CISA becomes law, privacy takes a hard hit
Oh, what a difference a change in political winds make. A mere two years ago, when Edward Snowden made his revelations as to how the U.S. government was using big data to spy on people in an effort to stop terrorism, President Obama found himself on the hot seat. He was promptly spurred to make changes to protect individual privacy.
But now the political winds have shifted, due mostly to GOP presidential candidates fanning the flames of fear, and government cyber spying is in vogue again. Congress included CISA in the omnibus spending bill passed by the House and Senate. President Obama signed it into law, and it is now known as the Cybersecurity Act of 2015.
Edward Snowden immediately tweeted in protest, but it's unclear if anyone's listening to him anymore.
Obama threatened to veto similar standalone legislation earlier, but that veto threat was before Obama's approval ratings fell dramatically in the wake of the Paris and San Bernardino shootings. It was also before strategic analyst Lt. Col. Ralph Peters called him an exceedingly offensive word on Fox News, as did other foul-mouthed critics and a few who called him other, less offensive names that still amounted to calling him weak.
Obama did show support for a Senate bill that would have enabled more data sharing on hackers and threats between the public and private sectors. That created alarm among many, but this new bill strips out even more of what remained of privacy protections in the earlier Senate bill.
In any case, cyber spying appears to be back in political vogue this election season. Yet, not. After all, the House and the Senate tried to slip the bill past public notice.
"CISA is the new PATRIOT Act," said Evan Greer, Fight for the Future's campaign director, in a press release. Fight for the Future is a grassroots effort against CISA.
"It's a bill that was born out of a climate of fear and passed quickly and quietly using a broken and nontransparent process. Most members of Congress still don't understand what it will actually do, which is to dramatically expand the U.S. government's unpopular and ineffective surveillance programs and make all of us more vulnerable to cyberattacks by letting corporations off the hook instead of holding them accountable when they fail to protect their customer's sensitive information."
Incidentally, Fred Donovan, editor of FierceITSecurity, reported in October that IT security leaders were split on CISA's passage. That doesn't surprise me given that corporations have complained for decades about the government's unwillingness to share threat data to aid their security efforts.
A report in Wired shared some additional insights on how it came to be that the bill was poised to become law despite opposition to it.
So where does that leave privacy protection? Somewhere between a distant memory and nonexistent. However, national security is likely to improve from this law.