Search This Blog

Thursday, May 17, 2012

Averting a Digital Pearl Harbour?

Will proposed cyber security legislation in the US really translate into effective protection against cyber-war or is it just another invasion to privacy?

2012 could well be remembered in technology law circles as the Year of the Acronym. From SOPA to PIPA to ACTA and we are still in the second quarter of the year. Now the attention has been diverted to a plethora of cyber security bills currently being discussed in the United States. Say hello to CSA, SecureIT and CISPA.

Ten years after the dramatic 9/11 attack, many American legislators are focusing their attention and energies towards the introduction of various laws aimed at protecting the United States against the rise of cyber-warfare and cyber-terrorism.

In the wake of the failed attempts to introduce the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA) amid widespread popular out roar, the need to address cyber threats affecting national security and how such measures might impinge on privacy rights has become the latest bone of contention.

Irrespective of a clear position taken by the Obama administration that it will veto the bill, late last month the US House of Representatives voted in favour of the introduction of the Cyber Intelligence Sharing and Protection Act or CISPA.

The main aim behind CISPA is to allow certain technology and internet companies to share information between themselves as well as with the US government in order to assist law enforcement agencies in investigating any potential cyber threats whilst ensuring that networks are secure against cyber-attacks. In essence this means that whilst technology companies such as ISPs do not have an obligation to pass on information relating to their users to the feds for cyber-security and law enforcement purposes, they are allowed to that without facing liability or prosecution.

The proposed bill has been heavily criticised by privacy and civil liberties groups as another attempt by government to erode digital rights. Some have even referred to it as SOPA 2.0 even though there is no reference to intellectual property theft in the latest amended version of CISPA.

Republican Mike Rodgers, who was the sponsor of the bill, claimed that the amended version of CISPA would only enable companies and intelligence agencies to share information related to cyber security purposes, investigation and prosecution of cyber crimes, child pornography as well as the protection of individuals from harm and the safeguarding of national security.

In its opposition to the bill the White House stated that CISPA would repeal important provisions on electronic surveillance without addressing properly safeguards relating to privacy, confidentiality and civil liberties.

Most of the hardest criticism against CISPA revolves around the facts that the definition of 'cyber threat' is too vague thereby leaving many doors open for government agencies' interpretation. Also, the wording "notwithstanding any other provision of law" contained in the bill explicitly waives and overrules present privacy laws. Many academics have also termed CISPA as not providing the correct level of transparency as well as guaranteeing that the concept of due process and the principles enshrined in the 4th Amendment are recognised and duly protected.

Microsoft, Facebook, Intel, Oracle, Symantec and Verizon are only a few of the 800 plus companies who have expressed their open support to CISPA. This is in stark contrast to the widespread opposition that was faced by the SOPA bill from technology firms and which eventually led to SOPA's demise in the corridors of power in Washington. Only Mozilla has so far broken the silence in Silicon Valley and is openly opposing CISPA. It is still to be seen what stand Google will take in this debate.

Many claim that the fact that the proposed CISPA would render such technology companies immune from liability in the event that they share information with government has translated to a widespread acceptance of CISPA even though this would run against the obligations that such companies would have in their terms and conditions with their clients.

It remains to be seen whether CISPA will find the same support in front of the Senate and eventually see the light of day. Meanwhile however other cyber-security bills are scheduled to be discussed in front of the Senate and some commentators have gone as far as claiming that the SecureIT bill as well as the Cybersecurity Act (CSA) which are more focused on protecting national critical infrastructures are at least as dangerous as CISPA and the public should not consider such laws to be the best solution in averting a digital Pearl Harbour.

Whilst once cannot say that Malta is not in the centre of the cyber-terrorists' radars, one has to seriously examine what kind of legal tools we have in place against cyber-attacks especially those targeting critical infrastructure systems. Surely, our present computer misuse provisions already criminalise any attack against such assets but the law presently makes no clear provision on attacks against CNIs. This analysis would need to keep in mind the balance that needs to be achieved between the rights of the state to protect itself from electronic attacks with the rights of individuals and citizens within a digital world. The locally proposed digital civil rights would specifically aim at creating this balance.

No comments:

Post a Comment