Congress Drops All Pretense: Quietly Turns CISA Into A Full On Surveillance Bill
Snip
1. Removes the prohibition on information being shared with the NSA, allowing it to be shared directly with NSA (and DOD), rather than first having to go through DHS. While DHS isn't necessarily wonderful, it's a lot better than NSA. And, of course, if this were truly about cybersecurity, not surveillance, DHS makes a lot more sense than NSA.
2. Directly removes the restrictions on using this information for "surveillance" activities. You can't get much more direct than that, right?
3. Removes limitations that government can only use this information for cybersecurity purposes and allows it to be used to go after any other criminal activity as well. Obviously, this then creates tremendous incentives to push for greater and greater information collection, which clearly will be abused. We've just seen how the DEA has regularly abused its powers to collect info. You think agencies like the DEA and others won't make use of CISA too?
4. Removes the requirement to "scrub" personal information unrelated to a cybersecurity threat before sharing that information. This was the key point that everyone kept making about why the information should go to DHS first -- where DHS would be in charge of this "scrub". The "scrub" process was a bit exaggerated in the first place, but it was at least something of a privacy protection. However, it appears that the final version being pushed removes the scrub requirement (along with the requirement to go to DHS) and instead leaves the question of scrubbing to the "discretion" of whichever agency gets the information. Guess how that's going to go?
Snip
https://www.techdirt.com/articles/20151215/06470133083/congress-drops-all-pretense-quietly-turns-cisa-into-full-surveillance-bill.shtml