Civil Libertarians are in a dither again, this time over new disclosure provisions for Internet service providers that are contained within the recently signed Homeland Security Act (HSA). Civil Libertarians are in a dither again, this time over new disclosure provisions for Internet service providers that are contained within the recently signed Homeland Security Act (HSA). Before the ink was even dry on President Bush’s signature, Civil Libertarians and legal experts were sounding alarms about Section 225 of the HSA. That section contains the controversial Cyber Security Enhancement Act (CSEA), initially introduced by Rep. Lamar Smith, a Republican from Texas.Designed to strengthen sentencing guidelines for computer crimes that result in death or physical injury to others, the CSEA includes a number of provisions that loosen disclosure laws for ISPs and other companies that communicate online.Previously, ISPs and other companies that store electronic communications were required to disclose confidential information only when presented with probable causethe fourth amendment guarantee that the information is connected to a crime and is likely to be found at the search site. Under the HSA, however, companies can disclose information based on the good faith belief of “an emergency involving danger of death or serious physical injury to any person”a loose requirement that relies in this case on the discretion of the ISP.Brad Bennett, communications director for Rep. Smith’s Washington office, says that security officers shouldn’t be confused by the vague wording of the CSEA. “We’re talking about emergency situations,” he says. “The last thing we want is for something untoward to happen because an ISP was afraid to act based on liability.”But Bennett was less clear on what types of situations should prompt CSOs or other IT staff to report incidents.“CSOs are probably better qualified to know when a situation isn’t right or when they should be more vigilant. They know systems and danger signs,” Bennett says.Legal experts and Civil Libertarians worry that the murky language of the law will encourage government abuses. Also unclear is what types of companies are covered by the new disclosure laws.Bennett said that only ISPs would be affected. But Lee Tien, senior staff attorney at the Electronic Frontier Foundation, says the new laws could be applied to a broad range of companies.While not compelling companies to divulge information, the CSEA is a testament to the shift in public sentiment about privacy that has occurred since Sept. 11, according to Tien. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe