Cybersecurity plans must respect privacy

John C. Tanner
17 May 2012

Last month the US House of Representatives passed the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA), which is intended to make it easier for intelligence agencies to share information about ongoing cyber-threats and attacks amongst themselves as well as "appropriate private-sector companies" (i.e. telcos, cellcos, ISPs, Google, etc).

The problem, according to critics, is that the information shared is likely to include personal customer data, and the bill is so vaguely worded that it makes it too easy for the government to get around existing privacy protections, to possibly include surveillance laws.

Prominent security researchers and experts who oppose CISPA - including Bruce Schneier, Christopher Soghoian, Dan Gillmor and PCCW Global VP Christopher McDonald - sent an open letter to Congress last month outlining CISPA's various privacy flaws, including "vague language to describe network security attacks, threat indicators and countermeasures, allowing for the possibility that innocuous online activities could be construed as ‘cybersecurity' threats" circumvention of existing privacy laws; immunity from liability for companies that do violate customer privacy; and the ability to use collected data to prosecute unrelated crimes.

And even if people find those flaws acceptable, the letter argues that the bill wouldn't make the internet safer anyway.

However, CISPA has garnered a lot of support from the telecom and IT sector, from companies like IBM, Intel, Microsoft, Oracle and Symantec to wireless industry group CTIA.

In one of many official blog posts supporting CISPA, John Marinho, CTIA's VP for technology and cybersecurity, points to the organization's semi-annual survey (released in April) that recorded a 123% increase in data traffic on US wireless networks. The point: as more and more people and businesses use data on more and more devices, and become more dependent on data, the greater the risk of cyberthreats and the greater the consequences of a successful attack.

Related content

No Comments Yet! Be the first to share what you think!