Top 5 Stories


House plans CISPA privacy safeguard amendments

09 April 2013

The US House Intelligence Committee is planning to amend the Cyber Intelligence Sharing and Protection Act (CISPA), in order to add more privacy safeguards and win broad support for the measure, including from President Obama.

No fewer than five amendments to the bill will be spearheaded by Committee Chairman Mike Rogers (R-Mich.) and C.A. “Dutch” Ruppersberger (D- Md.). These include ensuring that any cybersecurity information gathered by companies can be used for threat mitigation and protection measures, not for marketing. And, most notably, firms’ legal immunity is being minimized.

Whereas the bill as written gives corporations protection from lawsuits should the information they turn over to the government be harmful to individuals, the amended measure would deny that legal protection should they use cyber threat information to hack each other. There will also be an oversight component, with the creation of new roles for the government’s privacy and civil liberties board and federal privacy officers to review how any gathered information is used and shared.

“The improvements that we plan to make to the bill at the markup will address several of the administration’s concerns,” Rogers told reporters. “And we plan to keep talking and moving toward a consensus that will allow us to get the bill signed into law.”

The Intelligence Committee will vote on the amendments on April 10.

The Committee is hopeful that it will get an iteration of the bill passed, and soon. Obama threatened to veto the bill last year partly over privacy concerns, but CISPA was recently reintroduced in the House of Representatives by Rogers and Ruppersberger. Obama also passed an executive order earlier in the year mandating more information sharing between the private and public sectors.

CISPA calls for more information sharing between the private and public sectors, and offers legal protections for companies delivering personal information about customers to defense entities for the purpose of preventing or mitigating attacks on critical infrastructure. The details as to the extent of that personal information and the exact role of the government entities involved, like the Department of Homeland Security, have been called into question.

This article is featured in:
Compliance and Policy  •  Industry News  •  Internet and Network Security  •  Malware and Hardware Security  •  Public Sector


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×