<b><i>Online Exclusive</b></i> Controversial Cybersecurity Bill Passes in House

Congress is once again pushing forward on a controversial bill to bolster the nation's cybersecurity, which could end up changing how law firms and their clients respond to online threats.

The House passed the Cyber Intelligence Sharing and Protection Act (CISPA) on April 18, sending the legislation to the Senate. The bill would allow 'cybersecurity entities' ' an intentionally broad term that includes law firms and business that they represent ' to share cyber threat information with the intelligence community.

In return, the bill addresses some key concerns of law firms about turning over information about attacks to the government, says Jerry Ferguson, a co-chairman of Baker & Hostetler's national privacy and data-protection practice.

For instance, the bill would protect the information from being disclosed in public records requests under the Freedom of Information Act, and provides some liability protection from civil or criminal cause of actions for those sharing cyberthreat information in good faith.

Larger law firms and smaller sophisticated firms are significant repositories of clients' important information and are targets of cyberattacks. 'It's already started, the hackers are now looking for soft targets,' Ferguson says. 'They're looking at companies that do business with the Fortune 50 and seeing if the information can be obtained there.'

Senate Democrats and the White House have already objected to the bill, while privacy groups have warned that it would erode privacy by allowing companies to turn over personal information to the government.

'This bill undermines the privacy of millions of Internet users,' Rainey Reitman, Electronic Frontier Foundation's activism director, said in a written statement. 'Hundreds of thousands of Internet users opposed this bill, joining the White House and Internet security experts in voicing concerns about the civil liberties ramifications of CISPA.'

Because of that, the bill will probably be debated for several months, and law firms will be watching closely for the effect on clients, Ferguson says. He doesn't see the legislation becoming law in current form, but that it could if the Senate insists on greater civil liberties protections. 'I think it's going to go through a lot of negotiation before it lands on the president's desk, if it gets that far.'

The bill is now pending before the Senate Intelligence Committee.

[UPDATE: According to an April 25 report in US News, CISPA will not be taken up for a vote by the Senate.'"We're not taking [CISPA] up,”'a representative of the U.S. Senate Committee on Commerce, Science and Transportation'says. “Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we're going to strengthen cybersecurity. They'll be drafting separate bills.”'Sen. Jay Rockefeller (D-WV), chairman of the committee, said the passage of CISPA was “important,” but said the bill's “privacy protections are insufficient.” See, ACLU: CISPA Is Dead (For Now), Us News.]

Todd Ruger is a Reporter for The National Law Journal, an ALM affiliate of Internet Law & Strategy.

Congress is once again pushing forward on a controversial bill to bolster the nation's cybersecurity, which could end up changing how law firms and their clients respond to online threats.

The House passed the Cyber Intelligence Sharing and Protection Act (CISPA) on April 18, sending the legislation to the Senate. The bill would allow 'cybersecurity entities' ' an intentionally broad term that includes law firms and business that they represent ' to share cyber threat information with the intelligence community.

In return, the bill addresses some key concerns of law firms about turning over information about attacks to the government, says Jerry Ferguson, a co-chairman of Baker & Hostetler's national privacy and data-protection practice.

For instance, the bill would protect the information from being disclosed in public records requests under the Freedom of Information Act, and provides some liability protection from civil or criminal cause of actions for those sharing cyberthreat information in good faith.

Larger law firms and smaller sophisticated firms are significant repositories of clients' important information and are targets of cyberattacks. 'It's already started, the hackers are now looking for soft targets,' Ferguson says. 'They're looking at companies that do business with the Fortune 50 and seeing if the information can be obtained there.'

Senate Democrats and the White House have already objected to the bill, while privacy groups have warned that it would erode privacy by allowing companies to turn over personal information to the government.

'This bill undermines the privacy of millions of Internet users,' Rainey Reitman, Electronic Frontier Foundation's activism director, said in a written statement. 'Hundreds of thousands of Internet users opposed this bill, joining the White House and Internet security experts in voicing concerns about the civil liberties ramifications of CISPA.'

Because of that, the bill will probably be debated for several months, and law firms will be watching closely for the effect on clients, Ferguson says. He doesn't see the legislation becoming law in current form, but that it could if the Senate insists on greater civil liberties protections. 'I think it's going to go through a lot of negotiation before it lands on the president's desk, if it gets that far.'

The bill is now pending before the Senate Intelligence Committee.

[UPDATE: According to an April 25 report in US News, CISPA will not be taken up for a vote by the Senate.'"We're not taking [CISPA] up,”'a representative of the U.S. Senate Committee on Commerce, Science and Transportation'says. “Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we're going to strengthen cybersecurity. They'll be drafting separate bills.”'Sen. Jay Rockefeller (D-WV), chairman of the committee, said the passage of CISPA was “important,” but said the bill's “privacy protections are insufficient.” See, ACLU: CISPA Is Dead (For Now), Us News.]

Todd Ruger is a Reporter for The National Law Journal, an ALM affiliate of Internet Law & Strategy.