The business community is launching a big push for the Cyber Information Sharing Act over the recess, with the Chamber of Commerce pushing hard and now the Financial Services Roundtable’s Tim Pawlenty weighing in today.
Pawlenty is fairly explicit about why banks want the bill: so that if they’re attacked and share data with the government, they cannot be sued for negligent maintenance of data.
“If I think you’ve attacked me and I turn that information over to the government, is that going to be subject to the Freedom of Information Act?” he said, highlighting a major issue for senators concerned about privacy.
“If so, are the trial lawyers going to get it and sue my company for negligent maintenance of data or cyber defenses?” Pawlenty continued. “Are my regulators going to get it and come back and throw me in jail, or fine me or sanction me? Is the public going to have access to it? Are my competitors going to have access to it? Are they going to be able to see my proprietary cyber systems in a way that will give up competitive advantage?”
CISA has been poorly framed, he explained.
“It should be called the cyber teamwork bill,” Pawlenty said.
As I’ve pointed out repeatedly, what the banks would get here is far more than they get under the Bank Secrecy Act, where they get immunity for sharing data, but are required to do certain things to protect against financial crimes.
Here, banks (and other corporations, but never natural people) get immunity without having to have done a damn thing to keep their customers safe.
Which is why CISA is counterproductive for cybersecurity.