This article was published on May 15, 2012

Leading Senate cyber-security bill attacked by privacy groups, calling the CISPA alternative into doubt


Leading Senate cyber-security bill attacked by privacy groups, calling the CISPA alternative into doubt

You likely haven’t heard much about CISPA lately, as the bill is past the House, and we are now waiting on the Senate to make the next move. Essentially, one of the competing cyber-security bills that is currently bouncing about the Senate needs to pass, before reconciliation can occur, and something can be sent for the President’s signature.

While the White House has stated several times that it would veto CISPA, the current administration has anointed one of the Senate bills as passable. It’s called the Lieberman-Collins bill, or the SECURE IT Act of 2012.

However, despite being heralded by some as an improvement over CISPA, a bill that attracted waves of protest, given what many, TNW included, viewed as excessively broad language in its writing, issues remain. That looseness, and the possibility of private information being handed to National Security Agency are thorny sticking points. If that sounds a touch Orwellian, well, it’s because the creation of a conduit of private citizens’ information to a government agency designed to know more than you would wish, is.

To the news: A letter, signed by a great number of what The Hill calls “civil-liberties groups,” has been released to all US Senators, outlining their disagreement with the SECURE IT Act. We quote (condensed, edited):

We understand that cybersecurity legislation will be on the Senate floor soon and that some may consider S. 2151 as a viable alternative to the Cybersecurity Act, S. 2105. In our view, SECURE IT is no such thing in its current form.

SECURE IT undermines privacy and cybersecurity by authorizing companies to “use cybersecurity systems” to monitor their clients’ and customers’ Internet usage for broadly-defined “cyber threat information,” by authorizing ill-defined “countermeasures” against completely undefined “cybersecurity threats,” and by immunizing companies against liability for monitoring activities and countermeasures that violate their own contractual obligations.

SECURE IT, unlike the Cybersecurity Act (S. 2105), lacks a requirement that companies make reasonable efforts to remove personally identifiable information unrelated to a cybersecurity threat before they share information for cybersecurity purposes.

It goes on, and on, in the best possible sense. I encourage you to read the full text, which you can find here.

Here’s the rough gist: the people who generally are on the right side of the privacy discussion are throwing up as many red flags as they can about this act. That’s an important piece of information. Essentially, it states that there is yet no cyber-security bill that is acceptable from a privacy standpoint, and that the leading candidate for passage is inherently flawed, as it doesn’t protect the privacy of individuals.

Not the best news, to be sure. For more, as always, the archives are your best friend.

Get the TNW newsletter

Get the most important tech news in your inbox each week.