CISPA passes House amid continued concerns over inadequate privacy safeguards
"Aaron's Law," to amend the CFAA, introduced in Congress
Despite a White House threat to veto a controversial information-sharing bill, the House of Representatives has pushed the Cyber Intelligence Sharing and Protection Act forward.
On Thursday, the House passed CISPA, which implements formalized protocols for sharing cyber intelligence information among the U.S. government and the private sector, in a 288-127 vote. Ninety-two Democrats voted in favor of the bill, a notable increase from last year's version of CISPA, which garnered only 42 Democratic votes in the House.
Last year's bill never was taken up by the Senate, a hurdle it now faces again, along with a signature from President Obama, before being enacted. Two days earlier, the White House expressed longstanding concerns about the bill's privacy.
This year's version of the bill, which cleared the House Intelligence Committee last Wednesday, features a number of revisions from when the legislation was first re-introduced. But to the chagrin of privacy advocates, some of the bill's toughest privacy amendments did not make their way into the final iteration of the bill.
Critics of CISPA wanted the bill to include limited liability protection for companies sharing intelligence with the government, and requirements that personal information be eliminated from threat data prior to it being shared. Supporters believe it's necessary to counter increasingly advanced threats, such as those emanating from China, Iran, Russia and elsewhere.
Rainey Reitman, activism director at the digital rights advocacy group Electronic Frontier Foundation, explained her problems with CISPA during a Reddit discussion held 10 days ago:
"Congress wants to appear as if it's doing 'something' about internet security," she wrote. "But the truth is that the proposals they're suggesting don't address most of the major network security issues. From social engineering to two-step authentication, from the broken CA [certificate authority] system to encrypting the web, there are concrete and real issues around network security that can and should be addressed (though a lot of them aren't legislative solutions). Instead of grappling with these issues, Congress is trying to push an information 'sharing' bill that would undermine existing privacy laws."
Meanwhile, on Tuesday, the House approved two separate cyber security bills. One, which updated the Federal Information Security Amendments Act, requiring federal agencies to appoint a CISO, as well as to create and document policies and procedures related to information security. The Cybersecurity Enhancement Act of 2013 was also passed. It supports cyber security research, education and workforce development through grants dispersed by the National Science Foundation.