Try digitalPLUS for 10 days for only $0.99

Editorial

News Opinion Editorial

Fight cyberattacks, not privacy

A Defense Science Board report made public last week contained shocking allegations about the extent of Chinese military hacking of American defense technologies. Though China's government denies it — huffily insisting that it has no need for American military technology — the report disclosed that Chinese cyberattacks had yielded data from dozens of weapons systems, including missile defenses and the F-35 Joint Strike Fighter. That comes on top of reports that Chinese hackers had successfully infiltrated the computer systems of a wide variety of U.S. corporations, think tanks and media outlets. Hacking is now at the top of the agenda for President Barack Obama's summit this month with new Chinese President Xi Jinping.

China is, of course, not the only source of cyberthreats. They come, too, from Russia, Iran and elsewhere, including domestic hackers. Congress has long been aware of the problem and has sought for at least the last two years to pass legislation that would facilitate information sharing and cooperation between private corporations and the government. Maryland's Rep. Dutch Ruppersberger, who is the ranking Democrat on the House Intelligence Committee, has been in the middle of the effort, along with Republican Rep. Mike Rogers of Michigan, who chairs the committee. Their bill, the Cyber Intelligence Sharing Protection Act, or CISPA, passed the House in April on a bipartisan vote, 288-187.

But it is going nowhere in the Senate, and for good reason. Although this year's version of CISPA is an improvement in some respects, it still trades away too much privacy in the name of security. President Obama has threatened to veto it if it reaches his desk in its current form, and Sen. Dianne Feinstein, a California Democrat, is working on her own version of a cybersecurity bill along with some Republicans. She doesn't need to throw out the framework of CISPA entirely but should refashion it so that it does not give the government unnecessary personal information and sets limits on what the government and corporations can do with the information they get.

The American Civil Liberties Union, the Electronic Frontier Foundation and others object to CISPA because it overrides existing privacy laws and Internet companies' individual privacy policies to allow corporations to give the government and each other information about potential cybersecurity threats. That could include users' email addresses, Internet use records, location data, contacts and emails, among other things. Such information is not generally necessary to determine the nature of a threat and combat it, but its dissemination opens the possibility for misuse.

Whatever law Congress passes should require that companies attempt, in as much as possible, to strip personal, identifying information out of the data they provide to the government and each other. To the extent that such information sharing occurs now, many companies follow that practice already.

The most recent version of CISPA at least sets limits on what companies can do with the personal data shared with them by other firms — barring, for example, commercial uses — but it does leave open the possibility that the information could be shared directly with military agencies, including the NSA, a chilling prospect given the government's history of domestic espionage in the name of national security. Some corporations, such as many defense contractors, already work directly with the military on cybersecurity, and that is appropriate, but it need not be and should not be the norm. A civilian agency should be the one to handle the data in most cases.

Finally, the Senate needs to reject the "hack-back" provisions in the House legislation. CISPA not only immunizes companies from liability for sharing information but also gives them broad protection for what they do in response to the information they share or receive. In particular, there is reason for concern that such protections could lead to cyber-vigilantism that could diminish the rule of law and lead to collateral damage to innocent Internet users. The Senate needs to eliminate any ambiguity about what is and is not allowed.

There is no question that the need for a response to growing cyber threats is urgent, but we should not create new and different threats to Internet users in the process. The Senate must put privacy protections at the center of its cybersecurity legislation. And if members of the House believe hacking is as clear and present a danger as they say, they should be willing to accept it.

Copyright © 2015, The Baltimore Sun
Related Content
  • A temporary halt to the NSA's domestic spying program

    A temporary halt to the NSA's domestic spying program

    The government's authority to spy on the private phone calls of millions of Americans without their knowledge or consent expired at midnight Sunday, and for first time since the 2001 terrorist attacks on New York and Washington, citizens won't have the specter of "Big Brother" looking over their...

  • Taming 'Big Brother'

    Taming 'Big Brother'

    A week after a federal appeals court ruled that the National Security Agency's bulk data collection program was unconstitutional, the Obama administration is urging Congress to approve legislation that would put new limitations on the agency's power to track the private phone calls and emails of...

  • Reining in the surveillance state

    Reining in the surveillance state

    In a sign that the possibility of bipartisan cooperation in Congress is not completely dead, lawmakers on both sides of the aisle have moved closer to a consensus on modifying the U.S. Patriot Act, which authorizes the government's secret spying program targeting the private phone calls and email...

  • Spying forever

    Spying forever

    Ever since former National Security Agency contractor Edward Snowden's revelations last year that the NSA was collecting information on the phone calls and emails of millions of U.S. citizens without their knowledge or consent, lawmakers have been assuring the public they will act to amend the...

  • Intelligence reform bill is important to safeguarding our security and privacy

    Intelligence reform bill is important to safeguarding our security and privacy

    A recent Baltimore Sun editorial described legislation to reform the government's collection of Americans' phone and email data as a sign that "bipartisan cooperation in Congress is not completely dead" ("Reining in the surveillance state," May 5). We'd like to remind The Sun that similar legislation...

  • Congress is not transparent enough about its intelligence oversight [Commentary]

    Congress is not transparent enough about its intelligence oversight [Commentary]

    Members criticize the hardworking employees of the National Security Agency, yet they aren't transparent about their oversight role

  • Unaccountable intelligence agencies [Letter]

    Unaccountable intelligence agencies [Letter]

    Attorney and former CIA officer Matthew Ferraro contends that U.S. intelligence agencies operate within "strict legal controls under the review of lawyers embedded at all levels, inspectors general, courts and Congress" ("The Snowden stigma," June 9).

  • Intelligence community has only itself to blame [Letter]

    Intelligence community has only itself to blame [Letter]

    Again, we have the "blame the media" scenario ("The Snowden stigma," June 9). A former intelligence officer tries awfully hard to make this point: "Edward Snowden's leaks and their media coverage have unfairly maligned the intelligence industry." But blaming the media for reporting the unprofessional,...

Comments
Loading

73°