While no one is optimistic about seeing progress from Congress on immigration reform, deficit reduction and most other big-ticket policy issues, the smart money may be on Congress actually passing some cybersecurity legislation within the next year, perhaps even before the November election.
Major network intrusions resulting in the loss of intellectual property and consumer confidence have become commonplace. Under these circumstances, wouldn't any cybersecurity legislation be an improvement over the current state of affairs? And if there are competing versions of legislation out there, aren't they just different versions of good?
The privacy community, however, is up in arms over provisions that permit DHS to share that threat information with other departments or agencies of the federal government (there are protections against sharing the information outside the government). The bill also provides that “cyber threat information shared with the Federal Government” may further be used:
- “For cybersecurity purposes”
- “For the investigation and prosecution of cybersecurity crimes”
- “For the protection of individuals from the danger of death or serious bodily harm and [related investigations and prosecutions]”
- “For the protection of minors from child pornography, any risk of sexual exploitation, and serious threats to the physical safety of such minor”
- “To protect the national security of the United States.”
Finally, CISPA provides broad immunity from civil suits for sharing information or the consequences thereof and removes any liability for declining to share cyber threat information where such voluntary sharing was permitted under CISPA.