Feeds

NSA-friendly cyber-slurp law CISPA back on the table with new Senate bill

Unsurprisingly with spooks' full support

Designing a Defense for Mobile Applications

The Cyber Intelligence Sharing and Protection Act (CISPA), which allows private companies to share customer information with the NSA and others in the name of cybersecurity, is back on the legislative agenda.

Senator Dianne Feinstein (D-CA) today confirmed the draft law would be brought before the US Senate.

"I am working with Senator Saxby Chambliss (R-GA) on bipartisan legislation to facilitate the sharing of cyber related information among companies and with the government and to provide protection from liability," Senator Feinstein told Mother Jones in a statement. "The legislation will ... still maintain necessary privacy protections."

The outgoing head of the NSA and US Cyber Command General Keith Alexander is a strong supporter of CISPA. Earlier this month he told the Telecommunications Industry Association’s annual conference that the legislation was essential to protect the functioning of businesses by heading off online attacks, citing the vulnerability of Wall Street to outside hacking as an example.

CISPA has had a rocky legislative road so far. Originally introduced to the US House of Representatives back in 2011, the act was crafted to allow government departments to share intelligence about online threats with commercial companies. In exchange, those companies had the option of handing over either anonymized or identifiable information about their customers, with full legal immunity.

The initial bill was passed by the House but was shot down in the Senate by a Republican filibuster. Then it was reintroduced in February and passed by 288-127 votes. However, President Obama warned that he might veto the legislation as it stood, citing privacy concerns.

After NSA whistleblower Edward Snowden started leaking details about Uncle Sam's extensive communications surveillance operations, any further progress with the legislation was shelved – but now it appears Senator Feinstein feels the time is right to get it back in play. If the Senate passes the new law then the President will have to decide whether or not to exercise his veto.

The Senate version of CISPA is still being drafted, so the privacy protections (or lack thereof) that caused concern may yet be addressed. In the last round of politicking, companies including Google and Facebook spoke out in its favor, although back then no one knew that they were already passing information to the NSA under the PRISM project.

That said, there is a valid case for legislation that would allow greater information sharing between government and commerce about the latest computer security threats – currently there's no legal framework for doing so. Once the proposed legislation is published privacy advocates will be poring over it to determine if safeguards are strong enough to make the payoff of better security for all worthwhile. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
LightSquared backer sues FCC over spectrum shindy
Why, we might as well have been buying AIR
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.