There's a bill currently up for debate in the US House of Representatives that would give companies and government agencies the right to share information when issues of cybersecurity were at stake. If the first thing you thought after reading that was "Wait, don't we already do this," the answer is "Yes, we do." The Cyber Intelligence Sharing and Protection Act (CISPA) is drawing fire for certain provisions that drastically expand the definition of what data can be shared and for the way they handle existing data protections.
At present, the government's ability to share data on its citizens is fairly restricted, insomuch as the various agencies must demonstrate cause and need. This has created a somewhat byzantine network of guidelines and laws that must be followed -- a morass of red tape that CISPA is intended to cut through. One of the bill's key passages is a provision that gives private companies the right to share cybersecurity data with each other and with the government "notwithstanding any other provision of law."
It's that last bit that's understandably drawn fire, despite the bill's sponsor (Mike Rogers, R-MI) insisting that the government and various private entities wouldn't abuse the privilege. Rogers is, at least, more open to revising the bill than were the backers of SOPA/PIPA earlier this year, but groups like the Electronic Frontier Foundation remain unsatisfied with the bill in its current form. The ACLU has also weighed in on the proposed changes. ""A lot of them aren't substantive," Michelle Richardson, legislative counsel for the ACLU, told CNET. "They just put the veneer of privacy protections on the bill, and will garner more support for the bill even without making substantial changes."
The core problem with most of the proposed amendments isn't that they don't provide necessary protections, it's that they seek to bind the length of time the government can keep the data it gathers, or the sorts of people it can't
collect data on rather than protecting citizens as a whole. One proposed amendment, for example, would make it illegal to monitor protestors -- but not other groups. It's not hard to see how those seeking to abuse the law could find a workaround -- a "protestor" is just a quick arrest away from being considered a "possible criminal risk."
We foresee a sudden spike in sweater sales
One of the other major issues raised by the groups against CISPA is that none of the proposed amendments restrict how agencies like the CIA or NSA could use the information they gather. In the eyes of many, the push to secure the United States' digital borders is little more than a power grab based on spooky cyberboogymen. The idea that we suddenly need a new law that would carry a built-in override to the privacy protections already in place seems out of proportion to the dubious reality of current "cyber threats."
The problem with this sort of blank check "notwithstanding" clause is that even if the people who write the law have only good intentions, it provides substantial legal cover to others who might not. Given the amount of sharing that already takes place between corporations and government institutions, there's simply no need to give investigators the right to invade the privacy of any citizen at will--not when such a privilege could so obviously be abused.