As reported by
What is CISA?
CISA is a piece of legislation that is currently being debated in the United States legislative branch and being rushed to try to bring a vote.
That was the idea behind the
CISA’s architects wanted it to be immune to
Data protection standards vary across the world, and historically US law has not provided the same level of protection for personal data as exists in the EU. As a result, European data protection laws have typically required parties transferring data fr om the EU to the United States to obtain informed consent to the transfer of data and/or take purposive steps to safeguard it to European standards.
The ruling by the CJEU union has far reaching consequences since the Charter of Fundamental Human Rights is anchored in the Lisbon treaty. This means the rulings are legally binding and can’t be circumvented by new treaties as
The Safe Harbor scheme was one way in which data could be lawfully transferred to the United States. It was set up in 2000 by a European Commission finding that adequate protection for personal data would be provided by US undertakings that self-certified their adherence to a set of rules known as the Safe Harbor principles.
What’s happened with Safe Harbor?
In the case of Schrems v Data Protection Commissioner, the CJEU has now decided that Safe Harbor is not, in fact, safe enough. In particular, the CJEU found that the Commission’s decision establishing the Safe Harbor scheme was flawed, and is therefore invalid.
More generally, the CJEU also confirmed that a Commission decision that a third country ensures an adequate level of protection for an individual’s personal data and related rights does not stop either (i) an individual bringing a claim in relation to the transfer of his personal data to that country; or (ii) a national data protection authority from investigating his complaint.
What’s happening with CISA?
Burr also likened this bill to a neighborhood watch, wh ere everyone in the neighborhood looks out for the entire neighborhood. He neglected to mention that that neighborhood watch would also include that nosy granny type who reports every brown person in the neighborhood, and features self-defense just like George Zimmerman’s neighborhood watch concept does. Worse, Burr suggested that those not participating in his neighborhood watch were had no protection, effectively suggesting that some of the best companies on securing themselves — like Google — were not protecting customers. Burr even suggested he didn’t know anything about the companies that oppose the bill, which is funny, because Twitter opposes the bill, and Burr has a Twitter account.
Yes, the Vice Chair of SSCI really did say that the OPM hack was less serious than a bunch of other other hacks that didn’t affect the national security of this country. Which, if I were one of the 21 million people whose security clearance data had been compromised, would make me very very furious.
Where do Tech Companies Stand?
The bill would allow private industry to share user information with the Department of Homeland Security, which would be compelled to share it across “relevant government agencies”, presumably including the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA). The bill has been touted by its supporters, notably the US Chamber of Commerce, as entirely voluntary, but in fact, as Wired points out, other such “voluntary” programs
Restrictions on the kinds of data private industry can compile from customers are significantly more lax than those within the government itself, and the granular levels of detail businesses could offer the government about user behavior – which are currently used primarily for advertising – have become a heated topic of debate
Apple in particular came out swinging against the bill on Tuesday evening, issuing a statement saying that it did not support “the current CISA proposal,” to
Fight for the Future’s list doesn’t just cover CISA; the group also breaks down industry support for the NSA-backed plan to ins ert “back doors” into cryptography and whether respondents support reform of the Electronic Communications Privacy Act, or ECPA (Reagan-era legislation which allows law enforcement to request all electronic messages older than six months by serving the provider with a subpoena, rather than a search warrant)
What Steps Can Be Taken?
In the United States, Congress has alternative legislation that would be better for privacy and better for security. To start, the Senate should approve the Judicial Redress Act, already approved by the House of Representatives. The Bill would extend a limited set of privacy protections to individuals from certified countries (including, presumably E.U. Member States). It would grant limited rights to to non-U.S. citizens in cases when their personal information transferred for law enforcement purposes has been misused under certain sections of the
Congress should also reform FISA Amendments Act Section 702, which is se t to sunset at the end of 2017, to bring elements of the National Security Agency’s spying in line with international human rights standards. The CJEU based its decision on two programs operated under 702 — PRISM and Upstream — which most egregiously affect non-U.S. persons. The NSA uses PRISM to obtain internet communications from U.S. tech companies and Upstream to query data entering the U.S. through fiber optic cables. In addition, we need
What suggestions do you have to counter the legal Cyber Fail Chain?