CISA amendment may enable American courts to pursue and jail foreigners even if they have committed crimes against other foreigners and on foreign soil. According to the lawmakers, the main aim of the amendment to cybersecurity legislation, which has just passed a key Senate hurdle, is to lower the threshold for prosecuting crimes committed abroad. The problem is that the amended CISA would enable the courts to jail people not just for cloning the credit card or stealing the Netflix password, but also for breaching any US company online, no matter where it happens. This means that if a UK citizen hacks an Italian citizen’s credit card issued by the US payment system, he could be jailed for a decade in American prison under the amended law.

Of course, the legislation itself has already attracted heavy criticism from the US privacy advocates – for example, the EFF points out that the cybersecurity laws that would be broadened by CISA bill were used to prosecute the late founder of Demand Progress for downloading articles from the digital library of academic journals.

The stated purpose of the Cybersecurity Information Sharing Act is to establish a reporting system for private industry that would allow any company with a digital record of consumer behavior to pass threat information to the Department of Homeland Security. The latter, in its turn, would be then required to pass the information to the Federal Bureau of Investigation and other relevant authorities. This is why the DHS didn’t like the idea at all and has come out against the bill, claiming that such approach could sweep away important privacy protections. Unsurprisingly, the controversial bill is also facing mounting pressure from tech firms, which want it to be rewritten or scrapped altogether.

Another problem is that the CISA would also block any disclosures about what data about the cyber threat indicators had been shared. Republican senator Rand Paul proposed an amendment to the CISA which would disallow it from breaking user agreements between companies and their users. However, this particular amendment failed to pass, 32-65. In the meantime, Republican senator Richard Burr claimed that he would not entertain any more amendments to the Cybersecurity Information Sharing Act bill, and it is now expected to receive a vote in a few days.