October 27, 2015
The latest clash in the cybersecurity vs. privacy debate played itself out in Congress on Tuesday when the Senate passed the Cybersecurity Information Sharing Act. Supporters say the bill, approved 74-21, will help stop hackers by getting companies that have been breached to share information about the embarrassing attack with federal law enforcement. The House passed its version in April.
But CISA is very controversial. While proponents call it common sense, critics say it’s just an excuse for intelligence officials to grab data on citizens without a warrant.
Before we get to the controversy, what is the bill supposed to do?
According to supporters, there’s a big problem: an information gap. When hackers hit a private company, that company is handcuffed or tongue-tied. It can’t readily tell people outside its legal walls what happened, what suspicious Internet — IP — addresses or malware code hit it. So other potential targets can’t defend themselves.
Supporters say CISA changes that by letting companies share “cyber threat indicators” with the Department of Homeland Security, which in turn can send out the red alert, share the code and warn others.