House Committee Rushing to Approve Dangerous “Information Sharing” Bill
BY KEVIN BANKSTON AND LEE TIEN
NOVEMBER 30, 2011
We’re for better network, computer, and device security. Unfortunately, “cybersecurity” bills often go off track—case in point: the ” Internet kill switch. ” The latest example comes courtesy of the leaders of the House Intelligence Committee. Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) are introducing “The Cyber Intelligence Sharing and Protection Act of 2011″(PDF).
The bill would allow a broad swath of ISPs and other private entities to “use cybersecurity systems” to collect and share masses of user data with the government, other businesses, or “any other entity” so long as it’s for a vaguely-defined “cybersecurity purpose.” It would trump existing privacy statutes that strictly limit the interception and disclosure of your private communications data, as well as any other state or federal law that might get in the way. Indeed, the language may be broad enough to bless the covert use of spyware if done in “good faith” for a “cybersecurity purpose.”
This broad data-sharing between companies wouldn’t be subject to any oversight or transparency measures (users can’t restrict companies’ sharing), while the only oversight for sharing with the federal government, ironically, would be through the Privacy and Civil Liberties Oversight Board—which hasn’t existed since January 2008.
Worse yet, the bill doesn’t limit what the federal government can do with the data or private communications that ISPs and others hand over, except to say that it can’t be used for “regulatory” purposes—apparently it can be used for law enforcement and intelligence targeting purposes.