[tptacek]

Again: they can't be prosecuted for sharing, for monitoring, or for receipt of information. This is statutory language and the words matter.

If there's an authority under which Chrysler can be prosecuted for having vulnerabilities (spoiler: I don't believe there is), CISA doesn't change any of that. Certainly, there's no clear linkage between CISA sharing and a private actor's ability to sue Chrysler for torts emerging from vulnerabilities.

I don't even think there's a stretch reading of the statute that gets you where this blog post lands.

[newman314]

Because the government has NEVER demonstrated any behavior in deliberate (expanded) interpretation of the law to further their interests.

The lengths taken to interpret "torture" for instance. It used to be that we have a fairly logical, common sense interpretation of things but I think those days are gone. I mean, unlimited data should really mean unlimited data not subject to some arbritary cap or throttling .

[tptacek]

Non-falsifiable argument is non-falsifiable.

[newman314]

I wish your echo chamber of trust were true. Unfortunately, it's not.

[zmanian]

It is probably impossible for a lay person to understand how a court is likely to interpret statutory language. I prefer my analysis from folks who devote a substantial amount of time to it.

Marcy compares the CISA liability protections to the very similar Section 314(b) of the Patriot Act financial information sharing liability safe harbor.

It seems at least plausible that they will operate in a similar fashion if CISA becomes law.

https://www.emptywheel.net/2015/10/14/time-to-get-very-conce...

[tptacek]

But that statute has also never been used to shield vendors from lawsuit or prosecution for vulnerabilities!