New Cybersecurity Bill May Actually Take Privacy Concerns Seriously

from the it's-a-start dept

After all the concerns raised about CISPA and other cybersecurity legislation, Senators Lieberman and Collins introduced a heavily revised version of their cybersecurity bill. The entire thing is an insane 211 pages, but as a first pass, the ACLU (who has been highly critical of nearly all previous proposals) sounds cautiously optimistic that the new bill contains important privacy protections. From the ACLU's initial analysis, this version of the bill will:
  • Ensure that companies who share cybersecurity information with the government give it directly to civilian agencies, and not to military agencies like the National Security Agency. The single most important limitation on domestic cybersecurity programs is that they are civilian-run and do not turn the military loose on Americans and the internet.
  • Ensure that information shared under the program be “reasonably necessary” to describe a cybersecurity threat.
  • Restrict the government’s use of information it receives under the cyber info sharing authority so that it can be used only for actual cybersecurity purposes and to prosecute cyber crimes, protect people from imminent threat of death or physical harm, or protect children from serious threats.
  • Require annual reports from the Justice Department, Homeland Security, Defense and Intelligence Community Inspectors General that describe what information is received, who gets it, and what is done with it.
  • Allow individuals to sue the government if it intentionally or willfully violates the law.
The ACLU specifically calls out Senators Durbin and Franken for helping to get these changes included in the bill. I agree that all of these are important and useful changes compared to what had been in previous proposals. Focusing on civilian agencies rather than the NSA is a big one, since much of the fight over competing visions of the bill were really a turf war over who got to control the information (and the budget): Homeland Security or the NSA.

The bill also removes some of the regulatory requirements for organizations that run "critical infrastructure," in favor of a more voluntary approach to setting up best practices, which may make the bill more palatable for some.

That said, we're still waiting for an actual justification of cybersecurity bills that doesn't include exaggerations of the threats that are out there, or Hollywood-scripted stories about planes falling from the skies that have little basis in reality. Moreover, though the claim has always been that these bills are important because the government is being legally prevented from sharing and receiving vital information, nobody has actually pointed to the specific legal obstacles that exist -- and the government already has information sharing programs that don't seem to require any new legislation. Also, any bill that's 211-pages long is something to be concerned about, as the number of "hidden" easter eggs could be immense and serious. But, compared to previous cybersecurity bills, this certainly sounds like a big step in the right direction.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, privacy, regulations


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Lamar's Notebook, 19 Jul 2012 @ 5:26pm

    Plan C:

    1)Draft bill the internet will support
    2)Market it with harmony and mutually beneficial goals
    3)"Stand up" to hollywood
    4)Wait for internet campaigns actually supporting you "finally a bill that considers the public, lets tell our reps to support it
    5)Wait
    6)Wait
    7)Rip out everything they like and replace it will stuff Hollywood wrote while we ere out drinking
    8)Pass that bitch the next day
    9)Discuss which movies we want to cameo in while at Disney World sniffing Colombian cook off underage imported whores.

    link to this | view in chronology ]

  • identicon
    Greg Terrence, 19 Jul 2012 @ 5:51pm

    Dick Durbin? Isnt this the same cheeseball trying to pass amnesty for illegal alien kids to get funding for US colleges to attend and replace American citizen children? Come on.. Like Durbin is really looking out for Americans 4th amendment rights with this bill. Definitely dont trust it.

    These snakes need to put in it in writing on these bills that corporations can be sued for giving out our private info when it has nothing to do with terrorism, that there will be no violations of the 4th amendment with American citizens online, freedom of speech will not be surpressed, legal websites will not be blocked. The list goes on. Put it in writing!!

    link to this | view in chronology ]

  • identicon
    Aerilus, 19 Jul 2012 @ 5:56pm

    if my choices are homeland security or the NSA someone is asking the wrong question

    link to this | view in chronology ]

  • identicon
    Chilly8, 19 Jul 2012 @ 7:07pm

    The bill will have to go into Conference Committee, and you never know what they will do there. During the CDA fight, the House passed a somewhat less draconian version of CDA, but the conservatives won out in conference committee where their more draconian version was approved.

    Just with SOPA and PIPA, who knows what would have happened in conference committee. PIPA was not nearly as bad as SOPA, but we might have ended up with a copyright bill far worse than either.

    link to this | view in chronology ]

  • icon
    JackOfShadows (profile), 19 Jul 2012 @ 7:46pm

    I was sort of okay right up too...

    "... or protect children from serious threats." Who defines serious threats? Aren't serious threats to everyone a better standard? This is right along the lines of what CalOSHA tried to pull when I was stationed in San Diego, CA. They came out and told us that one of our pregnant sailors could not work around the radar equipment as the RF (radio-waves) were too high. When I asked why the standard was different for pregnant females than males, they told me it was a regulation. I told them to show me. (I already knew the regulation as I had incorporated it into a radiation hazard software application I wrote). They couldn't.

    I then showed the regulation to my commanding officer and he told them to try again. They finally admitted that their test equipment was out of calibration. (Rather than shut down all San Diego regional air traffic.) After re-calibration, the test results were barely above background, well below limits. BTW, we also checked the RF levels for ourselves and it was fine for everyone.

    I've become awfully tired of victim arguments, especially when I see them manipulated again, and again, and again, against written intent.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Jul 2012 @ 9:13pm

    Restrict the government’s use of information it receives under the cyber info sharing authority so that it can be used only for actual cybersecurity purposes and to prosecute cyber crimes, protect people from imminent threat of death or physical harm, or protect children from serious threats.

    Okay I'm going to be honest here and say that that sounds curiously similar to that other cyber-bill that we all know and love in that as long as the government says it's for cybersecurity or to "protect children", they can take whatever they want.

    link to this | view in chronology ]

  • identicon
    Hope, 3 Mar 2015 @ 11:15am

    Cybersecurity

    What is the costs???
    The Internet has more security-SpamWare but it does not cure DiSTEMper.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.