House passes cybersecurity bill that threatens privacy without clear security benefits

Share

spy_eagle_feature

The Protect Cyber Networks Act, a bill that would require companies to share threat information with the government, passed the House with a 307-116 vote on Wednesday. It will now head to the Senate, where it’s expected to pass despite widespread criticism of the bill’s ramifications and lack of clear benefits.

The bill was drafted in response to data breaches at Target, Sony Pictures, and countless other companies. Instead of handling any threats themselves, the bill would require companies to band together and work with the government as part of a renewed effort to protect United States companies from cyberattacks.

Yet the bill’s critics fear that it’s merely a guise for the government’s efforts to preserve — and, indeed, expand — its surveillance efforts more than a year after National Security Agency programs were first revealed to the public. As Wired explains in its report on the bill receiving the House’s overwhelming support:

PCNA’s data-sharing privileges let companies give data to government agencies—including the NSA—that might otherwise have violated the Electronic Communications Privacy Act or the Wiretap Act, both of which restrict the sharing of users’ private data with the government. And PCNA doesn’t even restrict the use of that shared information to cybersecurity purposes; its text also allows the information to be used for investigating any potential threat of ‘bodily harm or death,’ opening its application to the surveillance of run-of-the-mill violent crimes like robbery and carjacking.

A collection of 55 civil liberties groups — including Human Rights Watch, the American Civil Liberties Union, the Electronic Frontier Foundation, and others — have also spoken out against the bill’s broad mandate. Yet this criticism didn’t stop the bill from passing; it merely prompted the addition of a seven-year limit.

But concerns about the bill’s ability to expand the federal government’s surveillance capabilities in the wake of international outrage isn’t the only problem here. Another organization, Congressional Research Service, argues that the government is focusing too much on sharing cyberthreat information:

Entities must have the resources and processes in place that are necessary for effective cybersecurity risk management. Sharing may be relatively unimportant for many organizations, especially in comparison with other cybersecurity needs. In addition, most information sharing relates to imminent or near-term threats. It is not directly relevant to broader issues in cybersecurity such as education and training, workforce, acquisition, or cybercrime law, or major long-term challenges such as building security into the design of hardware and software, changing the incentive structure for cybersecurity, developing a broad consensus about cybersecurity needs and requirements, and adapting to the rapid evolution of cyberspace.

All of which means a bill that at least has the potential to expand government surveillance without an apparent effect on cybersecurity has easily passed the House and is probably going to make its way through the Senate without issue. They should’ve just called it the “Spies Be Spyin’ Act” — at least that’d be honest.

[illustration by Brad Jonas]

PandoDaily

Share

Obama Administration Requests $14B for Cybersecurity Infrastructure

Share

shutterstock_228458590

From the credit card hacks of recent years, to the Sony hack that revealed gigabytes of data, it’s clear the country needs to get more serious about online security. To wit, the White House is requesting billions in funding for an updated Comprehensive National Cybersecurity Initiative.

The new CNCI is a 12-point plan that maps out how the administration would like the public and private sectors to combat cyber threats together. Some of the main points touch on securing federal government systems through a new standardized technology, implementing threat detection and prevention infrastructure, and the development of a standardized cyber counter-intelligence plan.

The initiative hopes to achieve these aims by expanding cybersecurity research and development, making sure different intelligence centers can work together, expanding education to get more experts into the field, and clearly defining the role of the federal government in cybersecurity, among other measures.

To further the aims of this initiative, and to protect national cybersecurity, President Obama has requested $ 14 billion from Congress. The budget request also contained plans for a “Civilian Cyber Campus,” to facilitate cooperation between the government and businesses.

According to a summary from the White House:

Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity.

All of this investment does seem very necessary to protect private and public enterprise on the internet. Pew Research data indicates that more than 60 percent of experts believe a massive cyberattack could cripple the nation’s security.

The attack on Sony has also shown that the private sector is particularly vulnerable. Additionally, we’ve seen long running hacks, that have exposed the data of millions of public users because of poor infrastructure. It appears that the funding requests have been well received by congress, so we may see some long overdue robust action on this issue.

Image courtesy of LaMarr McDaniel / Shutterstock.com.

SocialTimes Feed

Share