Bill passes but faces tough road ahead, with White Office threatening a veto
The US House of Representatives yesterday gave its backing to a controversial bill in the US, which some claim is an attack on citizens’ privacy.
The Cyber Intelligence Sharing and Protection Act (CISPA) was passed with a vote of 288 to 127.
CISPA is designed to improve American defences against online threats, but opponents claim it will let US authorities spy on communications and pass sensitive personal data between different government departments.
The Act would allow companies to share data “with any other entity, including the federal government”, as long as they do not breach any other law in doing so. Opponents are fearful of such language, believing it opens the way for excessive personal data exchange without the right checks and balances.
CISPA privacy threat
CISPA was passed by the House last year, but came unstuck in the Senate and privacy advocates are hoping the same will happen again. President Obama’s aides have previously indicated he would veto the Act anyway.
“CISPA is a poorly drafted bill that would provide a gaping exception to bedrock privacy law,” said the Electronic Frontier Foundation’s senior staff attorney Kurt Opsahl. “While we all agree that our nation needs to address pressing Internet security issues, this bill sacrifices online privacy while failing to take common-sense steps to improve security.”
Michelle Richardson, a legislative counsel at the American Civil Liberties Union, added: “CISPA is an extreme proposal that allows companies that hold our very sensitive information to share it with any company or government entity they choose, even directly with military agencies like the NSA, without first stripping out personally identifiable information.”
But sponsors of the bill believe CISPA will give companies the tools they need to protect themselves against cyber espionage, something that has been plaguing US firms in a broad range of industries.
Kaspersky recently uncovered a widespread attack on gaming companies, whilst UK firms are being targeted by a “magic” malware that has infected systems for the past 11 months, in what appears to be the reconnaissance phase of an espionage campaign.
Sponsors also say it is a myth that CISPA would allow for any wide-ranging government surveillance programme.
“Our nation is one step closer to making a real difference protecting our country from a catastrophic cyber attack,” said US Congressman Dutch Ruppersberger.
“ISPA recognises that you can’t have true security without privacy, and you can’t have privacy without security. This bill effectively works to protect both. I look forward to seeing it taken up in the Senate.”
Are you a pedant on privacy? Try our quiz!