Front Range OWASP Conference 2013/Sessions/Sess3 Mgmt2
CISPA Why Privacy Advocates Hate This Legislation
Reintroduced in the House of Representatives on February 13, 2013, the Cyber Intelligence Sharing and Protection Act (CISPA) is a proposed US law which would allow for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill is to help the U.S government investigate cyber threats and ensure the security of networks against cyberattack.
CISPA has been criticized by advocates of Internet privacy and civil liberties, such as the Electronic Frontier Foundation, the American Civil Liberties Union, and Avaaz.org. Those groups argue CISPA contains too few limits on how and when the government may monitor a private individual’s Internet browsing information. Additionally, they fear that such new powers could be used to spy on the general public rather than to pursue malicious hackers. CISPA has garnered favor from corporations and lobbying groups such as Microsoft, Facebook and the United States Chamber of Commerce, which look on it as a simple and effective means of sharing important cyber threat information with the government.
Some critics saw CISPA as a second attempt at strengthening digital piracy laws after the anti-piracy Stop Online Piracy Act became deeply unpopular. Intellectual property theft was initially listed in the bill as a possible cause for sharing Web traffic information with the government, though it was removed in subsequent drafts.
Maureen Donohue Feinroth
| Maureen D. Feinroth, Esq, CIPP/IT, CIPP/E is the Founder and CEO of Capital Privacy Solutions, a consulting firm dedicated to providing clients with privacy consulting, training & education and data management services.
Maureen is a recognized subject matter expert in international compliance, particularly the EU Directive, the Hong Kong Data Protection Ordinance and transborder data flow issues in the international marketplace. She is experienced with the provisions of DNC, FOIA, ECPA, FISMA, the Federal Privacy Act, Paperwork Reduction Act, Computer Security Act, OMB Circular A-130, FISCAM, HIPAA/HITECH, GLBA, FCRA, EFTA, COPPA, ECPA, PATRIOT Act and Sarbanes-Oxley. She assisted in development of NIST standards across information security including implementation measures for HSPD 12 compliance. Her consulting responsibilities and career information security privacy experience include the identification, research and analysis of all legislation at the state, federal and international levels, as well as the self-regulatory programs.