From PC World, here is a helpful Reader’s Digesty look at the Cyber Information and Security Protection Act that passed the U.S. House last week and that has some privacy experts a bit steamed.
The White House in a statement is on the record saying, “Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens,” and has threatened a veto of CISPA-like bill if it’s the same as currently written.
Next up: The Senate, which has its own versions of cybersecurity bills.
RELATED: Detailed FAQ on CISPA from CNET (someone call the acronym police).
RELATED (sort of): A quiz on how much you know about cybersecurity.
Cybersecurity bills duel over rules for firms; ‘burgeoning anti-government fever’ afoot?
OTB is generally not a fan or sharing turn-of-the-screw updates on federal legislation (usually, by time time somebody reads it, the screw has already been turned again), but this WSJ piece on the status of dueling cybersecurity bills in Congress does a good job of parsing out the differences and implications. Including a handy dandy graphic (below).
And be sure to watch the 60 Minutes piece on cybersecurity in the post right below this one.
This 60 Minutes piece on the Stuxnet computer virus is well worth a watch if you’re interested in cybersecurity and the implications on warfare, national security and covert activities.
POGO and partners say cybersecurity bill is flawed
The Cybersecurity Act of 2012, being rushed through Congress (some say to avoid another SOPA/PIPA social media uprising), includes “unnecessary, overbroad and unwise limitations to access of information, including broad exemptions to the Freedom of Information Act (FOIA)” and “jeopardize the rights of whistleblowers.”
Project on Government Oversight, American Society of News Editors and others have protested in a letter to Senate leadership.
US cybersecurity efforts trigger privacy concerns
(AP) “The federal government’s plan to expand computer security protections into critical parts of private industry is raising concerns that the move will threaten Americans’ civil liberties. In a report for release Friday, The Constitution Project warns that as the Obama administration partners more with the energy, financial, communications and health care industries to monitor and protect networks, sensitive personal information of people who work for or communicate with those companies could be improperly or inadvertently disclosed.”
Full Story | Full Report (PDF) | Constitution Project’s Release
Key recommendations from the release:
- Any data shared between the government and the private sector should have “sensitive personally identifiable information (PII) from Americans removed and sanitized.”
- Any cybersecurity legislation, regulation, or agency directive regarding information sharing should require (1) strict time limits for data retention, (2) data anonymization whenever possible, and (3) policies to decrease the risk of inadvertent or improper disclosure of PII.
- Congress should require that content obtained by the federal government through the cybersecurity program only be used as necessary to prevent cyber-attacks and protect networks. Content should not be shared with law enforcement or relied upon as evidence of a non-cybercrime, unless the content was a necessary component of data flagged as a possible cybersecurity threat.
- Independent oversight of the U.S. cybersecurity program should be established to ensure that Americans’ privacy rights and civil liberties are protected. In particular, the Privacy and Civil Liberties Oversight Board should be fully established.
- Congress should require periodic mandatory audits by the Inspectors General of all agencies involved in maintaining cybersecurity in the United States. These reports should include a discussion of the types and amount of information being shared with the federal government and how the information is used.