Noise Filter: Revised US Cybersecurity Act Still Has Problems | Web ...

The revised Cybersecurity Act of 2012 still has opponents concerned about privacy and the role of ISPs

Every now and then, an exciting or controversial issue triggers a flood of online discourse. For our Noise Filter feature, the WHIR pans the raging rivers of opinion for shining nuggets of useful commentary.

A revised version of the bipartisan US Cybersecurity Act of 2012 was introduced on Thursday in an effort to secure enough votes to push the legislation to the floor before the August recess.

The draft intends to smooth over some of the initial provisions, such as mandatory, government-dictated security standards, that concerned privacy advocates when it was released in February 2012.

?While the bill we introduced in February is stronger, this compromise will significantly strengthen the cybersecurity of the nation?s most critical infrastructure and with it our national and economic security,? co-sponsor Joe Lieberman said in a statement.

The Senators were also quick to dispell any connection to SOPA or PIPA, in that the Cybersecurity Act ?does not affect copyrighted information on the internet.? Instead, it deals with the security and systems that control services like power, water and transportation. While it may not be the same as SOPA or PIPA, ISPs would still be impacted by the proposed legislation if it was to pass.

Peter Gothard, at Computing.co.uk, says the changes to the information sharing provisions in the bill, which now state that information shared with the government can only go to civilian agencies and not military ones, is equally as problematic as the military cooperation proposed in February.

?But it?s the mention of ?civilian? ?? ie private ? agencies in the redraft that?s ringing alarm bells. The Bill?s sponsors are inviting private enterprises to help formulate a code of practice in a move that could open the door for companies to use the law to protect their commercial interests to the detriment of individual freedon online?Opponents fear that the successful implementation of both bills would restrict internet freedom. Its proponents however state that convictions of the likes of Gary McKinnon could be carried out far more swiftly and decisively, and that there would be more widespread prosecution for peer-to-peer media downloaders, or even the ISPs that host them.?

Michelle Richardson, Legislative Counsel with the American Civil Liberties Union Washington Legislative Office, does not find the civilian language as troubling in a post on the ACLU blog.

?Sens. Franken and Durbin and other privacy advocates have negotiated substantial changes that will ensure that companies who share cybersecurity information with the government give it directly to civilian agencies, and not to military agencies like the National Security Agency. The single most important limitation on domestic cybersecurity programs is that they are civilian-run and do not turn the military loose on Americans and the internet.?

The Electronic Frontier Foundation says the revised bill is an improvement in terms of government use of information. Data won?t be shared with law enforcement expect in certain circumstances such as when it relates to a cybersecurity crime investigation or an imminent threat of death or serious bodily harm. Data can?t be used as evidence for other crimes like copyright infringement either, it says. It?s not all perfect, though.

?We?re also deeply concerned about the provisions of the proposed legislation around monitoring and countermeasures. Currently, the bill specifically authorizes companies to use cybsersecurity as an excuse for engaging in nearly unlimited monitoring of user data or countermeasures (like blocking or dropping packets). This language is overly broad and could be interpreted by an overzealous ISP as letting them block privacy-protective technologies like Tor.?

The original bill would have assigned the Department of Homeland Security the role of creating mandatory cybersecurity standards, Paul Rosenzweig says in a report on Heritage.org. Rosenzweig helped craft policy and strategy in the Department of Homeland Security, and is now a visiting fellow at Heritage. The revised bill creates a voluntary program where critical infrastructure operators would certify, via a third party, that they meet a set of security standards in exchange for incentives like liability protections.

?There are several problems with this new approach. First, the government should not be in the position of denying its threat information to critical infrastructure owners who choose not to adopt the voluntary standards, likely for justifiable business reasons. If the infrastructure in question is truly ?critical,? it is in America?s collective interest to protect it as much as possible.?

The President himself is behind the cybersecurity legislation. In an op-ed on the Wall Street Journal, Barack Obama says US citizens deserve to know that companies running critical infrastructure meet basic cybersecurity standards. In April, the Obama administration was vocal in its opposition of the Cyber Information Sharing and Protection Act.

?Yet simply sharing more information is not enough. Ultimately, this is about security gaps that have to be filled. To their credit, many of these companies have boosted their cyber defenses. But many others have not, with some lacking even the most basic protection: a good password. That puts public safety and our national security at risk.?

Talk back: What interesting commentary have you read about the revised Cybersecurity Act of 2012? If passed, how would it affect you? Let us know in a comment.

About Nicole Henderson

Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.

No related posts.

Source: http://www.thewhir.com/web-hosting-news/noise-filter-revised-us-cybersecurity-act-still-has-problems

space ball jim mora the weeknd echoes of silence gio gonzalez san francisco fire patti labelle the weeknd