EPIC Urges Privacy Safeguards for Defense Department Cybersecurity Program

EPIC has submitted comments to the Department of Defense, urging the agency to protect individual privacy when it obtains detailed information about Internet users from the private sector. Under current Department regulations, companies are encouraged to provide information about Internet users that may relate to "cyber incidents" and cyber "threats."This is similar to a controversial provision in Cyber Intelligence Information Protection Act ("CISPA"). EPIC recommended that the agency revise the regulations for the "Cyber Security and Information Assurance" program so that: (1) the program remain voluntary, (2) "cyber incident" and "threat" are narrowly defined, (3) liability is imposed on private companies for disclosing excess user information, (4) the Attorney General conduct annual audits, and (5) the agency adheres to federal privacy laws. EPIC also warned the agency to fully comply with the Freedom of Information Act, which has provided the public with important information about network security.

Please see full comments below for more information.

LOADING PDF: If there are any problems, click here to download the file.