If you wanted to explain the dilemma of privacy versus security to a curious relative, the Protecting Cyber Networks Act would be a good place to start. The bill has just been passed by the House of representatives (voting 307-116 in favor), and is designed to prevent future cyber attacks by allowing corporations to share information with each other and the government. Civil liberties groups claim the bill tramples on the privacy of the customers, and opens the door for agencies like the NSA to access their data (not that it needs much help, it seems).
A letter signed by over 50 privacy groups concedes that the bill is “less pernicious” than other recent similar legislation, but notes that under the PCNA, data shared through the government could be exempt from disclosure under the Freedom of Information Act, creating a “new secret cyber-intelligence coordinating body.” Naturally, the government doesn’t see it this way, and with high profile attacks on Sony and Target (among others) still in recent memory, it’s likely corporations are eager for the senate to pass the bill too.
The issue appears to be the bill’s lack of specificity. The PCNA would allow for data to flow between corporations via a government intermediary. Crucially, there are provisions that would allow the government to use these data outside of cyber threats. The civil liberties groups criticize the bill for allowing any data to also be used with the Espionage Act, making it ripe for abuse for things such as surveillance of journalists and their sources. While all this is going on, there’s still the very real threat of more large scale attacks on corporations that could expose this very same data to anyone on the internet. The bill is still being finalized as it awaits approval from the Senate.
Sent from my Tricorder