Link

US cybersecurity efforts trigger privacy concerns

(AP) “The federal government’s plan to expand computer security protections into critical parts of private industry is raising concerns that the move will threaten Americans’ civil liberties. In a report for release Friday, The Constitution Project warns that as the Obama administration partners more with the energy, financial, communications and health care industries to monitor and protect networks, sensitive personal information of people who work for or communicate with those companies could be improperly or inadvertently disclosed.”

Full Story | Full Report (PDF) | Constitution Project’s Release

Key recommendations from the release:

  • Any data shared between the government and the private sector should have “sensitive personally identifiable information (PII) from Americans removed and sanitized.”
  • Any cybersecurity legislation, regulation, or agency directive regarding information sharing should require (1) strict time limits for data retention, (2) data anonymization whenever possible, and (3) policies to decrease the risk of inadvertent or improper disclosure of PII.
  • Congress should require that content obtained by the federal government through the cybersecurity program only be used as necessary to prevent cyber-attacks and protect networks. Content should not be shared with law enforcement or relied upon as evidence of a non-cybercrime, unless the content was a necessary component of data flagged as a possible cybersecurity threat.
  • Independent oversight of the U.S. cybersecurity program should be established to ensure that Americans’ privacy rights and civil liberties are protected. In particular, the Privacy and Civil Liberties Oversight Board should be fully established.
  • Congress should require periodic mandatory audits by the Inspectors General of all agencies involved in maintaining cybersecurity in the United States. These reports should include a discussion of the types and amount of information being shared with the federal government and how the information is used.