Other changes would bar companies from retaliatory hacking against entities that they believe have infiltrated their systems, as well as minimization provisions intended to limit the information being shared and used under the bill, and a removal of the open-ended term "national security" as an authorization for government use of data that it received from the private sector. The amended bill would also create an oversight role for federal privacy officials to review the government's data-collection and usage activities.
Reached by email Thursday morning, Richardson said that the amendments did little to assuage the ACLU's privacy objections, affirming that the group will continue to work to defeat CISPA.
"We are disappointed that the main problems with the bill were not fixed in the markup, especially the lack of civilian control [of] this new collection program and the lack of direction to companies to protect personally identifiable information," Richardson said. "We continue to oppose the bill."
Industry Groups Praise CISPA
Industry groups, meantime, praised CISPA for offering long-overdue legal protections for companies to share vital threat information. Robert Holleyman, president and CEO of BSA, a trade group representing the software industry, hailed the version of the bill that cleared committee for striking a balance that could bolster defenses against cyber intrusions while still protecting users' privacy.
"BSA particularly commends the committee's adoption of several amendments to strengthen privacy protections as the public and private sectors share information about cyber threats," Holleyman said in a statement. "BSA firmly believes that increased cybersecurity does not have to come at the expense of privacy or civil liberties. On the contrary, increased security can enhance citizens' privacy by preventing private information from ending up in the hands of cyber criminals."
Sign up for Computerworld eNewsletters.