Even DHS Doesn't Want the Power It Would Get Under CISA

[InfoSec News <alerts () infosecnews org>]

http://www.defenseone.com/threats/2015/10/even-dhs-doesnt-want-power-it-would-get-under-cisa/123015/

By PATRICK TUCKER
defenseone.com
OCTOBER 21, 2015

The Senate is currently debating a bill to give Department of Homeland 
Security unprecedented access to personal information, a measure intended 
to help to protect the nation from cyber attacks. Yes, that DHS, whose 
director had his Comcast account hacked yesterday. Even stranger: DHS 
doesn’t even want the power it would be granted.

The bill is the Cyber Information Sharing Act, or CISA. It would give 
companies legal immunity to send DHS a broad range of information about 
the users of their websites. DHS would then be allowed to speed that 
(nominally anonymized) information along to the NSA, DoD, FBI, the FCC or 
other bodies. Through a byzantine series of twists and turns, that could 
potentially include foreign militaries.

In July, DHS officials pointed out various problems with CISA in a 
seven-page memo. They argued, among other things, that the bill “could 
sweep away important privacy protections, particularly the provisions in 
the Stored Communications Act limiting the disclosure of the content of 
electronic communications to the government by certain providers.”

But hey, what’s a little privacy loss in the name of better security? 
Unfortunately, according to DHS’s memo, CISA fails there, too. “These 
provisions would undermine the policy goals that were thoughtfully 
constructed to maximize privacy and accuracy of information, and to 
provide the NCCIC with the situational awareness we need to better serve 
the nation’s cybersecurity needs,” it said.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/