With the U.S. Senate set to go on recess for the remainder of the summer, consumers and Internet users rejoiced, assuming that the judgment over the Cybersecurity Information Sharing Act would be delayed to the fall. This would give spokespersons and activist groups more time to protest and pray for amendments to the bill. In fact, the Washington Examiner reported that 6 million anti-CISA faxes have already been sent to Senators' offices in an attempt to squash it. Now, there is another reason to be concerned about the bill.
As the source explained, Senate is in its final work week, and CISA is next in line for examination. If the cybersecurity-related bill is chosen before recess, Senators have to make a decision by end of day August 7. In short, consumers and organizations should be worried about their cyberprivacy and data security if CISA passes as is.
"CISA would create incentives for businesses to share data on cyberthreats with federal agencies."
What is CISA?
CISA is a catch-all bill that is meant to pass some important cybersecurity measures alongside some dubious - at best - data sharing laws.
The Wall Street Journal reported that CISA would create incentives for businesses to share data on cyberthreats with federal government agencies. These agencies would then analyze and perhaps send that data to other firms in an attempt to protect the American people and their companies from cybercrime. Simply put, CISA will give the National Security Agency and other federal agencies access to corporate and personal information, and they can give that data to anyone else if necessary.
Furthermore, the Washington Examiner noted that Senators have similar fears. Sen. Ron Wyden (D-Ore.) explained to the source that CISA needs many amendments before he supports it, because right now, the bill is "incredibly flawed" and represents "tremendous" government overreach.
"This bill doesn't do anything tangible to protect Americans," Wyden warned, according to the source.
The Electronic Frontier Foundation, a digital privacy advocacy group, is concerned that CISA is too ambiguous in regard to private information sharing, since it could "[permit] the government to use that data for reasons far beyond cybersecurity," the Washington Examiner highlighted.
"The U.S. government already demonstrated a failure to proactively guard sensitive information."
What this all means
If companies such as Google, Amazon and Apple agree to share information with the government, they are essentially becoming spies for federal agencies, which can also give that data to other organizations in an attempt to conduct an investigation. Simply put, what would be stopping the government from accessing personal privately stored data on Google Drive, on Amazon servers or in Apple's iCloud?
Furthermore, after the U.S. Office of Personnel Management breach and a slew of other government-impacted cyberattacks, who is to say that federal agencies will keep everyone's personal data safe? They've already demonstrated a failure to proactively guard sensitive information.
Data-centric security as a solution
The best way to prepare for CISA and other similar bills would be to completely lock down data - make it impossible for even Google or Apple to read information. With CloudMask, private data stays private, as it protects information from storage providers and other organizations that have access to storage services.
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmask
