CISPA to return this Wednesday

It will apparently be identical to the bill that was effectively stopped last year by a combination of popular activism and the threat of a presidential veto. The bill is designed to allow easier threat data sharing between industry and the intelligence agencies by, among other things, removing the threat of legal action for disclosing personal data within that threat information. 

Rogers and Ruppersberger have been emboldened by the recent publicity surrounding the hacks of the New York Times, the Washington Post and the Wall Street Journal, and the ongoing attacks against US banks. “American businesses are under siege", said Rogers. "We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats.  It is time to stop admiring this problem and deal with it immediately.”

But civil liberties groups are as concerned now as they were last year. It’s the same bill, warns Michelle Richardson, Legislative Counsel with the ACLU, “that lets the government use the information it collects for cybersecurity purposes ‘to protect the national security of the United States’ – a concept that is, of course, undefined and incredibly expansive... If the House wants smart cyber legislation that also protects privacy, it needs to ensure that the programs are civilian-led, minimize the sharing of sensitive personal information between government and corporations, and protect collected information from non-cyber uses.”

Opponents of the bill will undoubtedly use the words of activist Aaron Swartz who killed himself last month. It “sort of lets the government run roughshod over privacy protections and share personal data about you, take it from Facebook and Internet providers and use it without the normal privacy protections that are in the law,” he said. “The thing about this bill is it doesn’t really have any protections against cyber threats. All it does is make people share their information. But that’s not going to solve the problem. What’s going to solve the problem is actual security measures, protecting the service in the first place, not spying on people after the fact.”

It was apparently the lack of privacy protections in CISPA that persuaded President Obama to threaten his veto last year. As yet there is no statement from the White House on its current position.

What’s hot on Infosecurity Magazine?