Controversial cyber-security bill exposes personal data and privacy concerns in US

The controversial data-sharing bill passed by US Senate on Tuesday will allow large corporations to share data with government agencies, circumventing existing protection laws.

Despite months of lobbying from advocates of privacy, including some of the largest names in the tech sector, the US Senate voted 74 to 21 in favor of the Cyber-security Information Sharing Act (CISA).

Proponents of the new legislation claim it will empower organizations against a growing threat of cyber attacks, this year witnessed in the hacks of Sony Pictures, Target, Home Depot and Anthem Insurance.

Critics report that these new measures will, in fact, do little to prevent these breaches of security and rather, through the sharing of sensitive personal data, they allow for government monitoring.

Advocates of privacy; civil liberties, scholars, trade unions and prominent figures in the digital world, have all vocalized their objections to the new data-sharing act.

Apple, Dropbox, Twitter, Reddit, Yelp, various trade unions and whistleblower Edward Snowden, all previously calling for a scrapping of the bill, have now expressed disappointment in this latest blow to personal privacy.

“We don’t support the current CISA proposal,” Apple plainly stated. “The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy.”

Salesforce’s Chief Legal Officer, Burke Norton, clarified the cloud platform’s positioning on this matter, after activists accused the tech giant of seemingly advocating the move. “At Salesforce, trust is our number one value and nothing is more important to our company than the privacy of our customers’ data.”

The CISA means that detailed financial and health data, never before accessed by the US Government can be voluntarily shared between corporations and the Department of Homeland Security (DHS). The DHS will then be able to pass this information to government agencies such as the FBI and NSA.

The Guardian described the type of information that could be shared; ranging from credit card statements to drug prescription records.

The broad definition of “a cyber-security threat” within the bill, lends the legislature a huge degree of ambiguity combined with great power, effectively rendering the Freedom of Information Act (Foia) impotent.

This new legislation signifies a change in discourse, as lawmakers tread the very fine line between protection against cyber-threats and government surveillance in the US.

VPN Industry Leader Weighs In

Sociable spoke with Mohsin Khan, Senior Executive at hide.me the third largest global VPN technology provider, to weigh-in on his concerns for the future of online security.

Khan made clear his opinion on the bill, “The current version of the CISA threatens the basic human rights of privacy and gives the government and its agencies license for mass surveillance.”

With regard to the ambiguity that surrounds the CISA Khan warns, “The biggest challenge is that CISA doesn’t provide any clear measures through which it would regulate those given access to data. This is in my view, a serious threat.”

The topic of online privacy is particularly pertinent to the VPN industry. Awareness is growing over dangers of identity theft and online fraud. Worryingly, it has been seen that government intervention in many countries has been connected to a growth in surveillance activity, and censorship.

As a leader in the VPN industry, Khan warns there are mixed opinions on the subject of protection and privacy, “There are those who believe every internet user should have the right to privacy irrespective of the circumstances. On the other hand, many believe that privacy is a right but should not infer complete anonymity.”

The point is one of much contention. Developments such as the CISA mean big changes for an online community in need of protection from all types of cyber-threats, including the intrusion of privacy.