While we hope many companies would jealously guard their customers' information, there is a provision in the bill that would excuse sharers from any liability if they act in "good faith" that the sharing was lawful.
Collected information could then be used in criminal proceedings, creating a dangerous end-run around laws like the Electronic Communications Privacy Act, which contain warrant requirements.
In addition to the threats to every American's privacy, the bill clearly targets potential government whistleblowers. Instead of limiting the use of data collection to protect against actual cybersecurity threats, the bill allows the government to use the data in the investigation and prosecution of people for economic espionage and trade secret violations, and under various provisions of the Espionage Act.
It's clear that the law is an attempt to give the government more power to crack down on whistleblowers, or "insider threats," in popular bureaucratic parlance. The Obama Administration has brought more "leaks" prosecutions against government whistleblowers and members of the press than all previous administrations combined. If misused by this or future administrations, CISA could eliminate due process protections for such investigations, which already favor the prosecution.