Good news from the ACLU yesterday. The furor over CISPA (and a dozen or so other acronymed bills) has paid off, at least for now. Some of our more tech-savvy senators, including Al Franken, have put together a bill that addresses the privacy and accountability concerns raised by those of us who have been shouting.
Sens. Franken and Durbin and other privacy advocates have negotiated substantial changes that will:
• Ensure that companies who share cybersecurity information with the government give it directly to civilian agencies, and not to military agencies like the National Security Agency. The single most important limitation on domestic cybersecurity programs is that they are civilian-run and do not turn the military loose on Americans and the internet.
• Ensure that information shared under the program be “reasonably necessary” to describe a cybersecurity threat.
• Restrict the government’s use of information it receives under the cyber info sharing authority so that it can be used only for actual cybersecurity purposes and to prosecute cyber crimes, protect people from imminent threat of death or physical harm, or protect children from serious threats.
• Require annual reports from the Justice Department, Homeland Security, Defense and Intelligence Community Inspectors General that describe what information is received, who gets it, and what is done with it.
• Allow individuals to sue the government if it intentionally or willfully violates the law.
As the ACLU points out, there are still plenty of opportunities for harmful amendments, so if you have the sort of representatives who are likely to do something like that, now is the time to contact them and remind them just how organized and active the privacy lobby has been over this. Also, that there is an election that will affect a large number of them in just a few months.
Let’s get a decent law in place so we don’t have to be constantly on our guards for more stupid ones.