Thursday , July 10, 2014 - 9:17 AM
The Senate Intelligence Committee last week approved the Cybersecurity Information Sharing Act of 2014, a bill intended to help companies and the government combat cyber attacks. But privacy advocates — and some legislators — say CISA fails to protect the private data of individuals.
The bipartisan bill was co-authored by Senate Intelligence Committee chair Dianne Feinstein, D-Calif., and vice chair Saxby Chambliss, R-Ga., and passed the committee in a 12-3 vote.
"To strengthen our networks, the government and private sector need to share information about attacks they are facing and how best to defend against them," Feinstein said in a prepared statement. "This bill provides for that sharing through a purely voluntary process and with significant measures to protect private information."
The bill breaks new ground in two important ways. First, CISA protects companies that share security-related data with one another and with the government from being sued. Second, it calls for real-time sharing between government agencies and companies in an effort to eliminate the foot dragging we've seen in the past.
Does the bill adequately protect an individual's privacy? Some say no.
Sens. Ron Wyden, D-Ore., and Mark Udall, D-Colo., who voted against the bill explained in a statement, "... we have seen how the federal government has exploited loopholes to collect Americans’ private information in the name of security."
And privacy advocates, including the American Civil Liberties Union, the Center for Democracy and Technology, the Competitive Enterprise Institute and the Electronic Frontier Foundation, voiced their concerns in a letter to the bill's co-authors. "Instead of reining in NSA surveillance, the bill would facilitate a vast flow of private communications data to the NSA," the letter said. They referred to the bill as a "militarization of civilian cybersecurity" and was signed by more than a dozen other advocacy groups.
It's a tricky issue. More protection usually comes at the sacrifice of privacy and vice versa. And just the right balance between the two swings like a pendulum. After the terrorist attacks of September 2001, the public was more concerned about security than privacy and the USA Patriot Act was passed. Today, as the Edward Snowden documents continue to leak about improper NSA surveillance and the fear of a terrorist attack in the U.S. wanes, the public places more weight on the right to privacy than on protection.
However, CISA is not without protection for individuals. The bill defines "electronic format" as information shared through electronic mail, an interactive form on an Internet website or a real-time, automated process between information systems; it does not include voice or video communication.
Further, the bill requires companies to anonymize data before sharing it with other companies or with a government agency. The directive applies to information associated with U.S. people and unrelated to a cybersecurity threat.
CISA has not yet been scheduled to come before the full Senate for a vote. A similar piece of legislation was voted down in Congress last year due to a perceived lack of privacy protections.
Along with the CISA committee vote, new information from several channels surfaced about how the NSA targets individuals for surveillance.
What can make you an NSA target?
If you use an alternative browser that anonymizes your web visits, you may become a target. A report from OneDefense.com, revealed that visiting the TOR website from outside the U.S., where you can download the TOR browser, will automatically trigger an NSA look. The NSA uses a program called XKeyscore to identify such Internet users. Further, the program will flag you, regardless of your location, if you visit the Linux Journal, a forum dedicated to the open source operating system, the report said.
The Washington Post discovered activities that also might get you flagged by the NSA. Among them were writing emails in a foreign language, being listed on a buddy chat list of someone outside the U.S. and using a proxy website to watch the World Cup, so that it appears as if your computer is operating outside the U.S., the only way for American non-cable subscribers to watch the later games in the tournament.
Leslie Meredith has been writing about and reviewing personal technology for the past six years. She has designed and manages several international websites. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at email@example.com.
Sign up for e-mail news updates.