No cyber news is usually good news, but today is an exception. Senators have unveiled significant privacy amendments that will be incorporated into S. 2105, the Cybersecurity Act. Authored by Sens. Lieberman, Feinstein, Rockefeller and Collins, the bill provides comprehensive cybersecurity reform, including a new ‘information sharing’ program that permits companies to share internet info with each other and the government.
We’ve told you about the risks of information sharing in the past (hello, CISPA), and in fact have raised our concerns with this legislation in particular. But thanks in large part to ACLU members and activists who have logged tens of thousands contacts with Congress, we’ve made progress. Sens. Franken and Durbin and other privacy advocates have negotiated substantial changes that will:
• Ensure that companies who share cybersecurity information with the government give it directly to civilian agencies, and not to military agencies like the National Security Agency. The single most important limitation on domestic cybersecurity programs is that they are civilian-run and do not turn the military loose on Americans and the internet.
• Ensure that information shared under the program be “reasonably necessary” to describe a cybersecurity threat.
• Restrict the government’s use of information it receives under the cyber info sharing authority so that it can be used only for actual cybersecurity purposes and to prosecute cyber crimes, protect people from imminent threat of death or physical harm, or protect children from serious threats.
• Require annual reports from the Justice Department, Homeland Security, Defense and Intelligence Community Inspectors General that describe what information is received, who gets it, and what is done with it.
• Allow individuals to sue the government if it intentionally or willfully violates the law.
Of course, there are a couple hundred pages to this bill, and it is possible that it will change further once it hits the Senate floor. Debate is scheduled to begin next week . What’s clear is that the cyber train is leaving the station and we are happy to help break the news that it looks like the Senate is moving to pass something much better than CISPA from a privacy standpoint.
Not all of the problems with the Cybersecurity Act are solved yet, and you better believe that amendments to strip the privacy protections are in the mix. Before next week’s debate, we’ll post more in-depth information on the changes to the bill and amendments that may pop up. We will be carefully watching how this unfolds on the floor and will be calling on you to fight anti-privacy amendments and support ones that we expect will further limit the government’s authority.