“CISPA” is an acronym that stands for the Cyber Intelligence Sharing and Protection Act (House Resolution 624), a Congressional bill that would afford legal protection to the government and businesses to share data with each other on cyber threats. CISPA passed the U.S. House of Representatives on Thursday, April 18, and will soon be voted on in the Senate. As compiled by CNET, here are the bill’s key provisions:
“Notwithstanding any other provision of law , a self-protected entity may, for cybersecurity purposes — (i) use cybersecurity systems to identify and obtain cyberthreat information to protect the rights and property of such self-protected entity; and (ii) share such cyberthreat information with any other entity, including the Federal Government …
“The term 'self-protected entity' means an entity, other than an individual, that provides goods or services for cybersecurity purposes to itself.”
There is, of course, plenty of analysis as to what this legalese means. Dan Gillmor wrote on The Guardia n’s website t hat t he bill’s “main goal, purportedly, is to help the nation protect itself from malicious hackers, criminal and governmental. It invites companies like internet service providers to share information so they can coordinate defenses. Worthy ideas in the abstract, but horrible in the details: cyber-security is a genuine concern, as we've seen repeatedly. But this bill is easily the worst attack on the open internet since the infamous Stop Online Piracy Act (Sopa), an online censorship bill that was killed in the wake of widespread opposition early last year.”
On the other side of the issue, the House Intelligence Committee chairman Mike Rogers, CISPA's author, says allowing U.S. companies to share types of data with the National Security Agency will allow them to fend off “cyber looters.”
Declan McCullagh of CNET observed, “The primary reason CISPA is so contentious is that it overrides every other state and federal law on the books, including laws dealing with e-mail privacy, when authorizing companies to share data with the feds. Data that can be shared includes broad categories of information relating to security vulnerabilities, network uptime, intrusion attempts, and denial-of-service attacks, with no limit on including personal data.”
The bill’s future appears as iffy as SOPA’s did last year. Although CISPA passed the U.S. House of Representatives, it faces probably the same opposition SOPA faced in the Senate. In fact, if discussion of CISPA seems like déjà vu, the bill passed the House of Representatives last year as well. Last April, as reported on Electronic Products’ website, the Information Technology Industry Council (ITI), a leading technology sector trade association, applauded the House vote on the bill the organization called “vital to our national security and economic vitality.”
“Cybersecurity is personal security,” ITI said in its statement. “Personal information – names, addresses, Social Security numbers, credit card info, and so on – represented 95 percent of all the data compromised by cyber intrusion last year. Every second, 14 adults fall victim to cybercrime. These bills, and especially CISPA, would help to create a fast, flexible, forward-thinking cybersecurity defense that is prepared to meet the threats we face.
SOPA’s aim was a bit different from CISPA’s, to crack down on copyright infringement by overseas websites. President Obama has promised that if CISPA reaches his desk he will veto it because of privacy concerns. Here’s part of the statement the President released on the subject:
“ H.R. 624 appropriately requires the Federal Government to protect privacy when handling cybersecurity information. Importantly, the Committee removed the broad national security exemption, which significantly weakened the restrictions on how this information could be used by the government. The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately.”
CISPA does have its proponents. Such companies as IBM and Intel say the bill’s provisions will help America defend itself against attempts by hackers to penetrate vital infrastructure and pinch companies’ intellectual property, The Economist writes . CISPA’s critics include Facebook; Microsoft; the Electronic Frontier Foundation, a digital-rights group; and Mozilla, the maker of the Firefox web browser. A spokesperson for Facebook said that the social media site prefer s a legislative “balance” that ensures “the privacy of our users.” Mozilla argues that a law could achieve cybersecurity “without riding roughshod over privacy laws designed to prevent the government getting its hands on citizens’ private data without proper judicial oversight.”
“CISPA aims to encourage intelligence-sharing. Companies and spooks often remain silent about cyber-threats because they fear that sharing the details might land them in legal hot water. But this makes it much harder to hunt hackers and defend power grids and other infrastructure against online assaults. The bill encourages both groups to be more forthcoming by offering them an exemption from civil and criminal liability when gathering and sharing data about cyber-threats. ”
Sources
http://www.guardian.co.uk/commentisfree/2013/apr/18/cispa-2013-house-vote-internet-privacy
http://www.whitehouse.gov/sites/default/files/omb/legislative/sap/113/saphr624r_20130416.pdf
http://www.economist.com/blogs/democracyinamerica/2013/04/cyber-security
Advertisement
Learn more about Electronic Products Magazine
