A digital civil liberties group this week issued a stinging criticism of new cyber info sharing guidelines from the Department of Homeland Security.
{mosads}The guidance, released last week, is part of the implementation of a controversial cybersecurity law intended to boost data sharing between the government and business.
“The guidance fails to address many of the foundational issues in the law itself, and we remain concerned that [the Cybersecurity Information Sharing Act] will result in the sharing of sensitive personal information [that] could then be used for purposes that go far beyond ‘cybersecurity,’” the Center for Democracy and Technology (CDT) said in a Wednesday report.
The group opposed the passage of the law last year.
The four DHS guidelines cover how private organizations can share cyber threat indicators among themselves and with the federal government and how the government can receive and share those indicators.
The CDT criticized all four. It argued that while some progress had been made to address privacy and civil liberties concerns, the guidance failed to address its core concern with the law.
“The guidelines remain a mixed bag, which is perhaps understandable given the inherent flaws in CISA,” the group wrote. “None of the guidelines address one baseline issue — the overly permissive ‘use’ provision that allows cybersecurity information to be shared and then used for non-cybersecurity purposes.”