Subscribe
Modern field guide to security and privacy

Cybersecurity pros slam threat information-sharing bills

Sixty-five cybersecurity professionals and academics have asked Congress to reject three versions of information-sharing bills over privacy concerns.

  • close
    Sen. Dianne Feinstein (D) of Calif., vice chairman of the Senate Intelligence Committee, is among the members of Congress security professionals are urging to reject pending information-sharing legislation.
    Joshua Roberts/Reuters
    View Caption
  • About video ads
    View Caption
of

More than 65 cybersecurity professionals and academics have come out against a trio of bills moving through Congress that are meant to enable information sharing about digital threats between businesses and the government. 

In a letter sent today to ranking members of the House and Senate Intelligence Committees and the chair of the House Homeland Security Committee, they are urging Congress reject the controversial Cybersecurity Information Sharing Act and two similar bills.

"We do not need new legal authorities to share information that helps us protect our systems from future attacks," they wrote. "Generally speaking, security practitioners can and do share this information with each other and with the federal government while still complying with our obligations under federal privacy laws."

The signatories of the letter take issue with the potential privacy implications of the bills. "The bills weaken privacy law without promoting security," they said in the letter

This is not the first time the information sharing bills have been criticized by privacy advocates. Previously, critics have argued that an information sharing law could expose even more personal data held by tech companies to agencies such as the National Security Agency or to the FBI.

In order to support an information sharing bill, they have asked that it contain the following elements:

  1. "Narrowly define the categories of information to be shared as only those needed for securing systems against future attacks;
  2. Require firms to effectively scrub all personally identifying information and other private data not necessary to identify or respond to a threat;
  3. Not allow the shared information to be used for anything other than securing  systems."

Signatories include representatives from technology and security companies such as Amazon, Cisco, Twitter, Rapid7, and Veracode, as well as academics from the University of California at Berkeley, the Massachusetts Institute of Technology, and Yale University.

About these ads
Sponsored Content by LockerDome
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK