New cybersecurity bill, CISPA gets parts of the internet in an uproar

Like it? Share it!

New cybersecurity bill, CISPA gets parts of the internet in an uproar

The US legislature is dead and determined to push through some sort of major national cybersecurity bill in some measure. SOPA may have been pushed out by torches and pitchforks, and now there’s CISPA, or the Cybersecurity Intelligence Sharing and Protection Act, which creates an official definition for “cybersecurity threat” that would get the federal government involved.

A “discussion draft” was posted to the committee’s website Friday afternoon. It shows amendments already cleared by the committee as well as those still being debated, and some of the language that caught the ire of the technology community has been altered or is now under debate.

One proposed amendment narrows the category of information shared under CISPA from that about “theft or misappropriate of private or government information, intellectual property, or personally identifiable information” to “efforts to gain unauthorized access to a system or network, including efforts to gain such unauthorized access to steal or misappropriate private or government information.”

The mention of “intellectual property” in the first version of the bill is partially why CISPA piqued the early attention of the technology community, which is standing guard for a legislative resurrection of the much-hated Stop Online Piracy Act (SOPA).

However, the new draft didn’t backtrack from a national security clause which civil liberties groups have warned could result in the intelligence community abusing the bill. The new draft of CISPA would restrict the federal government from affirmatively searching any data shared with it by private firms about cybersecurity threats — unless the purpose for the search is for protecting “national security,” a category seen by some observers as overly broad. It also protects shared information from requests made under the Freedom of Information Act (FOIA).

Additionally, a proposed liability clause protects private firms and the government from lawsuits in relation to “willful misconduct” involving cybersecurity data. Anyone trying to sue a firm or agency on those grounds will have to prove an intention to achieve a “wrongful purpose,” that misconduct was carried out without “legal or factual” justification, and that the harm caused by the action was greater than the benefit.

Some passed amendments state that CISPA won’t require private firms to share cybersecurity threat information with the federal government, the government won’t be able to withhold threat data from private firms that haven’t sent any threat data to the government, and the Inspector General of the intelligence community will be required to submit an annual report to Congress detailing the bill’s impact on civil liberties.

The new draft reflects some of the key points stressed by CISPA’s authors during a conference call with technology journalists and bloggers held earlier this week — namely, that the bill’s intention is to make it easier for companies and the government to share knowledge of cybersecurity threats on a two-way basis and that the authors were listening to opponents of the bill.

Facebook, an advocate of CISPA, released a statement Friday afternoon explaining that the company backs the bill because it allows it to receive information about cyber threats. Kaplan said the company would not use CISPA to share private information about its users to the government.

So my question is… having some sort of cybersecurity plan is going to be essential, but at one point do we let the government reign in the reins of the wild west of the internet to protect the national network infrastructure?

Via