House cyberterrorism bill would protect ISPs

Another cybersecurity proposal is wending its way through the U.S. Congress, this one designed to relax the liability of Internet service providers (ISPs) when reporting a potential threat.

The Cyber Security and Enhancement Act of 2001 (HR-3482), introduced in December by Texas Republican Representative Lamar Smith, also calls for strengthened penalties for cybercrime and increased funding for a government-run center to detect security threats. The bill is one of a handful of congressional initiatives designed to fortify information security, including the Cyber Security Research and Development Act, which was approved by the U.S. House of Representatives last week, and the Cybersecurity Preparedness Act of 2002 and the Cybersecurity Research and Education Act of 2002, both introduced in the Senate in January.

Representative Smith, chairman of the House Judiciary Committee’s Subcommittee on Crime, held a hearing Tuesday regarding his proposed legislation. The bill is scheduled for markup, or review, in the crime subcommittee on Thursday.

The bill builds on the USA Patriot Act signed by President George W. Bush last October that included a number of antiterrorism measures.

The Cyber Security and Enhancement Act of 2001 proposes that the U.S. Sentencing Commission strengthen penalties related to cybercrime so that they better reflect the seriousness of the crime. It also allots US$58 million in funding to the U.S. Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC), which could serve as a national focal point for coordinating threat assessments and responses.

It also would provide liability protection to ISPs that report to officials suspected cybercrime, such as an e-mail bomb threat that crosses an ISP’s network. While the Patriot Act authorized such reporting, ISPs have to show reasonable belief of immediate risk of death or personal injury, according to Clint Smith, president of the U.S. Internet Service Providers Association (USISPA), who testified at Tuesday’s hearing and who supports the bill. Showing reasonable belief of immediate risk puts a burden on ISPs and might prevent them from reporting a suspected threat to officials, Smith said.

The Cyber Security and Enhancement Act of 2001 would remove the “immediate” condition of the Patriot Act and replace “reasonable” belief with “good faith” belief of a threat, Smith said. The bill also explicitly grants ISPs immunity from liability when they act in good faith, he said.

But an official with the Center for Democracy and Technology (CDT), an Internet civil liberties public interest group, said the bill would threaten the privacy of communication.

“As drafted, (the bill) would allow many more disclosures of sensitive communications without any court oversight or notice to subscribers,” read the written testimony of Alan Davidson, associate director of CDT, who also spoke at Tuesday’s hearing.

The bill has loopholes, Davidson said, because it expands ISP disclosure to not just law enforcement officials, but any government entity. Because the bill removes the requirement that a suspected threat be immediate, ISPs could disclose communications describing an event far in the future, or even a hypothetical one, he said. And without the requirement to prove reasonable belief of risk, ISPs could report communications without ramification.

Safeguards such as requiring notice to a subscriber that their communication was reported to officials should be put in place, Davidson added.

The House Judiciary Committee can be found on the Web athttp://www.house.gov/judiciary/

The USISPA can be reached at +1-202-862-3816 or athttp://www.usispa.org/

CDT can be reached at +1-202-637-9800 or athttp://www.cdt.org/

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now