Redrafted US cyber security act could still threaten internet freedom

Lieberman's latest could contain hidden concerns

The latest draft of the US Cybersecurity Act could restrict internet freedom and result in the prosecutions of ISPs and peer-to-peer media sharers.

The Act failed to pass in February 2012, but Senator Joseph Lieberman and his supporters have returned with a redraft, which they want passed as quickly as possible in order to address the "clear and present danger" of cyber criminality and aggression.

Critics, however, believe alterations to the bill that promise a "public-private partnership" may actually represent a more serious problem for those the bill may be enforced against, arguing that there are echoes of the Stop Online Piracy Act (SOPA) and the similar Protect Intellectual Property Act (PIPA) lurking within the "compromise" Lieberman offers.

"This legislation is urgently needed to address the clear, present, and growing danger of cyber attacks against our most critical systems," Lieberman says on his website. "In an era when anyone can buy the technological capability to cripple the electric grid, steal proprietary information from seemingly secure websites, and digitally drain bank accounts of money, our most important networks are alarmingly vulnerable. We must respond with speed and resolve to a threat that will only increase."

However, Lieberman goes on to state that $250bn a year of private enterprise capital is lost as a result of intellectual property theft, as well as a further $224bn in downtime due to attacks.

The redraft more clearly defines the nature and extent of data sharing the bill will allow, but in so doing it raises some significant problems, according to critics.

The revised bill narrows the range of data that can be shared in times of heightened cybersecurity risks, as well as who the information is shared with. It states specifically that information shared with the government can only go to civilian agencies, and not military ones.

This information, says the new bill, can only be used to address threats directly related to cybersecurity, and not to national security or other criminal investigations.

But it's the mention of "civilian" – ie private – agencies in the redraft that's ringing alarm bells. The Bill's sponsors are inviting private enterprises to help formulate a code of practice in a move that could open the door for companies to use the law to protect their commercial interests to the detriment of individual freedon online.

"While the bill we introduced in February is stronger, this compromise will significantly strengthen the cybersecurity of the nation's most critical infrastructure and with it our national and economic security," said Lieberman.

"We responded after the 9/11 attacks to improve our security. Now we must respond to this latest challenge before a cyber 9/11 occurs."

April's rather more controversial Cyber Intelligence Sharing and Protection Act (CISPA) was passed by the House, but not yet by the Senate, and contained very similar legislation that caused a great deal more concern.

Opponents fear that the successful implementation of both bills would restrict internet freedom. Its proponents however state that convictions of the likes of Gary McKinnon could be carried out far more swiftly and decisively, and that there would be more widespread prosecution for peer-to-peer media downloaders, or even the ISPs that host them.

"Cybersecurity" is a term that is still problematic in itself. President Obama's administration (which supports Lieberman's redraft, but did not support CISPA) defined the term, in its own legislative proposal in December 2011, as "products, goods, or services intended to detect or prevent activity intended to result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information stored on or transiting an information system."

Critics of the US Cybersecurity Act redraft fear that such a definition could be extended, nationally or – with enough governmental pressure – internationally to cover other scenarios not intended by the drafters.