Fourth Amendment Protections Need Clarification in CISPA

By Wayne Rash  |  Posted 2012-04-14 Print this article Print

Currently, U.S. laws prevent information sharing between the government and private industry. Because of this, companies are unable to get the help they need to prevent being attacked by these state-sponsored hackers and cyber-criminals. This also means that the government is unable to gather the information it needs to seek out, and perhaps neutralize, the attackers. In short, the U.S. is bound by its laws to the point that it is essentially defenseless against cyber-attacks.

Despite all the scary words being bandied about on the chat forums, this proposed law does not give the government free rein to go after people who share movie files or music or even those who run sites that offer copyrighted material for download. The law limits the information sharing to be related to national security and it specifically prohibits the use of the information by regulators or information sharing for any other purpose except for fighting cyber-attacks.

While there has been some concern that the government would create a quid pro quo situation in which companies would be required to turn over information so they could receive help from the intelligence community, that potential hole has been plugged by an amendment written by the bill€™s original author.

Does this mean I think that CISPA is perfect as written? No, I don€™t. I think some protection against Fourth Amendment violations could be more clearly written into the bill. For example, if the government were to receive personally identifiable information that€™s currently protected under one of many federal laws, then it probably should require a warrant for that information to be seen or used.

In addition, there needs to be stronger language preventing the sharing of information gathered in the process of fighting cyber-warfare or cyber-crime from being shared with law enforcement€”unless the information being shared happens to reveal the cyber-criminal. Then the normal rules of criminal investigation procedure should be followed as if evidence of a crime were uncovered during some other government activity.

Currently, there€™s nothing in CISPA that specifically violates anyone€™s civil rights, unlike the proposals in SOPA where there were clear First Amendment violations. But that doesn€™t mean that CISPA should protect known or discovered cyber-criminals either. But it should be clear that if such people are discovered, then it should be handled according to standard legal criminal procedures and precedents.

On the other hand, this also shouldn€™t mean that the legitimate interests of the U.S to protect against outside attacks should be hampered. Right now, the U.S. is effectively hamstrung when it comes to defeating cyber-attacks. That needs to be changed. So instead of mindlessly railing against the law, perhaps some constructive effort in making the law better would be good idea.

To follow Wayne Rash on Twitter, click here. 

Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel