Feeds

CISPA cybersecurity legislation vote due in next 48 hours

All your data are belong to us

Security for virtualized datacentres

The US House of Representatives has scheduled to vote on the Cyber Intelligence Sharing and Protection Act (CISPA) for Wednesday or Thursday, and the pro and anti camps are marshaling their forces to try and sway the result.

CISPA, or H.R. 624 to give it its proper name, sets up a framework for government agencies to share attack information with private companies to help mitigate attacks. But it also overrides all existing computer privacy legislation by allowing the companies to share personal information with the government - anonymized or not - to help with "cybersecurity purposes," and be immune from prosecution if they do.

It's this latter side of the legislation that has some people's backs up, and a coalition of 34 privacy and online groups have banded together to try and stop the legislation. Supporters (who include Facebook, Microsoft and Intel) point out that alterations have been made to safeguard private information as much as possible, but the coalition isn't impressed.

"Although some amendments were adopted in markup to improve the bill's privacy safeguards, these amendments were woefully inadequate to cure the civil liberties threats posed by this bill," they said in an open letter.

"In particular, we remain gravely concerned that despite the amendments, this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, including with military agencies."

This is the second outing for CISPA. It was originally introduced by representatives Mike Rogers (R-MI) and "Dutch" Ruppersberger (D-MD) last year and was passed by the House of Representatives last April by a vote of 248 to 168. The lack of privacy protections in this bill prompted the White House to sort-of threaten to veto the legislation, but as it turns out there was never a need to.

In August CISPA was scuppered by a Republican filibuster in the Senate, along with the addition of amendments on abortion, gun control, and Senate minority leader Mitch McConnell's (R-Kentucky) attempt to repeal the Affordable Care Act. The bill looked dead and buried but in January its sponsors brought it back from the dead.

Initially CISPA v2.0 was exactly the same bill, but some amendments have since been made by the House Permanent Select Committee on Intelligence, who met in a secret session to discuss the bill and passed the changes on an 18-2 vote.

One amendment requires the Inspector General and the Privacy and Civil Liberties Oversight Board to regularly report on how the government's use of CISPA is impacting privacy, while another requires information to only be gathered for a "cybersecurity purpose" rather than the previous catch-all of "national security."

But privacy groups are still unsatisfied with the lack of oversight for commercial concerns that do hand over customer information on request, and the remaining broad terminology still found in parts of the bill. Failed amendments included seeking to alter company's immunity from customer lawsuits and making the Department of Homeland Security the recipient of data rather than the NSA.

The bill has strong support from the technology industry, not least because the regulations are much less onerous than alternative legislation. Co-sponsor Mike Rogers said that the amended bill will provide security without compromising privacy.

"This bill takes a solid step toward helping American businesses protect their networks from these cyber looters," he said. "Through hard work and compromise, we have produced a balanced bill that provides strong protections for privacy and civil liberties, while enabling effective cyber-threat sharing."

It looks likely at this stage that CISPA will pass a vote in the House, but given the convoluted state of American politics then that's just the start of the process. The Senate has to devise legislation and vote on the matter, and then the White House will take a look – but isn't keen on the legislation as it stands.

"We continue to believe that information sharing improvements are essential to effective legislation, but they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections," Caitlin Hayden, a National Security Council spokeswoman, told the LA Times.

"We believe the adopted committee amendments reflect a good-faith effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities."

President Obama seems to be getting that the security situation needs attention, as envisaged by his Executive Order in January. But CISPA as it stands has a long and rocky road ahead, even if it does pass the House of Representatives. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.