New cybersecurity legislation introduced in U.S., but still doesn’t protect users


Today, U.S. Senator Tom Carper introduced the Cyber Threat Sharing Act (CTSA) of 2015, a new bill to authorize the public/private dissemination of cybersecurity-related information. While the bill includes privacy protections and safeguards not found in the Cyber Intelligence Sharing and Protection Act (CISPA), recently re-introduced in the House of Representatives, it also maintains many of CISPA’s other flawed provisions. For example, CTSA provides for broad immunity from liability for organizations that distribute information, which may contain personal information. While the immunity is wisely limited to entities that deal with civilian agencies, provisions allow other entities, like the NSA, to receive the same information in near real-time. Another provision would significantly limit transparency by creating a broad new Freedom of Information Act exemption.

The legislation’s limitations on the type of information that can be shared are not enough to protect user privacy. Access is calling on the U.S. Congress not to consider information-sharing legislation–which could ostensibly create new surveillance authorities under the guise of cybersecurity–until existing surveillance authorities are adequately reformed.

Find Access’ recent analysis of CISPA here.

credit: insilico