To answer that question, you need to have a pretty complete understanding of the "powers" service providers already have under the ECPA, and the "powers" they can enforceably claim through contracts (like privacy policies). Those preexisting "powers" are already very broad; they are not, for instance, nailed down to specific definitions of "cybersecurity threats".
- The bill has a very broad, almost unlimited definition of the information that can be shared with government agencies notwithstanding privacy and other laws;
- The bill is likely to lead to expansion of the government’s role in the monitoring of private communications as a result of this sharing;
- It is likely to shift control of government cybersecurity efforts from civilian agencies to the military;
- Once the information is shared with the government, it wouldn’t have to be used for cybersecurity, but could instead be used for any purpose that is not specifically prohibited.
What information that service providers and app providers are currently not authorized to share under the 1986 ECPA would become lawful to share under this act?
