By Jennifer Granick on April 16, 2015 at 9:21 am
Today we sent a letter to lawmakers expressing security experts' opposition to the Cybersecurity Information Sharing Act (CISA) as well as two other pending bills that purport to be about security information sharing, the Protecting Cyber Networks Act (PCNA), and the National Cybersecurity Protection Advancement Act of 2015. These experts agree that the information sharing bills unnecessarily waive privacy rights because they focus on sharing information beyond that needed for cybersecurity. The letter seeks to educate law makers about the kind of information that experts need to secure systems, and that, because it generally does not contain private data, privacy law is not a serious obstacle to sharing. The letter includes an example threat signature to illustrate that point. We can share cybersecurity information without waiving privacy law. Otherwise, what Congress will be doing is weakening privacy law and increasing government surveillance at time when the public agrees that stronger privacy and civil liberties protections are needed.
The letter is attached.
Violet Blue April 16, 2015 at 11:42 pmPermalink
I'm a journalist, cybercrime reporter, public speaker, and author ("The Smart Girl's Guide to Privacy"). I have presented a Google Tech Talk on privacy, and my cybercrime reporting has been referenced in court by the FBI. I urge the opposition of CISA and the two information sharing bills on the table (PCNA, NCPAA), which pose great, irreversible harm to populations who are most at-risk for privacy violations which would reasonably be facilitated by the passing of each of these Acts.
Alex April 16, 2015 at 2:18 pmPermalink
How exactly do any of these bills "waive privacy rights?" The letter doesn't explain and since you don't reference any legislative language that is just an assertion, not a statement of fact. In reality, all of these bills have extensive privacy protections in place and require both private entities and the government to scrub personal information.
Jennifer Granick April 17, 2015 at 9:02 amPermalink
Alex, thanks for your comment. For my read on the bill: https://cyberlaw.stanford.edu/blog/2015/03/which-cyberthreat-information...
For a more detailed analysis: https://cdt.org/insight/analysis-of-feinstein-chambliss-cybersecurity-in...
Matthew Murphy April 16, 2015 at 12:50 pmPermalink
Information sharing bills drafted without meaningful input from the technical community will generally fall in two categories: feeble, or overly broad. Overly-broad bills can do more damage than good.
Didier Vandenbroeck April 16, 2015 at 12:04 pmPermalink
Privacy is an essential component of online activity
Richard Keppler April 16, 2015 at 11:45 amPermalink
Please do not pass this bill.
Add new comment