UPDATED 18:03 EDT / APRIL 20 2012

NEWS

Cybersecurity Bill CISPA With Massive Privacy-Flaws Goes to House Vote Next Friday

The United States needs an intelligent, thoughtful front on policy involving cybersecurity but the Cyber Intelligence Sharing and Protection Act (CISPA or HR 3523) promotes a blunder that would open numerous citizens to untold violations of their privacy—and therefore their security. The bill has been rewritten a few times and the current draft still fails to take into account the necessity of narrowly tailoring information retrieval and sharing to fit investigations and crimes, using instead a veil of “cyber threat” to divide and conquer opposition.

CISPA is going to a vote before the House of Representatives next Friday, but it still suffers from the same issues that had been cited originally in the legislation.

Leigh Breadon from TechDirt outlined some of the more egregious issues that cybersecurity experts have with the bill,

Government networks are protected by a network security system called Einstein, which is being steadily expanded to do things like analyze the content of communications. Such software meets all the criteria of a “cybersecurity system” under CISPA, and there is serious concern that the bill would permit the government to offer Einstein or a similar system to private cybersecurity companies. By CISPA’s definitions, everything collected by such a system would qualify as “cyber threat information” and thus be open game for sharing with the government—and nothing in the bill would prevent these private systems from being connected live to government databases, effectively uniting them with the government’s own security network.

The bill enables corporations and websites to divulge confidential and private information about their customers to the government without warrant or subpoena (and without repercussion) this makes for a gaping hole in potential privacy for those customers and no way for them to see recompense if its violated under the terms of CISPA.

Even the Obama administration has voiced concerns about the nature and progress of this bill and the type of legislation it would represent. The concern from the White House stopped just short of a veto threat and included a statement by National Security Council spokeswoman Caitlin Hayden,

While information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation’s urgent needs.

Not even a month ago the Stop Online Piracy Act (SOPA) fell before a tide of angry Internet-savvy citizens because it could threaten the very websites that they enjoy and use from Google to Facebook; now those same sites are standing behind CISPA, which endangers the individuals themselves. Early on, CISPA caught the attention of anti-SOPA activists due to language that mentioned “intellectual property,” but that has been removed from the bill in an attempt to keep it as far away from SOPA as possible.

However, the “intellectual property” elements of the bill are not the portion that endanger the personal cybersecurity of individuals who use corporate systems, social networking, or take part in the personal cloud—it’s the parts that, as Spokesperson Hayden said, “sacrifice[s] the privacy of our citizens in the name of security.”

Privacy Statements are important to customers because the express in contract and sentiment that a company an individual works with will respect the confidentiality of their activities on their system. After all, privacy settings on Facebook and other places may collapse a person’s reputation or even potentially get them prosecuted. As a result, Privacy Statements are seen as a sort of promise; but CISPA gives corporations a blanket immunity from violating the privacy of its customers.

Fortunately, the bill does not require companies to hand over information to the federal government or other cybersecurity agencies; but the immunity does allow them to do so with no legal repercussions should that information injure their customers.

Numerous privacy watchdog groups decry this portion of the bill as extremely dangerous. Security experts look at this and scratch their heads because sharing information without regard for what the information details or what it might represent doesn’t increase security, it erodes it enormously by opening up further avenues for attackers to gain that information.

We at SiliconANGLE will be keeping our eyes on the progress of CISPA at the vote Friday, even as the Internet rallies to make the House of Representatives reject it for cleaner, smarter cyber security legislation.

Edit: As new information comes along as to the date of the House of Representatives vote on this bill this article was updated with the appropriate day.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU