Rights Groups Say Cybersecurity Act Threatens Privacy

May 13, 2012 Updated: May 14, 2012

A joint letter from more than 30 organizations is calling on the Senate to revise parts of the Cyber Security Act of 2012 that could undermine digital privacy. The act, which is receiving bipartisan support and is hitting the Senate floor this week, intends to secure both public and private networks.

The problem with any legislation regarding Internet security is that cybersecurity is on the same sliding bar as digital privacy—it rarely moves toward higher security without pulling away from privacy.

The act is the latest attempt to pass legislation that could guard business and public computer networks from the growing threat of cyber-attacks and cyber-espionage. It follows on the heels of the Protecting Cyberspace as a National Asset Act of 2010, which was thrown out mainly over a provision that would allow the president to shut off the Internet in a national emergency.

Similarly, there is outspoken criticism over its potential impact. “In particular, we are concerned that the information-sharing provisions in Title VII allow companies, ‘notwithstanding any law,’ to share sensitive Internet and other information with the government without sufficient privacy safeguards, oversight or accountability,” states the open letter from advocacy groups such as Reporters Without Borders, the Electronic Frontier Foundation, and the American Civil Liberties Union.

They base this statement on several points. Fundamentally, what the Cyber Security Act of 2012 does is open a direct channel that lets companies send private information on their customers to government agencies. This means systems used by certain companies that collect data on users—or violate privacy—will also be available to the government.

The letter does not call for the whole bill to be thrown out, but does call on senators to oppose the bill until several amendments are revised.

According to the letter, the bill “creates an exemption from all existing privacy laws to allow companies to share communications and records with the government, even if those personal records are not necessary to describe a cybersecurity threat.”

In doing this, it will direct the Department of Homeland Security to designate other agencies to receive this information. The letter notes “the bill would still allow the NSA and other defense agencies to be designated as exchanges, thereby permitting companies to share private information directly with the military.” This information could then be used for criminal investigations outside the scope of cybersecurity.

It adds that the bill “undermines privacy and cybersecurity” by expanding the ability for companies to monitor Internet usage of their clients, while “immunizing companies against liability for monitoring activities that violate their own contractual obligations.”

The latest act was introduced on Feb. 14 by Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (I-Conn.), Commerce Committee Chairman Jay Rockefeller (D-W.Va.), and Select Intelligence Committee Chairman Dianne Feinstein (D-Calif.).

After it was introduced, seven Republican ranking members requested Senate leadership hold hearings on the bill. They said the bill, “as drafted, does not satisfy our substantive concerns, nor does it satisfy our process concerns … This is not the kind of legislation that can result in a carefully balanced solution unless the full process is afforded.”

Supporters see it differently, however. “This bill would begin to arm us for battle in a war against the cyber mayhem that is being waged against us by our nation’s enemies, organized criminal gangs, and terrorists who would use the Internet against us as surely as they turned airliners into guided missiles,” Lieberman said in a statement when the bill was introduced.

Its purpose is outlined in its summary. It notes that as the companies became more reliant on the Web, and as critical services integrate themselves into the Internet, these services have become increasingly vulnerable to cyber threats.

“The destruction or exploitation of critical infrastructure through a cyber attack, whether a nuclear power plant, a region’s water supply, or a major financial market, could devastate the American economy, our national security, and our way of life,” it states.

The Epoch Times publishes in 35 countries and in 19 languages. Subscribe to our e-newsletter.


Follow Joshua on Twitter: @JoshJPhilipp