How does the Cybersecurity Act of 2015 change the Internet surveillance laws? by Orin Kerr.
From the post:
The Omnibus Appropriations Act that President Obama signed into law last week has a provision called the Cybersecurity Act of 2015. The Cyber Act, as I’ll call it, includes sections about Internet monitoring that modify the Internet surveillance laws. This post details those changes, focusing on how the act broadens powers of network operators to conduct surveillance for cybersecurity purposes. The upshot: The Cyber Act expands those powers in significant ways, although how far isn’t entirely clear.
…
Orin covers the present state of provider monitoring which sets a good background for the changes introduced by the Cybersecurity Act of 2015. He breaks the new authorizations into: monitoring, defensive measures and the ability to share data. If you are a policy wonk, definitely worth a read with an eye towards uncertainty and ambiguity in the new authorizations.
It isn’t clear how relevant Orin’s post is for law enforcement and intelligence agencies, since they have amply demonstrated their willingness to disobey the law and the lack of consequences for the same.
Service providers should be on notice from Orin’s post about the ambiguous parts of the act. On the other hand, Congress will grant retroactive immunity for law breaking at the instigation of law enforcement, so that ambiguity may or may not impact corporate policy.
Users: The Cybersecurity Act of 2015 is confirmation that the only person who can be trusted with your security is you. (full stop)