Cybersecurity Information Sharing Act – Step One
A new bill was passed in the House today that is designed to prevent hackers from getting a hold of personal or government information stored online. It's called the Cybersecurity Information Sharing Act, or CISPA. While CISPA isn't causing as big of an uproar as SOPA did, it still has a lot of people worried
- The bill would allow the voluntary sharing of attack and threat information between the U.S. government and security cleared technology and manufacturing companies in an attempt to ensure the security of networks against patterns of attack
- Some are afraid CISPA's definition of "cybersecurity" is too vague and may give the government access to personal information it doesn't need to combat hackers and cyber threats. Companies can look at digital information that's either stored or in transit as long as they do so for cybersecurity purposes. This information can then be shared with the government.
- On Thursday the House passed a version that, while still fundamentally flawed, contained meaningful privacy improvements.
- The Obama administration and both houses of Congress want cybersecurity legislation that includes enhanced cybersecurity information sharing.
According to the trade press, President Obama will probably veto if more privacy protection is not provided. Obviously, cyber threats are a significant issue. Experton Group wonders why some scheme could be worked out to mask certain types of personal information, like social security numbers, so that the information could not be linked back to any specific individual.
While this type of approach would delay the passage of the bill, it would be worth the wait. Sufficient statistical and data analysis could be conducted without linking the individual to their data. If this prevents certain types of in-depth analysis, so be it.