Feeds

CISPA cybersecurity legislation vote due in next 48 hours

All your data are belong to us

Intelligent flash storage arrays

The US House of Representatives has scheduled to vote on the Cyber Intelligence Sharing and Protection Act (CISPA) for Wednesday or Thursday, and the pro and anti camps are marshaling their forces to try and sway the result.

CISPA, or H.R. 624 to give it its proper name, sets up a framework for government agencies to share attack information with private companies to help mitigate attacks. But it also overrides all existing computer privacy legislation by allowing the companies to share personal information with the government - anonymized or not - to help with "cybersecurity purposes," and be immune from prosecution if they do.

It's this latter side of the legislation that has some people's backs up, and a coalition of 34 privacy and online groups have banded together to try and stop the legislation. Supporters (who include Facebook, Microsoft and Intel) point out that alterations have been made to safeguard private information as much as possible, but the coalition isn't impressed.

"Although some amendments were adopted in markup to improve the bill's privacy safeguards, these amendments were woefully inadequate to cure the civil liberties threats posed by this bill," they said in an open letter.

"In particular, we remain gravely concerned that despite the amendments, this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, including with military agencies."

This is the second outing for CISPA. It was originally introduced by representatives Mike Rogers (R-MI) and "Dutch" Ruppersberger (D-MD) last year and was passed by the House of Representatives last April by a vote of 248 to 168. The lack of privacy protections in this bill prompted the White House to sort-of threaten to veto the legislation, but as it turns out there was never a need to.

In August CISPA was scuppered by a Republican filibuster in the Senate, along with the addition of amendments on abortion, gun control, and Senate minority leader Mitch McConnell's (R-Kentucky) attempt to repeal the Affordable Care Act. The bill looked dead and buried but in January its sponsors brought it back from the dead.

Initially CISPA v2.0 was exactly the same bill, but some amendments have since been made by the House Permanent Select Committee on Intelligence, who met in a secret session to discuss the bill and passed the changes on an 18-2 vote.

One amendment requires the Inspector General and the Privacy and Civil Liberties Oversight Board to regularly report on how the government's use of CISPA is impacting privacy, while another requires information to only be gathered for a "cybersecurity purpose" rather than the previous catch-all of "national security."

But privacy groups are still unsatisfied with the lack of oversight for commercial concerns that do hand over customer information on request, and the remaining broad terminology still found in parts of the bill. Failed amendments included seeking to alter company's immunity from customer lawsuits and making the Department of Homeland Security the recipient of data rather than the NSA.

The bill has strong support from the technology industry, not least because the regulations are much less onerous than alternative legislation. Co-sponsor Mike Rogers said that the amended bill will provide security without compromising privacy.

"This bill takes a solid step toward helping American businesses protect their networks from these cyber looters," he said. "Through hard work and compromise, we have produced a balanced bill that provides strong protections for privacy and civil liberties, while enabling effective cyber-threat sharing."

It looks likely at this stage that CISPA will pass a vote in the House, but given the convoluted state of American politics then that's just the start of the process. The Senate has to devise legislation and vote on the matter, and then the White House will take a look – but isn't keen on the legislation as it stands.

"We continue to believe that information sharing improvements are essential to effective legislation, but they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections," Caitlin Hayden, a National Security Council spokeswoman, told the LA Times.

"We believe the adopted committee amendments reflect a good-faith effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities."

President Obama seems to be getting that the security situation needs attention, as envisaged by his Executive Order in January. But CISPA as it stands has a long and rocky road ahead, even if it does pass the House of Representatives. ®

Internet Security Threat Report 2014

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.