New York Times:
After four years of false starts and strife over privacy protections, the Senate passed legislation by a vote of 74 to 21 on Tuesday that would help companies battle a daily onslaught of cyberattacks.
But there is one problem with the legislation, the Cybersecurity Information Sharing Act, or CISA: In the years that Congress was debating it, computer attackers have grown so much more sophisticated — in many cases, backed by state sponsors from Shanghai to Tehran — that the central feature of the legislation, agreements allowing companies and the government to share information, seems almost quaint. To many in the trenches of daily computer combat, it is a little like the insistence of some cavalry officers in the 1930s on sticking to horses, rather than investing in mechanized divisions.
The most vocal opposition has come from the Center for Democracy and Technology and the American Civil Liberties Union, which both argue that the Senate bill could be abused by the National Security Agency and Federal Bureau of Investigation to obtain information on Internet users, unrelated to cybersecurity threats, without a warrant. In its current form, any cyberthreat information shared with the Department of Homeland Security would be shared with the N.S.A., the F.B.I. and other agencies.
The bill “risks turning the cybersecurity program it creates into a backdoor wiretap by authorizing sharing and use of cyberthreat indicators for a broad array of law enforcement purposes that have nothing to do with cybersecurity,” Greg Nojeim, a senior counsel at the Center for Democracy and Technology, wrote in a blog post.