[ISN] Even DHS Doesn’t Want the Power It Would Get Under CISA

www.defenseone.com/threats/2015/10/even-dhs-doesnt-want-power-it-would-get-under-cisa/123015/ By PATRICK TUCKER defenseone.com OCTOBER 21, 2015 The Senate is currently debating a bill to give Department of Homeland Security unprecedented access to personal information, a measure intended to help to protect the nation from cyber attacks. Yes, that DHS, whose director had his Comcast account hacked yesterday. Even stranger: DHS doesn’t even want the power it would be granted. The bill is the Cyber Information Sharing Act, or CISA. It would give companies legal immunity to send DHS a broad range of information about the users of their websites. DHS would then be allowed to speed that (nominally anonymized) information along to the NSA, DoD, FBI, the FCC or other bodies. Through a byzantine series of twists and turns, that could potentially include foreign militaries. In July, DHS officials pointed out various problems with CISA in a seven-page memo. They argued, among other things, that the bill “could sweep away important privacy protections, particularly the provisions in the Stored Communications Act limiting the disclosure of the content of electronic communications to the government by certain providers.” But hey, what’s a little privacy loss in the name of better security? Unfortunately, according to DHS’s memo, CISA fails there, too. “These provisions would undermine the policy goals that were thoughtfully constructed to maximize privacy and accuracy of information, and to provide the NCCIC with the situational awareness we need to better serve the nation’s cybersecurity needs,” it said. […]