Two weeks ago, the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA). But thanks to internet activism and advocacy by organizations like the 老澳门开奖结果 and the Electronic Frontier Foundation, including 28 Republicans, the House Democratic leadership, and a chunk of members who sit on the Intelligence and Homeland Security Committees.
What happens next? CISPA never had much of a chance in the Senate, but after the , and resounding bipartisan 鈥渘o鈥欌漹ote in the House, it won鈥檛 be going anywhere any time soon. The Senate will likely take up its own cybersecurity bill, , in June. The CSA is over two hundred pages long and deals with many cyber issues that are civil liberties neutral. But the CSA would also unnecessarily threaten our privacy.
While it is better than CISPA, the CSA similarly creates an exception to every privacy law on the books so that companies that hold our sensitive personal information can share it with the government, including possibly the military. Title VII of the bill governs information sharing. Here鈥檚 what you should know about it:
鈥 What Information Can Be Shared: 鈥淣otwithstanding any provision of law,鈥 meaning without regard to any existing privacy law, 鈥渃yber threat indicators鈥 can be shared, just as with CISPA, but in this case only if companies make 鈥渞easonable efforts鈥 to remove information that can be used to identify specific people unrelated to the cybersecurity threat. That restriction is of course a positive step, but standing alone, it is not enough.
鈥 Who Can It Be Shared With: Information can be shared with government 鈥渆xchanges,鈥 which will be appointed by the Department of Homeland Security. The CSA does not require these exchanges to be in civilian agencies and therefore would permit the NSA or other military agencies to become direct repositories for broad swaths of American internet information. Information can also be shared with other companies.
鈥 How Can the Information Be Used: The government can use the information for cybersecurity, but can also distribute it and use it for law enforcement purposes totally unrelated to cybersecurity. Further minimization procedures will be promulgated by DHS and approved by the Attorney General. Companies can use the information they receive from each other or the government for cybersecurity purposes.
鈥 Oversight and Accountability: Privacy officers from various government agencies will write an annual report to Congress, but it need not be made public. The Privacy and Civil Liberties Oversight Board will do a report 鈥 that is, if the Board, which does not currently have any members, is ever constituted. The bill contains generic directives for heads of agencies to enforce the rules and report violations to the Justice Department.
While the legislation isn鈥檛 as bad as CISPA, because of its problems the 老澳门开奖结果 and 33 other organizations from across the political spectrum have demanded changes to the bill, including eliminating the possibility of the NSA or other military agency directly collecting information on Americans鈥 internet use. You can contact your Senators to tell them to oppose any bill that contains such an authority.