Reports of significant data breaches make headlines ever more frequently, but lost in the cloak and dagger stories of cyberespionage is the impact proposed cybersecurity programs can have on privacy. The same Internet that terrorists, spies and criminals exploit for nefarious purposes is the same Internet we all use daily for intensely private but totally innocuous purposes.
Unfortunately, in their pursuit to protect America’s critical infrastructure and trade secrets, some lawmakers are pushing a dangerous bill that would threaten Americans’ privacy while immunizing companies from any liability should that cyberinformation-sharing cause harm.
This week, the House Intelligence Committee will mark up the Cyber Intelligence Sharing and Protection Act, a bill that creates an exception to all privacy laws on the books so that companies holding our private and sensitive information can share it with each other and the government for cybersecurity purposes. This could include the content of chats and emails and people’s online browsing histories. There is no requirement that companies even attempt to remove personally identifiable information before sharing cyberthreat data nor any requirement that the government minimize and protect that data when it is collected. CISPA grants companies liability protection not only for sharing the information but also for using it however they see fit, including aggressive countermeasures, like hacking into an adversary’s computer. It’s an unmitigated and unaccountable mess for Internet users’ private data.
Finish reading “The Privacy Risks of CISPA” at POLITICO.