3 Cyber Bills Up Info Sharing, Reduce Liability -- and Privacy?
We talk a lot about cybersecurity here, and not just because the Internet is a scary place full of crazed Russian hackers ready to steal your every cached file. It's because of that, but it's also because we're lawyers, and we're trained to look at potential risks.
Some of those risks may get a bit smaller should Congress pass any of the three cybersecurity bills coming down the pipeline. The bills seek to increase information sharing between the private sector and government and protect companies from liability when sharing information. Privacy advocates and the White House have expressed concerns that the bills could lead to greater gathering of person information by the NSA, however.
The three bills are the National Cybersecurity Protection Advancement Act (NCPAA), the Protecting Cyber Networks Act (PCNA) and the Cybersecurity Information Sharing Act (CISA), a Senate bill which has been floating around for awhile now.
Central to each bill is the information sharing between government and the private sector. Companies would be authorized to collect information and convey it to the federal government. Where would it go? Under the NCPAA and CISA, to the Department of Homeland Security. The PCNA leaves the destination undetermined. However, once the information has arrived, it could be spread around widely and used for purposes other than cybersecurity
One of the main differences between the laws is the liability protection they provide. The NCPAA would shield companies from any civil or criminal action related to cybersecurity information sharing, except in cases of willful misconduct or gross negligence. The PCNA only protects against liability for information sharing that was done "in good faith." All allow suits against the government for misuse of information.
Here's where the real controversy comes in. The bills have been criticized as more like cybersurveillance measures, not cybersecurity acts, by the Electronic Frontier Foundation and the ACLU. The White House has threatened to veto various versions of the bills over privacy concerns.
What's the fuss? The bills all require that "reasonable" measures to taken to protect against sharing personal information, but many privacy advocates don't put much faith in those assurances. They worry that the acts will increase the NSA's access to personal information and establish more loopholes for government spying on citizens. The laws provide blanket authorization for companies to monitor their users activities and share that information.
Privacy advocates have been making an impact, too. The ACLU has said that revised versions of the bills have improved protections, lessening their objects. The youngest of the bills, the NCPAA, entered mark-up this week, meaning that further protections could be added.
- House Approves Controversial Cybersecurity Bill (The Washington Post)
- FBI: Actually, Don't Encrypt Your Phone After All (FindLaw's Technologist)
- The Winners and Losers of EFF's 'Who Has Your Back?' Privacy Report (FindLaw's Technologist)
- Does Your Firm Need Cyber Insurance? (FindLaw's Strategist)
You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.