#navbar { visibility: hidden; /*display: none !important; */ height: 1px; } #navbar-iframe { visibility: hidden; /*display: none !important; */ height: 1px; } New tech and everything New tech and Everything...!: CISPA: Progress, But Flaws Remain .comment-body-author { background: #E6E6E6; /* Background color*/ color: #000; /* Text color*/ border-top: 1px dotted #223344;border-bottom: 1px dotted #223344;border-left: 1px dotted #223344;border-right: 1px dotted #223344; margin:0; padding:0 0 0 20px; /* Posotion*/ }

Labels

Wednesday, April 25, 2012

CISPA: Progress, But Flaws Remain


CISPA: Progress, But Flaws Remain

In response to concerns that CDT and others raised, the House Intelligence Committee has agreed to support several important privacy improvements to the Cyber Intelligence Sharing and Protection Act (CISPA). Other issues we raised—the flow of Internet data directly to the National Security Agency (NSA) and the use of information for purposes unrelated to cybersecurity—are not addressed by the amendments the Committee is supporting.   We support amendments to address these unresolved concerns.  

Improvements Supported by the Committee

1. On the question of intellectual property and whether CISPA is some kind of backdoor SOPA, the Committee made changes in its April 16, 2012 discussion draft that we think should put that issue to rest.

2. On the definition of the information that ISPs and others can share with the federal government ("cyber threat information"), the Committee has agreed to support a proposed amendment making improvements.  In particular, the proposed amendment deletes language that encompassed "information pertaining to the protection of a system or network."  The new definition is limited to "information directly pertaining to" a vulnerability, a threat, an effort to degrade, disrupt or destroy a system or network, or an effort to gain unauthorized access to a system or network.  This is an important change.  We believe it would preclude interpretation of the bill to permit the sharing of entire communications streams with the government.

3. Another concern we raised with respect to the definition of the information that could be shared was whether the reference to "efforts to gain unauthorized access" in the bill's definition of "cyber threat information" could include conduct such as using a social networking site in violations of its terms of service.  The Committee has agreed to support an amendment to make it clear that cybersecurity threats do not include actions solely involving violations of consumer terms of service or licensing agreements.

4. Another improvement the Committee previously made may bring some valuable oversight to the implementation of the bill - the bill includes a provision requiring the Inspector General for the Intelligence Community to conduct an annual review of, and file an unclassified report on, the use of cyber threat information for non-cybersecurity purposes, on other actions taken on the basis of shared information, and on the privacy and civil liberties impact of the information sharing authorized under the bill.


Share/Bookmark
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)