Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyber threat protections vs. personal data privacy

Kenneth Corbin | April 12, 2013
The Cyber Intelligence Sharing and Protection Act (CISPA), a modified information-sharing bill, passes the House Intelligence Committee by a wide margin, in order to help better protect American businesses from cyber looters. However, despite ammendments, privacy advocates still see the bill as a threat to personal data privacy protections.

A controversial cybersecurity bill that would seek to improve the sharing of threat information between businesses and the government has cleared a House committee and appears headed for a debate on the floor next week.

The Cyber Intelligence Sharing and Protection Act, or CISPA, passed the House Intelligence Committee on Wednesday by a vote of 18-2, with its backers, committee Chairman Mike Rogers (R-Mich.) and Ranking Member Dutch Ruppersberger (D-Md.) stressing the urgency of updating the legal framework to shore up the defenses of sensitive digital networks in the face of mounting attacks from hackers, many seeking to steal trade secrets and other intellectual property.

"Cyber hackers from nation-states like China, Russia and Iran are infiltrating American cyber networks, stealing billions of dollars a year in intellectual property, and undermining the technological innovation at the heart of America's economy," Rogers said in a statement on the committee's passage of CISPA. "This bill takes a solid step toward helping American businesses protect their networks from these cyber looters."

The bill that passed the intelligence committee included several amendments designed to address the concerns of critics, particularly those who have warned that the measure would give a green light to businesses to funnel troves of personal information collected from their users to secretive military agencies like the National Security Agency with minimal accountability.

Privacy Rights Groups Remain Conflicted about CISPA

But those adjustments are fairly modest compared to the substantial changes that privacy rights groups like the American Civil Liberties Union and the Electronic Frontier Foundation have been seeking. They have warned that CISPA could become a pretext for an extensive government surveillance operation that could ensnare the contents of people's emails, online chats and browsing histories in the name of cybersecurity.

In an Op-Ed that appeared in Politico earlier this week, ACLU legislative counsel Michelle Richardson called CISPA "an unmitigated and unaccountable mess for Internet users' private data."

Richardson argued that the bill must be modified to state unequivocally that users should have control over how their information is collected, and that it should incorporate provisions limiting the sharing and use of data and directing companies to make every effort to remove personally identifiable information from the transmissions they share with the government.

CISPA Ammendments Don't Assuage ACLU's Privacy Objections

The amendments attached to the version of CISPA that passed the committee stopped short of those criteria, but were nonetheless intended to address some of the concerns that have clouded the bill since it first appeared in the last congress.

One amendment stipulates that businesses can only collect and share information under a CISPA mandate for cybersecurity applications, barring them from using that information for marketing or other purposes.


1  2  Next Page 

Sign up for Computerworld eNewsletters.