The New Joint Information Environment: CISPA and Cybersecurity

Tuesday, April 16, 2013, by Samantha Surles

The Government’s ability to find and apprehend cyber criminals is one of the big features in the 2014 Defense budget. One of the Department of Defense’s top priorities in 2014 is “expanding the Cyber Forces” under U.S. Cyber Command and developing a system for “cyber security information sharing.” The information sharing system would connect many government cyber security centers in “real time” to create a “comprehensive coordinated cyber security information sharing system” with automated information sharing, accessible by all state authorized personnel.

 Regardless of whether CISPA passes or which side of the privacy protection debate you root for, in future any information you inject into the “cyber environment” faces the paradox of easier access by some to achieve greater protection from others.

This “real time” provision requires new legislation by Congress, otherwise the potential liability would cause internet companies to delay release of sensitive user information. The resulting Cyber Intelligence Sharing and Protection Act of 2013 (CISPA) will  reach a vote in the House later this week, after being rejected by privacy and civil liberties groups last year. Many groups oppose the bill, calling the amendments inadequate to protect consumer privacy. In response, the House Committee on Intelligence set up an informational site with letters of support and fact sheets intended to address the “myths” that have been circulating about the bill.

The Committee contends that the bill has “nothing to do with government surveillance.” It is only a voluntary allowance for internet companies to “share anonymous cyber threat information” with the government to “protect their networks and their customers private information.” Other concerns were addressed, including the fear that the government will be allowed warrantless access to private emails and that it will compile data on the private internet practices of U.S. Citizens. The White House opposed the 2012 version of CISPA and has not given approval to the current version. In a letter to Congress, at least thirty-four civil liberties organizations expressed their central concern, that the bill allows private companies to disseminate information both to other private companies and the government without the privacy protections seen in previous bills, bounded only by the definition of “cyber security.” Private companies opposing the bill include Mozilla, Reddit, Daily Kos, and others along with many nonprofit organizations.

Those supporting CISPA put out their own letter, expressing relief over liability protections to help them guard their networks and users. TechNet and its 70 companies including Google, eBay, Facebook, and other large internet service providers, have come out in support of the bill.  The Department of Defense frames the argument as one of protecting critical infrastructure, and views widespread information sharing as a necessary step in the transformation into a “joint information environment” to guarantee system protection. This new movement was partially a response to the President’s State of the Union address and resulting executive order for Improving Critical Infrastructure Cybersecurity. The order promotes a “cyber environment” that encourages innovation while “promoting safety, security, business confidentiality, privacy, and civil liberties” through cooperation with private industry leaders for information sharing. Regardless of whether CISPA passes or which side of the privacy protection debate you root for, in future any information you inject into the “cyber environment” faces the paradox of easier access by some to achieve greater protection from others.