What good is CISA, anyway?
Now that both the House and Senate have passed information sharing bills that are strikingly similar but not identical, the prospects for a change in the law are good. But what changes, and how much difference will they make to network defenders? That’s the topic we explore in episode 87 with our guest, Ari Schwartz. Ari has just finished a tour as senior director for cybersecurity on the United States National Security Council Staff at the White House. He and I and Alan Cohn go deep into the weeds so you won’t have to. Our conclusion? The main value of the bill is that it frees some companies from aging privacy rules that prevented information sharing with groups that include the government. It also enables companies to monitor their networks without fear of liability under even older privacy laws preventing interception of communications without all parties’ consent. The other lesson to be drawn from the bill is that privacy groups are still something of a paper tiger without business support. More than seventy senators voted for CISA over the bleeding bodies of every privacy group in the country.
In other news, Maury Shenk and I unpack the latest claim that the US and EU have agreed in principle on a deal to replace the Safe Harbor struck down by the European Court of Justice. We’re profoundly skeptical that a deal will be reached quickly, or that it will actually give companies much in the way of safety.
Jason Weinstein provides a blow by blow recounting of the fight between Apple and the Justice Department. The real question is whether Magistrate Judge Orenstein will call the fight for Apple before the defendant is sentenced. We think he will.
Also in the category of “Put me in the newspaper, I’m a pro-privacy judge,” the Fourth Circuit panel that insisted on a warrant for historical cell tower location data had better enjoy their fifteen minutes of fame now. Their opinion is going to be reviewed en banc – and Jason and I are betting it won’t survive.
Finally, it looks as though privacy groups didn’t just waste money asking the Second Circuit to block the last month of the section 215 bulk collection program. They actually managed to effectively overrule the only court of appeals decision finding the program unlawful. In rejecting the privacy campaigners’ motion for an injunction, the Second Circuit declared that Congress had knowingly authorized it and therefore that it no longer violated the relevant statute. Pyrrhus salut.