Heh, it’s funny how making noise really can make a difference. In response to public criticism and political pressure, Representative Adam Schiff intends to propose an amendment to the Cyber Intelligence Sharing and Protection Act (CISPA), to bolster its privacy protections.
As we’ve written before, there is a certain tenseness among those in Washington at the moment, being fearful of another embarrassing public revolt like the on that famously killed the Stop Online Piracy Act (SOPA), which had been skating right along to passage.
Now, we’re not going to re-litigate CISPA in this post, you to learn more about it, head here. The purpose of this entry is instead to merely inform you that Schiff, who is on the committee that drafted the bill, is working to ensure that the bill does enough to keep the privacy of individuals safe.
The Obama administration, according to The Hill, has “stressed the importance of including strong privacy protections in cybersecurity legislation.” In response to that, and increasing unrest among the public, Schiff will offer an amendment that will: “restrict the government’s ability to collect personally identifiable information, such as names or birthdays. The amendment would also narrow the purposes for which the government could use the information.” That answers the two biggest concerns that privacy advocates have put forward, that the bill is too intrusive, and too loosely worded.
Until we get a chance to look at the text of the amendment, it’s impossible to say if it is enough to make the bill palatable, but this is certainly a move in the right direction.
Update: Schiff’s office just sent TNW a press release on the amendment. From it [Bold: TNW]:
“It is important to move forward with a cyber security bill to address information sharing, but we must make sure that it includes strong protections for the civil liberties and privacy of Americans [...] Along these lines, I am preparing an amendment which will address many of the concerns raised over the past month. I believe that my amendment would narrowly tailor the bill to its purpose of protecting us from attacks on our cyber infrastructure and protecting trade secrets while protecting the privacy and civil liberties of ordinary Americans.”
That sounds like it has the right spirit to it. The release goes on to detail exactly what the amendment will do:
Adopt privacy language requiring the development of policies and procedures to minimize the impact of information sharing on privacy and civil liberties, including by minimizing the collection of publicly identifiable information as included in Senator Feinstein’s draft. The procedures would have to be reviewed and approved by the U.S. Attorney General within one year of their development;
Narrow the purposes for which a Federal agency may use cybersecurity information obtained under the Act. Allow for the use of cyber security information if the information discloses a specific threat to national security or is considered foreign intelligence information; and
Use Lieberman/Collins/Feinstein definitions for Cybersecurity Threat, Cybersecurity Threat Information, and Cybersecurity Threat Intelligence, while also adopting a number of other definitions that are necessary to define those terms.
How extensive the ‘minimizing’ will be is hard to tell until we read the amendment itself. Still, this is a big improvement.