The controversial Lieberman-Collins Cybersecurity Act has been scrapped and replaced by a new bill that online rights advocates still consider unnecessary, but which they also acknowledge is a vast improvement on the slew of other bills that have cropped up in recent months.
Thankfully, the Electronic Frontier Foundation, which played an instrumental role in raising awareness about and ensuring that none of the previous bills would become law, read through the 211-page Cybersecurity Act of 2012 [PDF] and published a guide highlighting the privacy protections built into it.
According to the EFF, the latest bill would place civilian agencies in charge of protecting U.S. networks, rather than ceding that responsibility to the National Security Agency, whose warrantless wiretapping program has been a thorn in the side of civil rights and privacy advocates for more than a decade.
The bill also does away with its predecessor’s broad definitions regarding data-sharing between law enforcement and Internet service providers. The new bill would only allow the government to receive data that pertains to “a cybersecurity crime investigation,” “an imminent threat of death or serious bodily harm,” or “a serious threat to minors, like sexual exploitation and threats to physical safety.”
The Cyberecurity Act of 2012 also ensures that prosecutors would not be allowed to use data collected through cybersecurity programs to prosecute unrelated crimes and that free speech and terms of service violations will not constitute a “cybersecurity threat.”
Still, the EFF remains skeptical and is concerned about certain language in the bill that they claim could be abused by “an overzealous ISP,” particularly that language which relates to monitoring and countermeasures.
The EFF claims that the bill’s supporters may yet try to stir up fear about catastrophic cybersecurity scenarios in order to strip the bill of its privacy protections. The bill goes to the Senate floor next week.