Cybersecurity and Privacy: Where Can a Balance be Struck?

By David J Puentes – Recently, it became known that Russian hackers breached an unclassified White House system and gained access to sensitive information including President Obama’s schedule. This comes on the heels of other cyber attacks on many other government agencies, including the Department of State.

The U.S. government has not been the only victim of cyber attacks by Russia. In mid-2014, there were reports of attacks against U.S. oil and gas companies by Russian hackers. The extent of these attacks was not known, but there was speculation as to the possible consequences of foreign access to the information of energy giants such as Exxon, or BP. Amongst the speculated consequences was the possibility of preemption of drilling opportunities or even inside knowledge of power grids and how to disable them.

Nor has Russia been the only perpetrator. Another well-known recent cyber attack was the attack by North Korea against Sony. This attack was most known for the fact that it resulted in the cancellation of the theater premiers of The Interview, a movie whose plot revolves around the assassination of North Korea’s leader, Kim Jong Un. It was certainly a controversial decision as many believed that it permitted a foreign government to create a freezing effect on one of the freedoms guaranteed to be beyond the reach of our own government by the First Amendment.

Beyond that, however, this attack led to the dissemination of many private emails, the acquisition by hackers of a screenplay for the newest James Bond movie, and to a class-action lawsuit being filed by Sony employees against the company.

One potential solution to the cyber security threat, explored by Sen. Burr, Richard [R-NC], is the Cybersecurity Information Sharing Act of 2015 (CISA). Proponents of such an Act, such as Sen. Susan Collins [R-ME], state that it “would remove significant legal and economic disincentives that currently impede information sharing between private industry and government that can promote the identification and mitigation of cyber threats.”

While it has had predecessors which have been unsuccessful in the past, such as the Cybersecurity Information Sharing Act of 2014 and the Cyber Intelligence Sharing and Protection Act in 2013, there is still support for such a bill as well as opposition.

A lot of the opposition to CISA revolves around privacy concerns. The 2015 version, which incorporated some proposed amendments regarding privacy, still faces opposition. It passed the Senate Intelligence committee by a 14-1 vote. The dissenting vote was cast by Sen. Wyden, Ron [D-OR] who stated that it was “a surveillance bill by another name.”

One organization, the Electronic Frontier Foundation (EFF), claims that “[c]ybersecurity bills aim to facilitate information sharing between companies and the government, but their broad immunity clauses for companies, vague definitions, and aggressive spying powers make them secret surveillance bills.”

The EFF also points out that “CISA marks the fifth time in as many years that Congress has tried to pass ‘cybersecurity’ legislation.”

There is certainly little doubt as to the seriousness that cyber attacks pose to the national security. Considering the amount of information that is kept on computers and, more importantly, the internet, it is no secret that access to a server could not only result in private photographs being released to the public as in late 2014, or even the theft of credit card information. It could very well compromise the national security.

As with many bills, however, a balance will have to be struck between the information sharing necessary to protect the nation’s interests and the protections that many expect for their privacy.

Leave a Reply

Your email address will not be published. Required fields are marked *