to ensure that personally identifiable information unrelated to a cyber threat has not been included, Mayorkas wrote. "If DHS distributes information that is not scrubbed for privacy concerns, DHS would fail to mitigate and in fact would contribute to the compromise of personally identifiable information by spreading it further.”
Considering the Federal Government’s track record with the personally identifiable information of its own employees, the idea of it holding on to vast amounts of private data about the general public should be a red flag.
Of course, President Obama proposed his own cybersecurity legislation earlier this year, so Mayorkas may have political reasons for trashing the Senate’s bill. Even so, whenever a member of the Federal Government comes right out and says a proposed law is a threat to privacy, we should probably take notice.