USACM Issues Statement on Cyber Intelligence Sharing and Protection Act (CISPA)
USACM Statement on Letter Submitted to the House Intelligence Committee
The Association for Computing Machinery
Advancing Computing as a Science & Profession
Below is a statement from Travis Breaux, Co-Chair, USACM Security and Privacy Committee. Copy of full letter here.
“While we agree with the goal of the Cyber Intelligence Sharing and Protection Act (CISPA), H.R. 624—a more secure cyberspace—as we wrote last year, ‘the benefits of increased information sharing should not—and need not—come at the expense of substantially increased privacy risk.’ Not only might individuals suffer serious harm, but loss of privacy represents a serious security risk in and of itself.
“To improve the bill, USACM encourages specific practices such as including data de-identification in the bill to mitigate disclosure risks of personally identifiable information (PII) or other sensitive business and/or personal information. We also recommend an explicit time limit on retaining PII shared under this legislation to ensure that information will be deleted after a set time period. In addition, we urge that information shared under this statute not be usable for any purposes not related to the original purpose for which it was shared in the first place – cybersecurity.
“The potential for abuse and theft of information must be better balanced with the need to share threat information. At a minimum, the bill should contain explicit limits on what may be shared outside existing legal frameworks intended to protect private citizens (e.g., via warrants, subpoenas, etc.), and it should include specific oversight mechanisms. These provisions, detailed in the letter, are in the spirit of well-established privacy principles.
“As computer scientists, we understand the complexity and difficulties in trying to balance the many interests involved in sharing cybersecurity threat information. As currently written, the proposed legislation could allow sharing of any information about any persons without particular cause, effective oversight, or meaningful recourse.”
ABOUT ACM and USACM
With 100,000+ members, the Association for Computing Machinery (ACM) is the world’s largest educational and scientific computing society, uniting computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. The ACM U.S. Public Policy Council (USACM) serves as the focal point for ACM's interaction with U.S. government organizations, the computing community, and the U.S. public in all matters of U.S. public policy related to information technology.
# # #