Lawmakers, business execs defend privacy in CISPA
Critics say the cyberthreat information-sharing bill still has privacy problems
IDG News Service - Privacy and digital rights groups are overstating the privacy concerns in a controversial cyberthreat information bill introduced this week in the U.S. Congress, the bill's sponsors and leaders of some business groups said.
Groups opposed to the Cyber Intelligence Sharing and Protection Act (CISPA), introduced Wednesday, have "unfounded fears" about the privacy implications of the bill, said Representative Mike Rogers, a CISPA sponsor, Michigan Republican and chairman of the House of Representatives Intelligence Committee.
The bill would allow private companies in the U.S. to share cyberthreat information related to national security and cybercrime with each other and with government agencies, and it gives companies that share information in "good faith" immunity from customer lawsuits. CISPA would also allow government agencies to share classified cyberthreat information with businesses.
The bill is needed, Rogers said, because companies fear lawsuits if they share cyberthreat information with each other or the government.
Several privacy and civil liberties groups have objected to the bill, saying it allows privacy companies to share a wide range of personal information with government agencies without adequate oversight. On Thursday, the same day as a House hearing on CISPA, digital rights groups Demand Progress and Fight for the Future said they delivered a petition with 300,000 signatures opposing CISPA to Congress.
"According to the bill, personal information can be shared and obtained as long as the purpose is for 'cybersecurity' purposes, which can include anything like 'safeguarding' networks," Tiffiniy Cheng, co-founder of Fight for the Future, wrote in an email. "You can already choose a list of things that would fit into that [description] that most people would find to be a horrifying reason to obtain their personal info."
But companies would share little, if any, personal information with each other or with government agencies, Paul Smocer, president of the BITS tech policy arm of the Financial Services Roundtable, said during Thursday's hearing. Companies would be sharing information about the type of attacks and the source of attacks, not personal information about customers whose data was compromised, he said.
When cybersecurity vendor Mandiant now shares attack information with its customers, "it's data that is totally anonymous," added Kevin Mandia, CEO of Mandiant.
Smocer called the current privacy provisions in CISPA adequate.
In some cases, however, companies would be sharing the IP addresses of suspected attackers, Smocer said. Witnesses in the hearing didn't talk about the privacy implications of sharing information about suspected attackers.
The Intelligence Committee had no privacy or civil liberties groups testify during the CISPA hearing.
Most members of the committee did not raise privacy concerns, but Representative Adam Schiff, a California Democrat, asked witnesses if they would decline to share cyberthreat information if the bill required them to take reasonable steps to delete personal information. None of the four business witnesses said such a requirement would stop them from sharing information.
- The Pivotal Big Data Suite- Reducing the Risks of Big Data The explosion of big data and the rapid evolution of big data tools and technologies is challenging IT to meet the demands of...
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!