Friday, January 1, 2016

CISA and Cybersecurity



darthvaderbill
Image thanks to Kitguru

On December 18th, President Obama signed into law a large "omnibus" funding bill. There were many celebrated parts of the bill, such as the $19.3 billion dollar budget for NASA and nearly $700 billion in tax breaks. It also plays host to a bill that goes by the name of CISA.

The Cybersecurity Information Sharing Act (CISA) is far from popular on the internet; many sources such as Kitguru and Reddit denounce the bill, saying that it threatens the privacy of all individuals on the internet.

The gist of the bill is that it allows businesses to share data with the government that was affected/targeted by a cyberattack. Now understand that it isn't that simple; for example, participating companies would need to attempt to "scrub" the data of customer ID's before handing it over to the government when it is not required to identify the threat. Yay for vague wording.

It's not explicitly stated, but the government has promised not to prosecuted non-cyber crimes based on the information they receive.

 As Benjamin Franklin states, ”Those who sacrifice liberty for security deserve neither.”

And yet I don't think it's that simple. It seems too easy to hop on this bandwagon, beseeching big government trying to meddle in things like the internet, using the whole "PRIVACY" slogan and what not. I don't agree with Franklin's statement, mostly because it tries to have its cake and eat it too; security and freedom both share the same space, draw from the same well of human resource. In addition, our cries for deregulation and smaller government seem awfully reminiscent of the days leading up to the Great Depression. 

In Ted Koppel's book Lights Out, he outlines a terrifying image of the state of cyber warfare in today's world. Gone are the days where weapons of mass destruction were confined to the great superpowers of the world, who grew to understand the gravity of the powers at their disposal. Now, in a world in which everything and anything relies on the internet and electricity to some extent, every single computer becomes a nuclear briefcase. CISA, as poorly written as it might be, at least attempts to address the gaping holes in our national cyberdefense by sharing information about the attacks with the government. 

But let's hear it from your perspective:

How far should government be allowed to go with such a bill? Does the breach in privacy represent a compelling government interest? Is it the least intrusive method of the achieving it? Would this act be upheld as constitutional under the review of the Supreme Court?

How big of an issue is cybersecurity? Should be focusing on other issues?

What is the role of government in that delicate balance between security and privacy? Does this overstep the boundary, is it right only in concept, or should the entire idea of the bill burn in the fiery depths of Big Brother ideas?

[And please ask if something here doesn't seem backed up / an idea confuses you.]

Sources:
Koppel, Ted. Lights Out: A Cyberattack, a Nation Unprepared, Surviving the Aftermath. New York City: Crown, 2015. Print.

1 comment:

Sameer Jain said...

I think that part of the issue with CISA was that it was "snuck" into a large omnibus bill. When people voted to pass that bill, they weren't necessarily voting for CISA, but rather the other parts of that omnibus bill.

That being said, I'm not exactly sure how I feel about CISA being passed. While I do think that this is quite intrusive, I also know that this will make it much easier for the government to deal with criminals. I think that the Supreme Court will make it legal, saying that it serves a compelling governmental interest to look at online activity.

Cybersecurity is only going to play a larger role in politics as the internet becomes even more accessible than it already is both domestically and internationally. If the issue is not dealt with now, it will definitely come back later. It could be dealt with later with few repercussions, I think.