In what’s being called “Cyber Week” by some, Congress is focusing its attention on the highly complex problem of cyber security this week. Lawmakers are considering numerous measures to combat cyber terrorism and cyber theft.
The bill getting the most attention is the Cyber Intelligence Sharing and Protection Act (CISPA). It would make it easier for the federal government to gather information about citizens’ Internet activities from web-based companies that retain such data. CISPA would allow, for example, Facebook and Google to reveal what their users are up to, if the government asks for it. In exchange, the government would be allowed to tell these companies about cyber threats that would be classified information to everyone else.
CISPA loosens the burdens on both ends of the equation: It would negate the government’s need to obtain a search warrant or have probable cause before inquiring about a person’s Internet activity, and it would give companies immunity from privacy lawsuits brought by their users.
Because of its promise to stem the tide of cyber attacks, the proposal has bi-partisan support, and is generally viewed favorably by big technology and the broader business community.
But powerful forces are also emerging in opposition, concerned about the erosion of civil liberties and individual privacy. Among them are the ACLU and consumer rights groups.
Republican presidential candidate Ron Paul has jumped into the fray, issuing a statement deriding CISPA as tool to spy on US citizens: “CISPA is essentially an Internet monitoring bill that permits both the federal government and private companies to view your private online communications with no judicial oversight…”
Paul asserts that under CISPA, the government could easily glean private, personal information from emails and other online activity. “Imagine having government-approved employees embedded at Facebook,” he predicts, “complete with federal security clearances, serving as conduits for secret information about their American customers.”
But at least one national security expert says that CISPA doesn’t go far enough to protect the US from cyber attacks. In a recent article in Bloomberg Businessweek, former U.S. national intelligence director Mike McConnell argued in favor of robust governmental powers: “In looking at corporate America, we haven’t been able to find a single corporation that cannot be penetrated to the point of capturing the most essential information.”
Other bills under consideration on Capitol Hill would impact several areas of cyber law, according to Forbes. One proposal would create a federal standard for how companies notify customers when their data has been lost or stolen. Currently, regulations vary from state to state. The SAFE Data Act, another plan, would force businesses to tighten security around their customers’ sensitive data.