Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Lawmakers reintroduce cyberthreat information-sharing bill

Some privacy and civil liberties groups say that CISPA still allows companies to share too much privacy information
  • (IDG News Service)
  • 13 February, 2013 20:57

Two U.S. lawmakers have reintroduced a controversial cyberthreat information-sharing bill over the objections of some privacy advocates and digital rights groups.

As promised, Representatives Mike Rogers, a Michigan Republican, and C.A. "Dutch" Ruppersberger, a Maryland Democrat, have reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that would allow private companies to share a wide range of cyberthreat information with U.S. government agencies.

New legislation is needed to protect the U.S. from cyberattacks coming from Iran and other countries, said Rogers, chairman of the House of Representatives Intelligence Committee. Cyberattacks have "exploded into what is an epidemic," he said during a briefing on the bill. "We are in a cyberwar -- most Americans don't know it, most folks in the world probably don't know it -- and at this point, we're losing."

The bill can help U.S. agencies and businesses address their toughest cybersecurity problems, Rogers said. "It's not a surveillance program, it's in real time, at the speed of light, exchanging zeros and ones when it comes to malicious software to catch it and stop it," he said.

Several privacy and digital rights groups have said the bill allows companies to share too much private information with government agencies, without sufficient oversight. The U.S. House of Representatives passed CISPA last April, but the legislation failed to advance in the Senate after the White House threatened a veto over privacy concerns.

The privacy protections in the new bill are "woefully inadequate," Sharon Bradford Franklin, senior policy counsel at civil liberties group the Constitution Project, said in an email. "If passed in its current form, it would allow companies that hold sensitive personal information to share it with the federal government, including with agencies that have a history of domestic spying, which could then potentially use the information for purposes totally unrelated to cybersecurity," she added..

Rogers and Ruppersberger said they've addressed privacy concerns in the new bill, although several privacy groups still voiced opposition to CISPA. The lawmakers have worked with privacy groups and will work with the White House as the bill moves forward, Ruppersberger said.

The two sponsors engaged in "lengthy negotiations" on privacy concerns, Ruppersberger said. The new bill has narrowed the definition of information that can be shared and sets strict restrictions on the government's use and searching of the data, the sponsors said.

The two lawmakers introduced CISPA a day after President Barack Obama signed an executive order focused on allowing federal agencies to share cyberthreat information with U.S. businesses and on creating voluntary cybersecurity standards for operators of critical infrastructure.

The bill is needed in addition to the executive order to enable wider sharing of cyberthreat information than the order allows, Rogers said. While Obama's order allows federal agencies to share cyberthreat information with companies, the bill would allow agencies to share classified information and would allow U.S. businesses to share cyberthreat information with each other and with government agencies.

CISPA also protects businesses that share cyberthreat information from lawsuits.

Some tech companies and trade groups, including Verizon Communications and the National Cable and Telecommunications Association, praised the bill. The sharing of cyberthreat information is a "critical missing link in our efforts to detect and deter cyberattacks," Michael Powell, NCTA's president and CEO, wrote in a letter to the sponsors.

But the American Civil Liberties Union and Demand Progress, a digital rights group, both repeated their opposition to CISPA.

"CISPA does not require companies to make reasonable efforts to protect their customers' privacy and then allows the government to use that data for undefined national-security purposes and without any minimization procedures, which have been in effect in other security statutes for decades," the ACLU said in a statement.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: IDG, Verizon, Verizon
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: National Cable and Telecommunications Association, Michael Powell, Sharon Bradford Franklin, Demand Progress, internet, Barack Obama, legislation, Verizon Communications, American Civil Liberties Union, C.A. "Dutch" Ruppersberger, security, U.S. House of Representatives, Constitution Project, government, Mike Rogers
Latest Blog Posts
Whitepapers
  • How to Successfully Select an ERP System
    An Enterprise Resource Planning (ERP) system is a series of software applications that collect and compiles data from different departments to enhance collaboration and co-ordination within the business. If you’re looking to implement your first ERP system, or to upgrade from an existing system, this whitepaper offers eight simple steps for selection that will lead to long-term strategic success.
    Learn more »
  • PCI DSS v3.0 - Compliance Guide
    Due to a lack of consumer confidence and a subsequent drop in sales, all entities that handle credit cardholder information are being challenged to adopt more effective data protection measures. This paper provides information on available tools to help validate compliance with the latest version of the Payment Card Industry Data Security Standard (PCI DSS).
    Learn more »
  • Using All-Flash Arrays to Solve Tier-1 Database Problems
    Latency is the life-blood of any database application. When transactions slow, it is often a direct result of disk contention at the storage layer driving-up storage I/O latency, which directly translates into slower transactions and a slower end-user experience. Moving to an all-flash architecture for your database affords immediate and obvious performance benefits, but also introduces a whole host of operational benefits: - Simplify operations - Eliminate tuning - Provide a price point that is less expensive than disk based and even hybrid systems
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments

Computerworld
ARN
Techworld
CMO