CISPA passes House amid continued concerns over inadequate privacy safeguards

Share this article:
"Aaron's Law," to amend the CFAA, introduced in Congress
"Aaron's Law," to amend the CFAA, introduced in Congress

Despite a White House threat to veto a controversial information-sharing bill, the House of Representatives has pushed the Cyber Intelligence Sharing and Protection Act forward.

On Thursday, the House passed CISPA, which implements formalized protocols for sharing cyber intelligence information among the U.S. government and the private sector, in a 288-127 vote. Ninety-two Democrats voted in favor of the bill, a notable increase from last year's version of CISPA, which garnered only 42 Democratic votes in the House.

Last year's bill never was taken up by the Senate, a hurdle it now faces again, along with a signature from President Obama, before being enacted. Two days earlier, the White House expressed longstanding concerns about the bill's privacy.

This year's version of the bill, which cleared the House Intelligence Committee last Wednesday, features a number of revisions from when the legislation was first re-introduced. But to the chagrin of privacy advocates, some of the bill's toughest privacy amendments did not make their way into the final iteration of the bill.

Critics of CISPA wanted the bill to include limited liability protection for companies sharing intelligence with the government, and requirements that personal information be eliminated from threat data prior to it being shared. Supporters believe it's necessary to counter increasingly advanced threats, such as those emanating from China, Iran, Russia and elsewhere.

Rainey Reitman, activism director at the digital rights advocacy group Electronic Frontier Foundation, explained her problems with CISPA during a Reddit discussion held 10 days ago:

"Congress wants to appear as if it's doing 'something' about internet security," she wrote. "But the truth is that the proposals they're suggesting don't address most of the major network security issues. From social engineering to two-step authentication, from the broken CA [certificate authority] system to encrypting the web, there are concrete and real issues around network security that can and should be addressed (though a lot of them aren't legislative solutions). Instead of grappling with these issues, Congress is trying to push an information 'sharing' bill that would undermine existing privacy laws."

Meanwhile, on Tuesday, the House approved two separate cyber security bills. One, which updated the Federal Information Security Amendments Act, requiring federal agencies to appoint a CISO, as well as to create and document policies and procedures related to information security. The Cybersecurity Enhancement Act of 2013 was also passed. It supports cyber security research, education and workforce development through grants dispersed by the National Science Foundation.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.