Real-World Roadblocks To Implementing CISA

An anonymous reader writes: The recent approval of CISA (the Cybersecurity Information Sharing Act) by the US Congress and Senate is paving the way for broader security collaboration. If and when CISA is ratified into law, the chief obstacles to cybersecurity collaboration within the private sector will remain. CISA promotes sharing – but when dealing with cyber threat data companies are also concerned about other mandates which may govern the information being shared. These include anti-trust, privacy, sectorial directives and data protection regulations that affect many multi-national organizations.

The real purpose of CISA ..

The recent approval of CISA .. by the US Congress and Senate is paving the way for yet more surveillance of the civilian population under the pretext of national security.

Re:The real purpose of CISA ..

"The recent approval of CISA .. by the US Congress and Senate is paving the way for yet more surveillance of the civilian population under the pretext of national security."

Correct.

The (mass surveillance) by the NSA and abuse by law enforcement is just more part and parcel of state suppression of dissent against corporate interests. They're worried that the more people are going to wake up and corporate centers like the US and canada may be among those who also awaken. See this vid with Zbigniew Brzezinski, former United States National Security Advisor.

https://www.youtube.com/watch?v=n7ZyJw_cHJY

Brezinski at a press conference

https://www.youtube.com/watch?v=VWTIZBCQ79g

Major powers, and imposing control over the awakened masses.

https://youtu.be/4usbR_kKCDs?t=397

Obstacles to sharing? Doesn't matter.

[whoever57]

CISA isn't about sharing, it's about spying on our communications.

Re: Astroturf much?

Well, we have better technology than the Stasi.

Government paging industry

[ravenspear]

Wanna cyber?

Show me everything baby, I wanna see it ALL. :D

Ironic

Congress probably wants to get as much data about multi-national corporations so that they can leverage that data to tax more money out of them. Meanwhile, customers are watching to see if those corporations are giving their private data to government and what that will mean for them and their families. So it's a lose-lose for corporations. Then the NSA is paying security experts and mathematicians and stockpiling all of that information for itself, while other government agencies (which are huge stockpiles of individual information) remain open to the exact attacks it funds. Not a good environment for people or corporations.

Re:Devil's advocate... it may be useful.

[tlambert]

The only tools the US government has for security are getting insurance companies to not cover companies which are lax in security, or getting companies to privately share breaches so more high quality people can work on dealing with an attacker, find their methods, and find a way to mitigate it.

Extraordinary Rendition works great as a mitigation strategy. So does "shot while resisting arrest".

Sharing! Who can argue with sharing?

[r-diddly]

That's why I'm urging my Congressman to vote for this, and for the Copyright Violation Persecution and Snuggling Act!

Hmmm

[koan]

My opinion is that most everything I have read about CISA is "offering" already exist.
The sharing already exist, and to date does little to stop the rape of networks.

The main thing that caught my eye, and perhaps the entire reason for CISA, is too mitigate corporate liability in data sharing.
That's the only new thing under this toxic sun, immunity for corporations.

Re:Hmmm

[AHuxley]

No more parallel construction. The courts can be presented with clear path to the decrypted material as the company 'helped' from the start.
Warrant? The users understood if the corporation saw something strange in any database it would, could, has, will share all data with law enforcement.
This new US legal system really removes the final protections by getting US corporations to report on users by default with out the tricky questions of how or why the government even started looking :)
Legal teams now get the origins of the case in open court, the corporation reported that... account .... user.
Decryption? The corporation intercepted and found, saved the material as presented to the government.
The only questions left for the lawyer is the expensive methods used to 'scan' all data in/out in real time ;) Who paid for the new expensive systems to scan internal networks? What is been looked for in real time? Can the court see the code and methods that found the material?
Do the "corporations" now get protection to hide sensitive information about gov friendly systems from a court too?
As for network security? Stop putting readable, searchable plain text material on fast internet facing systems.

Re:Hmmm

[koan]

But doesn't everything you have stated mean that the "authorities" and "agencies" have become hopelessly dependent on this computer data gleaned from corporate and their own spying.

This narrowing down of sources means one thing, all one has to do to avoid scrutiny is not use ANY of it.

If anything, they have crippled themselves.

Re:Hmmm

[AHuxley]

Re "hopelessly dependent on this computer data gleaned from corporate and their own spying."
Thats what "collect it all" is doing now but with no US legal cover. Re "avoid scrutiny is not use ANY of it."
A lawyer will have to be found with a security clearance. Can a family afford that private sector cost for long with all reported accounts been frozen at the start of the long, secret investigation?
That locks out a lot of the more skilled and charismatic legal teams from even been requested.
So the gov steps in and offers a free "security clearance" ready lawyer :) No talking to the press due to the security clearance.
That would avoid avoid all questions in open court or comments to the media outside courts.
Re "If anything, they have crippled themselves."
Yes why would any global brand be seen near a US entity if all the data is been handed to the US gov as a default.
Secure US cloud computing only has two sets of keys: yours and the US governments will be a hard sell. Free 24/7 US gov "security" scans with every account?
CISA had no protections as to what could be sold, handed over, when or why from the private sector to the US gov. The US gov can use any and all data it is offered. No limits to what is requested, offered, sold or kept..
The press and media cannot even ask too many questions as that would go to hidden methods and ongoing cases :) The Freedom of Information Act (FOIA) was not expanded to cover legally important parts of CISA :)
CISA brings collect it all and parallel construction in from the cold. Warrantless domestic surveillance is now legal and kept legally hidden.

Re: Hmmm

[koan]

Food for thought, here is something you might be interested in.
http://chuckspinney.blogspot.c...

If and when - aargh

[sapped]

The phrase "if *and* when" really grates my nerves. Especially when we've just had an article on Boolean logic come through recently. It's one or the other people. It cannot be both. One indicates a conditionality and the other indicates a certainty.

Re:There's the problem

[beastofburdon]

Where's the phalanx of 'small government' bigots, the tinfoil hat fanatics foreseeing government interference and totalitarian oppression?

They are sitting there saying "told you so" and laughing while a single tear falls to remind them that their worst nightmares are actually real.