The U.S. House Intelligence Committee has released a new draft of the Cybersecurity Intelligence Sharing and Protection Act (CISPA), narrowing the definition of "cybersecurity threat" in response to alarms being sounded throughout the technology community.
A "discussion draft" was posted to the committee's website Friday afternoon. It shows amendments already cleared by the committee as well as those still being debated, and some of the language that caught the ire of the technology community has been altered or is now under debate.
One proposed amendment narrows the category of information shared under CISPA from that about "theft or misappropriate of private or government information, intellectual property, or personally identifiable information" to "efforts to gain unauthorized access to a system or network, including efforts to gain such unauthorized access to steal or misappropriate private or government information."
The mention of "intellectual property" in the first version of the bill is partially why CISPA piqued the early attention of the technology community, which is standing guard for a legislative resurrection of the much-hated Stop Online Piracy Act (SOPA).
However, the new draft didn't backtrack from a national security clause which civil liberties groups have warned could result in the intelligence community abusing the bill. The new draft of CISPA would restrict the federal government from affirmatively searching any data shared with it by private firms about cybersecurity threats — unless the purpose for the search is for protecting "national security," a category seen by some observers as overly broad. It also protects shared information from requests made under the Freedom of Information Act (FOIA).
Additionally, a proposed liability clause protects private firms and the government from lawsuits in relation to "willful misconduct" involving cybersecurity data. Anyone trying to sue a firm or agency on those grounds will have to prove an intention to achieve a "wrongful purpose," that misconduct was carried out without "legal or factual" justification, and that the harm caused by the action was greater than the benefit.
Some passed amendments state that CISPA won't require private firms to share cybersecurity threat information with the federal government, the government won't be able to withhold threat data from private firms that haven't sent any threat data to the government, and the Inspector General of the intelligence community will be required to submit an annual report to Congress detailing the bill's impact on civil liberties.
The new draft reflects some of the key points stressed by CISPA's authors during a conference call with technology journalists and bloggers held earlier this week — namely, that the bill's intention is to make it easier for companies and the government to share knowledge of cybersecurity threats on a two-way basis and that the authors were listening to opponents of the bill.
Facebook, an advocate of CISPA, released a statement Friday afternoon explaining that the company backs the bill because it allows it to receive information about cyber threats. Kaplan said the company would not use CISPA to share private information about its users to the government.
"The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity," wrote Joel Kaplan, vice president of U.S. public policy at Facebook.
"Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place — the additional information it would provide us about specific cyber threats to our systems and users."
Meanwhile, a group of Internet freedom advocacy organizations and technology blogs are planning a "week of action" against what Rebecca Jeschke, Electronic Frontier Foundation's media relations director called "bad cybersecurity legislation" beginning Monday morning.
"We want Congress to reject legislation that uses dangerously vague language to define the breadth of data that can be shared with the government, hands the reins of America's cybersecurity defenses to the National Security Agency," said Jeschke.
CISPA is likely to be opened to a full vote on the House floor later this month.
You can read the discussion draft below — changes highlighted in green have already been adopted, those in yellow are still being debated.
Image courtesy of iStockphoto, franckreporter
No hay comentarios:
Publicar un comentario