CDT: Cybersecurity bills raise major civil liberties concerns

Four bills before Congress would allow private companies to share cyberthreat information

A group of cybersecurity bills that the U.S. Congress may soon vote on contain serious privacy and civil liberties flaws, with some of the bills allowing private companies to share a wide range of their customers' online communications with government agencies, the Center for Democracy and Technology said.

The U.S. House of Representatives could vote later this month on two bills focused on encouraging private companies and the government to share cyberthreat information with each other, even though there are major civil liberties concerns with one of the bills and some outstanding questions about the second, CDT officials said during a press briefing Wednesday.

The Senate may vote on information-sharing legislation in May, CDT officials said. CDT raised concerns about four information-sharing bills, all of which would provide legal protections for private companies that share cyberthreat information with government agencies.

"[If] you look at most of these bills closely, you'll see that there are extraordinarily complex civil liberties problems in virtually every one of these bills," said Leslie Harris, CDT's president and CEO.

The Electronic Frontier Foundation has similar criticisms of the cybersecurity bills. Most of the information-sharing bills before Congress don't clearly define what a cybersecurity threat is, thus allowing broad information sharing between private companies and the government for ill-defined purposes, the EFF said.

The first House bill, the Cyber Intelligence Sharing and Protection Act, allows private companies to share broad information about cyberthreats with government agencies, with no requirement to strip out personal information, said Greg Nojeim, CDT's senior counsel. The bill, sponsored by Representative Mike Rogers, a Michigan Republican, would allow U.S. agencies to use the information shared by private companies for other national security and law enforcement purposes, in addition to cybersecurity, he said.

The Rogers bill may also allow private companies to take broad countermeasures against attacks, potentially including counterattacks, Nojeim said. The information-sharing bills "trump all privacy laws" in their permission for companies to share information with government agencies, he said.

The Rogers bill contains no privacy oversight, the EFF said. "The Rogers bill gives companies a free pass to monitor and collect communications and share that data with the government and other companies, so long as they do so for 'cybersecurity purposes,'" the EFF said in a blog post. "Just invoking 'cybersecurity threats' is enough to grant companies immunity from nearly all civil and criminal liability, effectively creating an exemption from all existing law."

The Rogers bill has broad support in the House, however, with 106 co-sponsors. Several companies, including AT&T, Microsoft, Facebook, Intel and IBM, have also voiced support. The bill "provides a solid framework and useful legal protections to permit the timely flow of actionable threat information in order for organizations to better protect themselves and customers," Christopher Padilla, IBM's vice president of governmental programs, wrote in a November letter to Rogers.

CDT officials raised similar concerns about the Secure IT Act, a bill sponsored by eight Republican senators, including Senator John McCain of Arizona. The McCain bill requires some federal IT contractors to share broad cybersecurity information with the government, CDT said.

Representatives of Rogers and McCain did not immediately return messages seeking comment on CDT's concerns.

With bipartisan support for cybersecurity legislation, there's a growing pressure in Congress to move forward with a handful of bills, CDT's Harris said. Leaders in the House have designated the week of April 23 as cybersecurity week, with votes on the Rogers bill and the Precise Act, another information-sharing bill with fewer civil liberties concerns, she said.

CDT also raised some concerns about the Precise Act, an information-sharing bill sponsored by Representative Dan Lungren, a California Republican, and the Cybersecurity Act, sponsored by Senator Joe Lieberman, a Connecticut Independent.

The Lungren bill more narrowly defines what information can be shared between private companies and the government than the Rogers bill, CDT said. But the bill raises concerns because it allows Internet service providers to monitor their subscribers' communications, and it may allow companies to deploy broad countermeasures against cyberattacks, CDT said.

The Lieberman bill also allows ISPs to monitor subscriber communications, and it allows companies to modify or block traffic to protect against "any action" that could compromise their IT systems, CDT said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?