Earlier this month, a high-tech trade group representing Google, Yahoo, Oracle, and Cisco came out in support of CISPA, the controversial cybersecurity bill currently being debated in Congress.
This group, called TechNet, says the bill addresses the need for industry and government to be able to share cyberthreats information in real time.
This is a troubling development, because if CISPA becomes law, companies could pass sensitive personal information about you to the U.S. government without any privacy protections.
What’s worse is that even if a company improperly hands over your private data to the government, the government does not have to notify the user, only the company. So you will never know if your private information is improperly turned over to the government.
What is CISPA?
CISPA stands for the Cyber Intelligence Sharing and Protection Act. It allows companies and the government to share information about malicious source code and other online threats with each other in real time, so companies and the government can thwart cyberattacks.
The bill also allows companies to look at your private information and hand this information over to the government or other companies if the company determines it’s related to cybersecurity.
The problem with this is that almost anything can be labeled as cybersecurity and there is no judicial oversight at all.
And once the government has your information, it can do whatever it wants with this information. It can be used for purposes completely unrelated to cybersecurity.
The Bad News
The main problem with CISPA is that it grants immunity to companies who share private user information with the NSA (National Security Agency), a government agency that operates in secret with no public accountability.
Privacy groups argue that the bill should put a civilian agency, such as the Department of Homeland Security, in charge of determining what information should be shared between companies and the government. They would be able to determine what private information the National Security Agency should receive.
If CISPA passes, any company (such as Facebook, Google, or Amazon) could share your private information (such as email, text messages, or private files stored on the cloud) with other companies or the government as long as they determine that is being done for cybersecurity purposes.
Basically, your information goes into a black hole and no one is accountable. Doesn’t this sound like a bad idea?
The Good News
The good news is that the Obama administration has let it be known that the President would veto the current bill.
The White House is concerned that the bill does not require companies to take “reasonable steps” to remove private, personal information when sending this data to the government. The administration has said that citizens have a right to know that corporations will be held accountable if they do not safeguard personally identifiable information. And the administration agrees with privacy groups that a civilian agency like the Department of Homeland Security should provide oversight as to what private information is shared with the government.
What do you think?
Is this bill a necessary step in our current cyber-age? Or does this bill provide the government with too much power and not sufficiently protect our privacy?