Feeds

NSA-friendly cyber-slurp law CISPA back on the table with new Senate bill

Unsurprisingly with spooks' full support

The essential guide to IT transformation

The Cyber Intelligence Sharing and Protection Act (CISPA), which allows private companies to share customer information with the NSA and others in the name of cybersecurity, is back on the legislative agenda.

Senator Dianne Feinstein (D-CA) today confirmed the draft law would be brought before the US Senate.

"I am working with Senator Saxby Chambliss (R-GA) on bipartisan legislation to facilitate the sharing of cyber related information among companies and with the government and to provide protection from liability," Senator Feinstein told Mother Jones in a statement. "The legislation will ... still maintain necessary privacy protections."

The outgoing head of the NSA and US Cyber Command General Keith Alexander is a strong supporter of CISPA. Earlier this month he told the Telecommunications Industry Association’s annual conference that the legislation was essential to protect the functioning of businesses by heading off online attacks, citing the vulnerability of Wall Street to outside hacking as an example.

CISPA has had a rocky legislative road so far. Originally introduced to the US House of Representatives back in 2011, the act was crafted to allow government departments to share intelligence about online threats with commercial companies. In exchange, those companies had the option of handing over either anonymized or identifiable information about their customers, with full legal immunity.

The initial bill was passed by the House but was shot down in the Senate by a Republican filibuster. Then it was reintroduced in February and passed by 288-127 votes. However, President Obama warned that he might veto the legislation as it stood, citing privacy concerns.

After NSA whistleblower Edward Snowden started leaking details about Uncle Sam's extensive communications surveillance operations, any further progress with the legislation was shelved – but now it appears Senator Feinstein feels the time is right to get it back in play. If the Senate passes the new law then the President will have to decide whether or not to exercise his veto.

The Senate version of CISPA is still being drafted, so the privacy protections (or lack thereof) that caused concern may yet be addressed. In the last round of politicking, companies including Google and Facebook spoke out in its favor, although back then no one knew that they were already passing information to the NSA under the PRISM project.

That said, there is a valid case for legislation that would allow greater information sharing between government and commerce about the latest computer security threats – currently there's no legal framework for doing so. Once the proposed legislation is published privacy advocates will be poring over it to determine if safeguards are strong enough to make the payoff of better security for all worthwhile. ®

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.