Posted on

Cybersecurity bill could ‘sweep away’ internet users’ privacy, agency warns

big-brother-poster

Sam Thielman

Homeland Security admits Cybersecurity Information Sharing Act raises concerns while corporations and data brokers lobby for bill as it returns to Senate

The Department of Homeland Security (DHS) on Monday said a controversial new surveillance bill could sweep away “important privacy protections”, a move that bodes ill for the measure’s return to the floor of the Senate this week.

The latest in a series of failed attempts to reform cybersecurity, the Cybersecurity Information Sharing Act (Cisa) grants broad latitude to tech companies, data brokers and anyone with a web-based data collection to mine user information and then share it with “appropriate Federal entities”, which themselves then have permission to share it throughout the government.

Minnesota senator Al Franken queried the DHS in July; deputy secretary of the department Alejandro Mayorkas responded today that some provisions of the bill “could sweep away important privacy protections” and that the proposed legislation “raises privacy and civil liberties concerns”.

Much of the attention on Cisa has been directed at companies such as Google, Facebook and Comcast, which have large hoards of internet user behavior. But arguably more important are data brokers. Among the groups lobbying for the passage of Cisa are Experian, which tracks consumer trends using information from loyalty cards and other sources and licenses the information to help target advertising; Oracle, whose Data Cloud product works similarly; and Hitrust, which aggregates healthcare information.

The paragraph generating the most concern can be found in section 4 of the bill: “[a] private entity may, for cybersecurity purposes, monitor A) the information systems of such a private entity; B) the information systems of another entity, upon written consent of such other entity […] and D) information that is stored on, processed by, or transiting the information systems monitored by the private entity under this paragraph.”

https://www.theguardian.com/world/2015/aug/03/cisa-homeland-security-privacy-data-internet