The Cybersecurity Information Sharing Act (CISA) suggests to grant broad latitude to tech companies, data brokers and others to mine user data and then share it with certain authorities.
Following the recent query, the DHS responded that some provisions of the law could sweep away privacy protections. Besides, the agency’s representatives also said that the proposed legislation raised privacy and civil liberties concerns. The most questionable companies are Google, Facebook and Comcast, all having large hoards of Internet user behavior, as well as data brokers.
The discussions emerged in the private sector, where the use of personal information at scale is mostly unregulated. As for data brokers, they are anxious to avoid losing the ability to aggregate vast quantities of personal information, because the sale and licensing of consumer databases is a very lucrative practice, especially today, when online advertising booms and TV advertising becomes more sophisticated.
Besides, CISA’s mandate would cover the publicly used interfaces of the health insurers and banks, such as American Express, Aflac and Bank of America. Some industry observers point at the language in the law that would give participants immunity not just from prosecution, but also from regulatory action.
The fears are that if the bill were to pass and companies were to cooperate with the agencies, the amount of data disclosed to the federal government could easily extend to credit card histories, lists of goods purchased and even healthcare records.