If the current cybercrime space prompts firms to share citizen data, should companies be held liable in citizen lawsuits?
Many firms, including AT&T, Verizon and Boeing, do not think so. This is the issue that is coming before the House Intelligence Committee this week, and the governmental body may pass a bill which would provide large companies lawsuit immunity in the case of data exchange and unhappy, privacy-conscious Americans.
Citing anonymous sources, Bloomberg reports that the bill, the Cyber Intelligence Sharing and Protection Act (CISPA), may be changed to stipulate data has to become more anonymous and would limit ways in which it can be used. However, vague language and privacy concerns caused the Obama Administration to threaten a veto on the bill, which was passed last year before stalling in Congress. The next round of proposed changes are meant to soften President Obama's view on the bill, and stop the bill from being buried for the second time.
A closed session is slated for a committee vote this week on April 10.
The bill is designed to shave away legal barriers that prevent firms from sharing information, which includes data harvested from U.S. citizens. Information gleaned from web services including social media sites, searches and cell phone records are included. The principle aim is that by sharing data across institutions -- whether they be commercial, governmental, law enforcement-based or military -- cybercrime defenses can be improved. However, removing these barriers can also mean that as firm hands over your data to agencies, citizens can wave goodbye to their privacy.
In addition, if a citizen takes umbrage at their data being shared in such a way, companies will be protected from legal repercussions, which is naturally an attractive proposition for many companies.
Supporters of the bill include Boeing, AT&T and Verizon.
Privacy groups and civil rights unions have expressed concerns over the bill's individual data and privacy protection stipulations, and many consider CISPA a step too far in chipping away at privacy -- even in the name of improving cybersecurity defenses. An online petition created Feb. 13 has reached 108,000 signatures, over the 100,000 threshold required to elicit an official White House response, although nothing has yet been issued.
Frank Cilluffo, director of George Washington University’s Homeland Security Policy Institute told the publication:
"We need to get a little more specific in terms of what type of information we’re sharing and under what circumstances."
In addition, Michelle Richardson, ACLU legislative counsel, has caused the bill in its current form a "privacy disaster," which may allow citizen data to be used to undefined purposes by the government. Civil rights groups have called CISPA a "privacy killer," and sent a letter to the committee last week which said "the public has a right to know how Congress is conducting the people’s business, particularly when such important wide-ranging policies are at stake."
California Democrat Adam Schiff, a committee member, said he would introduce an amendment "requiring companies to try to remove personal data" before it is shared among other parties. "Try" being the word to take note of, and unlikely to soothe privacy groups. In addition, Bloomberg's sources say that the proposed changes to try and make the bill successful in the second attempt do not include putting a civilian agency in charge of how information is shared.
CISPA was passed in April last year, but lost the battle when it was flatly rejected in the Senate. The proposed amendments to the bill are designed to stop Obama's Administration vetoing the bill once more, and while the United States is in need of modernized legislation in response to the cybercrime environment, protecting industry leaders and placing citizen data at risk isn't necessarily the best way to go about it.
Let's hope the Obama Administration sticks to its guns, having previously stated it opposes the "privacy killing" bill.