Pages

Friday, April 13, 2012

Facebook Defends CISPA, Denies Plans to Share User Data

facebook

Facebook on Friday defended its support of a pending cyber-security bill that has drawn comparisons to the controversial Stop Online Piracy Act (SOPA), denying that the proposed legislation would result in the social network sharing users' data.

Sponsors and supporters of the Cyber Intelligence Sharing and Protection Act (CISPA) claim the bill is intended to allow private companies and the government to communicate in the event of a cyber threat. Detractors, however, argue that it will simply make it easier for the feds to get their hands on users' personal information.

In a blog post today, Joel Kaplan, vice president of U.S. public policy at Facebook, argued that the bill will help guard the social network against cyber attacks and denied that any user information will be shared with the government.

"One challenge we and other companies have had is in our ability to share information with each other about cyber attacks. When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack," Kaplan wrote. "Similarly, if the government learns of an intrusion or other attack, the more it can share about that attack with private companies (and the faster it can share the information), the better the protection for users and our systems."

Kaplan stressed that Facebook would be under no obligation to share information about an attack. CISPA is voluntary and "ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users' private information, just as we do today," Kaplan said.

Some consumer groups, however, have argued that CISPA is overly broad and could open itself up to privacy intrusions - a concern also presented during the contentious debate of SOPA and its companion bill, the PROTECT IP Act (PIPA).

SOPA and PIPA would have allowed the Justice Department to obtain a court order and go after overseas, "rogue" websites that trafficked in fake goods, from purses to prescription drugs. The DOJ could have had those sites removed from search engines, while copyright holders could have had the agency target sites they believe to contain infringing content. Detractors believed SOPA and PIPA were too broad and would have had unintedned consequences for legitimate sites. Ultimately, they were both killed.

During the debate, Facebook chief Mark Zuckerberg took to the company blog to denounce the bills. "Facebook opposes SOPA and PIPA, and we will continue to oppose any laws that will hurt the Internet," he said in January.

Military Control of Your Data?
The Center for Democracy and Technology (CDT) noted that "CISPA isn't SOPA" but the group still had concerns. "CISPA has a very broad, almost unlimited definition of the information that can be shared with government agencies and it supersedes all other privacy laws," according to the CDT website. "CISPA is likely to lead to expansion of the government's role in the monitoring of private communications, [and] shift control of government cybersecurity efforts from civilian agencies to the military."

Last month, the Electronic Frontier Foundation voiced similar concerns.

In a Q&A on the House Intelligence website, bill sponsors Mike Rogers and Dutch Ruppersberger denied any nefarious intentions.

"The bill contains strong, customized privacy protections designed to ensure that the bill remains centrally focused on protecting cybersecurity," the duo said. "The bill focuses on cyber threat information sharing, allowing the government to provide classified cyber threat intelligence to the private sector and permitting the private sector to identify and share cyber threat information on a voluntary basis."

Other companies that have voiced their support for CISPA include AT&T, IBM, Intel, Microsoft, Verizon, and more.

Earlier this week, Netflix denied that its recently created PAC was intended to support CISPA, or bills like SOPA.

Last year, the White House unveiled a cyber-security proposal that included national data breach reporting, increased penalties for computer crimes, rules that would allow the private sector to commiserate with the Department of Homeland Security on cyber-security issues, and cyber-security audits for critical infrastructure providers.

For more from Chloe, follow her on Twitter @ChloeAlbanesius.

For the top stories in tech, follow us on Twitter at @PCMag.