|
|
|
|
|
|
by jellicle
3895 days ago
|
|
|
> Example from today's AMA is FFTF's claim that CISA "exempts itself from FOIA", making it impossible to challenge in court: they're referring to Sec 4 (d) (4) (b), which exempts from FOIA individual shared indicators, which of course must be the case, because indicators are things like compromised account names and passwords. That's all the law exempts from disclosure. Nope. The bill clearly defines "cyber threat indicators" to include the entire content of whatever these companies disclose to the government. The things that make up "cyber threat indicators" go on for an entire page, and it's an "or" list rather than an "and" list. For Facebook, it would probably be something like a particular Facebook post that tripped their "threat" trigger, plus all the info that Facebook has about that user account (maybe every post that account ever made), including IP addresses that posted to that account and everything else. And yes, every single thing "shared" with the government (I'm reminded of "the sharing economy" with this usage) is entirely exempt from FOIA disclosure, as the CISA bill clearly says. And of course no cause of action shall lie in any court, so there's no help there either. So no, there will never be any way to review the scope or magnitude of this "sharing", apart from whatever information (truthful or not) the government deigns to share. Your description of CISA is the one that is straight up dishonest. |
|
|