Don't flush privacy in the name of security

On the face of it, the Cyber Intelligence Sharing and Protection Act (CISPA) that the U.S. House of Representatives just passed seems to address the long-held notion that encouraging private and public sector concerns to share security information will improve our general security.

And while the goal of CISPA is noble and the need warranted (even coveted by some enterprises looking for a way to share information while reducing legal liability), the devil is in the details, and unfortunately CISPA goes too far in terms of trading off our liberties.

BACKGROUND: House passes CISPA cyberthreat sharing bill, despite privacy concerns

INFOGRAPHIC: Breaking down CISPA

CISPA, which passed the house by a vote of 248-168, would lead to the establishment of "procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and utilities and to encourage the sharing of such intelligence."

The bill identifies types of data the federal government will not be able to share, including library usage and book purchase records, and firearm, tax, education and medical records. And it would limit the government to using cyberthreat information for: cybersecurity, cybersecurity crimes, protection of individuals from death or bodily harm, risk of sexual exploitation (such as child pornography) and national security.

The effort to focus the goal on information sharing while preventing abuse could be why the bill has received the backing of tech giants such as IBM, AT&T, Oracle and Symantec. As Facebook says in a letter to Congress, "Your legislation removes burdensome rules that currently can inhibit protection of the cyber ecosystem, and helps provide a more established structure for sharing within the cyber community while still respecting the privacy rights ... of users."

http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/FacebookHR3523.pdf

But CISPA detractors, a list that include the Electronic Frontier Foundation and the ACLU, say the terms of use are too broad to safeguard citizens' right to privacy (what is "cybersecurity"?). More concerning: CISPA would allow companies to share information with government military entities, including the National Security Agency, and then protect the companies who shared the information from citizen lawsuits if someone cries foul.

CISPA even spooks GOP presidential candidate Ron Paul, who said in a speech: CISPA "permits both the federal government and private companies to view your private online communications with no judicial oversight ... It permits them to hand over your private communications ... without a warrant, circumventing the well-known established federal laws like the Wiretap Act and the Electronic Communications Privacy Act" (see http://rt.com/usa/news/ron-paul-against-cispa-753/).

CISPA, while seemingly good for business, is bad business. Hopefully the Senate, which is working on its own version (the Cybersecurity Act of 2012), will address the shortcomings.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article1

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark