Feeds

CISPA cybersecurity legislation vote due in next 48 hours

All your data are belong to us

Choosing a cloud hosting partner with confidence

The US House of Representatives has scheduled to vote on the Cyber Intelligence Sharing and Protection Act (CISPA) for Wednesday or Thursday, and the pro and anti camps are marshaling their forces to try and sway the result.

CISPA, or H.R. 624 to give it its proper name, sets up a framework for government agencies to share attack information with private companies to help mitigate attacks. But it also overrides all existing computer privacy legislation by allowing the companies to share personal information with the government - anonymized or not - to help with "cybersecurity purposes," and be immune from prosecution if they do.

It's this latter side of the legislation that has some people's backs up, and a coalition of 34 privacy and online groups have banded together to try and stop the legislation. Supporters (who include Facebook, Microsoft and Intel) point out that alterations have been made to safeguard private information as much as possible, but the coalition isn't impressed.

"Although some amendments were adopted in markup to improve the bill's privacy safeguards, these amendments were woefully inadequate to cure the civil liberties threats posed by this bill," they said in an open letter.

"In particular, we remain gravely concerned that despite the amendments, this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, including with military agencies."

This is the second outing for CISPA. It was originally introduced by representatives Mike Rogers (R-MI) and "Dutch" Ruppersberger (D-MD) last year and was passed by the House of Representatives last April by a vote of 248 to 168. The lack of privacy protections in this bill prompted the White House to sort-of threaten to veto the legislation, but as it turns out there was never a need to.

In August CISPA was scuppered by a Republican filibuster in the Senate, along with the addition of amendments on abortion, gun control, and Senate minority leader Mitch McConnell's (R-Kentucky) attempt to repeal the Affordable Care Act. The bill looked dead and buried but in January its sponsors brought it back from the dead.

Initially CISPA v2.0 was exactly the same bill, but some amendments have since been made by the House Permanent Select Committee on Intelligence, who met in a secret session to discuss the bill and passed the changes on an 18-2 vote.

One amendment requires the Inspector General and the Privacy and Civil Liberties Oversight Board to regularly report on how the government's use of CISPA is impacting privacy, while another requires information to only be gathered for a "cybersecurity purpose" rather than the previous catch-all of "national security."

But privacy groups are still unsatisfied with the lack of oversight for commercial concerns that do hand over customer information on request, and the remaining broad terminology still found in parts of the bill. Failed amendments included seeking to alter company's immunity from customer lawsuits and making the Department of Homeland Security the recipient of data rather than the NSA.

The bill has strong support from the technology industry, not least because the regulations are much less onerous than alternative legislation. Co-sponsor Mike Rogers said that the amended bill will provide security without compromising privacy.

"This bill takes a solid step toward helping American businesses protect their networks from these cyber looters," he said. "Through hard work and compromise, we have produced a balanced bill that provides strong protections for privacy and civil liberties, while enabling effective cyber-threat sharing."

It looks likely at this stage that CISPA will pass a vote in the House, but given the convoluted state of American politics then that's just the start of the process. The Senate has to devise legislation and vote on the matter, and then the White House will take a look – but isn't keen on the legislation as it stands.

"We continue to believe that information sharing improvements are essential to effective legislation, but they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections," Caitlin Hayden, a National Security Council spokeswoman, told the LA Times.

"We believe the adopted committee amendments reflect a good-faith effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities."

President Obama seems to be getting that the security situation needs attention, as envisaged by his Executive Order in January. But CISPA as it stands has a long and rocky road ahead, even if it does pass the House of Representatives. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
America's super-secret X-37B plane returns to Earth after nearly TWO YEARS aloft
674 days in space for US Air Force's mystery orbital vehicle
10 Top Tips For PRs Considering Whether To Phone The Register
You'll Read These And LOL Even Though They're Serious
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.