Article Lead Image

CISPA revised to address “cyber threat” loophole

Critics argue that the amendments fail to address the civil liberties concerns involving government-contracted companies. 

 

Kevin Collier

Tech

Posted on Apr 18, 2012   Updated on Jun 2, 2021, 6:21 pm CDT

It appears that the authors of the Cyber Intelligence Security Protection Act (CISPA) are acknowledging its critics.

Whether those lawmakers actually addressing critics’ concerns is another matter entirely.

CISPA, which is currently being debated and modified before going to the U.S. House of Representatives, has been accused of, in the name of enforcing cyber security, giving the U.S. government an enormous amount of power to legally spy on its citizens.

The problem lies in the bill’s broad definition of “cyber threat.” Basically, under CISPA anyone accused of threatening cyber security can become an open book for the government. Since CISPA is designed to quickly counter online threats, the government wouldn’t need a warrant to look at citizens’ personal information.

Citizens have little say in the matter. As the Electronic Frontier Foundation noted, those who believe their information was improperly handled can do “almost nothing” about it.

CISPA’s critics argue that the act’s broad definition of “cyber threat” constitutes a loophole: The more easily the government could perceive a threat, the more easily it could freely access people’s otherwise private information.

However, the latest proposed revision to CISPA at least somewhat addresses that issue.

In it, a section defining “cyber threat information” has been modified from the generic “theft or misappropriation of private or government information, intellectual property, or personally identifiable information” to “efforts to gain unauthorized access to a system or network, including efforts to…steal or misappropriate private or government information.”

According to the EFF’s Rainey Reitman, however, even if CISPA adopts this change, it doesn’t address fundamental concerns that the government could access data that trusting users give to independent companies.

“The amendments introduced don’t address the civil liberties concerns that have been raised around companies monitoring our communications and handling sensitive user data to the government,” Reitman wrote to the Daily Dot.

“The latest changes only give further liability exemption to companies who monitor private communications,” she added.

Representative Mike Rogers (R-MI), one of CISPA’s original cosponsors, came under fire Tuesday for calling anti-CISPA critics “turbulence on the way down to landing” before releasing the proposed amendments.

“It’s disturbing to see this legislation rapidly undergoing changes and yet those changes aren’t responsive to the grave concerns raised about CISPA’s effect on the privacy of everyday Internet users,” Reitman responded.

Photo by opensourceway

Share this article
*First Published: Apr 18, 2012, 1:49 pm CDT