New Cybersecurity Proposal Patches Serious Privacy Vulnerabilities

Written by EFF

View Comments

For months, we’ve been raising the alarm about the serious civil liberties implications of the cybersecurity bills making their way through the Senate. Hours ago, we received some good news. A new bill called the Cybersecurity Act of 2012 (S 3414) is replacing the prior Lieberman-Collins Cybersecurity Act (S 2150). This new bill drastically improves upon the previous bill by addressing the most glaring privacy concerns. This is huge, and it’s thanks to the outcry of Internet users like you worried about their online privacy. Check out the new bill (PDF).

Make no mistake – we remain unpersuaded that any of the proposed cybersecurity measures are necessary and we still have concerns about certain sections of the bill, especially the sections on monitoring and countermeasures. But this was a big step in the direction of protecting online rights, and we wouldn’t be here without the support of Internet users contacting Congress in droves.

Here’s what you need to know about the new privacy-protective package. Major new privacy protections added to the bill: 

There is also some language about net neutrality intended to ensure that nothing in the bill can be construed as granting new authority to engage in non-neutral behavior.

Of course, the bill has its shortcomings. The most significant problem remaining has to do with the language around monitoring and countermeasures. Currently, the bill specifically authorizes companies to use cybsersecurity as an excuse for engaging in nearly unlimited monitoring of user data or countermeasures (like blocking or dropping packets). We’ve argued that this language is overly broad and could be interpreted by an overzealous ISP to let them block privacy-protective technologies like Tor. When the bill goes to the floor next week, we’re going to be throwing our weight behind amendments to address these ongoing flaws.

This new bill patches a whole bunch of significant privacy problems with the prior proposals, and so we’re grateful for the Senators who responded to the Internet community’s concerns and championed these protections. Now it’s up to us: we need to speak out and tell Senators not to undermine these hard-won privacy protections, and hopefully tell them to go one step further and fix the problems remaining with monitoring and countermeasures. Our contacts in Washington tell us it’s likely that opponents will try to strip out these protections by hyping up fears of catastrophic cyberattacks and calling for stronger national security provisions. We need to organize now to stop any Floor amendments that would undermine these major privacy wins.

Please, send a note to your Senators now asking them to defend these hard-won privacy protections against any amendments and work to fix the monitoring and countermeasures sections of the bill.

As we’ve said before, we don’t know if a cybersecurity bill is necessary or desirable at this moment. We continue to oppose any language that unnecessarily and broadly expands existing power to engage in surveillance. But we also commend the Senate’s efforts to build these strong privacy protections into the new bill, and we’re asking the Internet to join us in fighting to keep those protections strong (and, hopefully, make them even stronger).

Things are heating up quickly. Please stay tuned to the EFF blogTwitter feed, and mailing list for updates on the campaign.





From Around the Web
You are now being logged in using your Facebook credentials