EFF joins civil society call for rejection of flawed US cybersecurity legislation
Thu 5 Mar 2015, 03:40

EFF has joined 26 civil society organizations and 22 computer security experts in a letter that calls on the Senate Select Committee on Intelligence to reject the Cybersecurity Information Sharing Act of 2015 (CISA).

CISA, currently only available in draft form, is yet another iteration of the infamous Cyber Intelligence Sharing and Protection Act (CISPA), first introduced in 2011. These pieces of legislation have all been introduced under the auspices of increased computer and network security. But instead of providing increased funding for security research, providing funding for security training for federal government employees, or any of the other ways computer and network security could be made better, they have focused on information sharing, without addressing the privacy and civil liberties implications that entails.

CISPA will be re-introduced after Sony hack
Fri 9 Jan 2015, 15:40

After privacy concerns derailed this controversial legislation in the U.S. Senate, CISPA will be re-introduced Friday by a senior Democrat on the House Intelligence Committee, reports The Hill. Maryland Representative Dutch Ruppersberger said he’s bringing the Cyber Intelligence Sharing and Protection Act back to the floor in response to the Sony hack, blamed on North Korea.

Cyberthreat sharing must include strong privacy protections, advocates say
Thu 29 Jan 2015, 01:20

U.S. lawmakers should put strict privacy controls into planned legislation to encourage companies to share cyberthreat information with government agencies and each other, some advocates said.

Members of the Senate Homeland Security and Governmental Affairs Committee said Wednesday they plan to work on a cyberthreat information-sharing bill in the coming months. But representatives from Microsoft and the Center for Democracy and Technology told lawmakers they can avoid the controversies of other recent bills by requiring companies and government agencies to strip out personally identifiable information before sending cyberthreat information to other organizations.