CISPA Illustrates Struggle Between Security and Privacy

A new bill is pending on Capitol Hill that has privacy advocates preparing for battle. The backlash for CISPA (Cyber Intelligence Sharing and Protection Act) is reminiscent of the uprising against SOPA and PIPA earlier this year. Whether or not CISPA passes, this probably won’t be the last clash between privacy and security.

Broader information sharing--between businesses and the government, as well as between businesses themselves--would help significantly in the war against cybercrime. In an attack, various entities may uncover different tidbits of information about the attack. Those tidbits may not mean much alone, but when combined with the information from other organizations they form a more complete picture that helps all parties understand and respond to the threat faster.

At face value, that seems to be the intent of CISPA. The problem is that the wording is vague or broad in places and ways that could be abused. Privacy advocates would like to fight cybercrime as well--they’re just not willing to surrender personal liberties to make it happen.

With hundreds of millions of individuals providing their exact location with online or mobile check-ins, or over-sharing information in social network status updates, it certainly seems that privacy has lost some of its value. It’s hard to argue for privacy while posting pictures of your kids, or sharing details of some embarrassing thing that happened on the way to work with the general public.

Privacy advocates would argue, though, that those disclosures--appropriate or not--are still controlled by the individual. In most cases they can choose whom to share the information with, or remove the information after the fact, and there are controls in place that let the individual control their own privacy. The fact that millions of individuals seem to brazenly share every detail of their lives is not license for corporations or the government to simply toss out the concept of privacy altogether.

The problem for privacy advocates and individuals is that this issue isn’t going to go away. SOPA and PIPA were squashed by massive opposition, but the underlying problems are still there and the bills will keep coming back under new names until something finally passes.

The challenge for elected officials and corporate stakeholders is to find a solution that balances the need for information, or the desire to protect data or intellectual property with the rights and liberties of individuals. It is a Herculean task because the two things are often in direct conflict.

The best approach would be for all parties to work together to achieve that balance. Elected officials should be working with privacy advocates, and with experts who understand the way the Internet works to find ways to word legislation that protects against cybercrime without threatening civil liberties or the Internet itself in the process.

No matter what happens with CISPA--or with whatever bills follow in its wake--individual users need to recognize the privacy concerns of sharing information online, and use the controls available to them to limit access to that data. If people are just going to share everything openly online in the first place, the government doesn’t really need legislation to infringe on privacy.

Subscribe to the Security Watch Newsletter