A Major Step Forward in Cyber Legislation

Published On April 27, 2012 | By Randy Sabett | Data Security, General, Privacy

 The Cyber Intelligence Sharing and Protection Act (“CISPA”), H.R. 3523, passed in the House yesterday (April 26) in a 248 – 168 vote, despite opposition from several groups and a veto threat from the White House.  The bill, which has been amended over the past couple of weeks in an attempt to address both security and privacy concerns, would allow private companies and the government to share “cyber threat intelligence” with each other.

In a joint statement, Rep. Rogers and Rep. Ruppersberger emphasized the balanced nature of the bill, stating that CISPA “gives the federal government new authority to share classified cyber threat information with approved American companies and knocks down barriers to cyber threat information sharing.  With strong provisions built in to keep individual Americans’ private information private, the bill allows U.S. businesses to better protect their own networks and their corporate customers from hackers looking to steal intellectual property.”

Critics of the law have raised concerns that the sharing of any cyber threat intelligence with the government will lead to illegal collection and exploitation of personal information by the intelligence community.  Despite amendments to address privacy concerns, privacy advocates still don’t believe the bill offers enough protection.  The White House was critical as well,  stating that “[c]ybersecurity and privacy are not mutually exclusive.”

While the White House position is correct that information sharing “must be conducted in a manner that preserves Americans’ privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace,” an emphasis on privacy at all costs could jeopardize security by stalling the passage of needed cyber legislation.  As Rep. Rogers observed yesterday, “we can’t stand by and do nothing as U.S. companies are hemorrhaging from the cyber looting coming from nation states like China and Russia.”

About The Author

Randy V. Sabett joined ZwillGen as Counsel in 2011. He advises clients on information security, privacy, IT licensing, and intellectual property. Randy has over 20 years of infosec experience, including as an NSA crypto engineer and a CISSP. He works closely with companies in helping them develop strategies to protect and exploit their information and IP based on various evolving business models, including SaaS, mobile applications, cloud, and more traditional client/server architectures. Specific areas on which he focuses include information security, privacy, IT licensing, IP strategy, big data, metrics, active defense, venture capital, legislative matters, government contracting, digital and electronic signatures, federated identity, state and federal information security and privacy laws, identity theft, and data breaches. He also drafts and negotiates a variety of technology transaction agreements.

Comments