April 10, 2012
From ABC News published April 10, 2012;
Cybersecurity: Protecting Against Internet Attacks Threatens Civil Liberties
Congress is set to act on cybersecurity legislation that has been making its way through committees in both chambers for several years. The House is set to vote on these bills during the week of April 23, dubbed “Cybersecurity Week.” The Senate will take action soon after.
. . .The House is expected to kick off Cybersecurity week by taking up HR 3523, a bill sponsored by Reps. Mike Rogers (R-Mich.) and C.A. Dutch Ruppersberger (D-Md.).
. . .The House Intelligence Committee approved the bill in a secret session held one day after the bill was introduced and without a single public hearing on the legislation
. . .For civil libertarians, the most important part of all the cyber bills is buried in the language describing “enhanced information sharing” of cybersecurity threats between private companies and the government. To date, shortcomings in current law and excessive government secrecy have stymied appropriate sharing of carefully defined threat information among industry players and between industry and the government. But in the Rogers bill, information sharing provisions allow for “too much information” sharing, threatening to transform needed reform into a shadow surveillance network.
Here’s how. The Rogers bill creates a sweeping “cybersecurity exception” to every single federal and state law, including key privacy laws—the Electronic Communications Privacy Act, the Wiretap Act, the Privacy Act—allowing private companies holding our private communications to share them with each, with the National Security Agency (NSA), and with other intelligence and defense agencies, and all other agencies of the federal government.
. . .Rogers makes no effort to list the specific categories of cyber threat indicators that may be shared, instead offering a very broad, almost unlimited definition of the information that can be shared with government agencies. It allows companies to share any information “pertaining to the protection of” a system or network. Since any digital communication may contain an attack and since ISPs and other communications providers routinely scan all their traffic to protect their networks, this appears to allow all of that traffic to be shared with the government.