Last week, we gave you a quick rundown of the new privacy additions to S. 3414, the Cybersecurity Act of 2012. Also known as the Lieberman-Collins bill, this legislation provides comprehensive cybersecurity reform.
We’ve been watching the information sharing title closely and have praised the sponsors and other senators for including more privacy protections in the latest draft. But Sen. Franken isn’t done yet. Yesterday he confirmed that he is filing an amendment for the Senate floor that would further improve the bill.
Section 701 of the bill is the offending section and isn’t even about information sharing per se. It permits companies greater leeway to monitor their networks –and their customers and users– for cybersecurity threats. It also grants them explicit authority to take ‘countermeasures’ to protect their property against cyber threats.
While the sponsors of the bill adopted definitions to help limit the impact of this vague section, it is still not clear exactly how much surveillance companies can conduct on their customers and users and what types of aggressive actions they can take against computers and users they deem related to a cyber threat. Under the current legislation, the companies will get complete liability protection for any snooping or offensive measures, regardless of the outcome or impact.
While the addition of new definitions to this section has greatly improved it over its last iteration, there is still ambiguity about how it will affect users’ privacy and access to the internet. Add that to the fact the Obama administration has never even asked for this authority, and the companies have never even bothered to explain why they would need such powers and the only answer is to cut it all together. Sen. Franken is offering an amendment to do just that, with at least seven or eight cosponsors to be soon announced.
This is going to be the first of several amendments that will fundamentally alter privacy rights in the bill.
More ACLU information is forthcoming.