CISPA... Round Two
One year after its failed first attempt, the controversial Cyber Intelligence Sharing and Protection Act (CISPA) is making headlines across the country. The U.S. House of Representatives once again approved the bill last week, 288 to 127, moving it along to the Senate, where the threat of a Presidential veto looms heavily.
What is CISPA?
CISPA allows for voluntary information sharing between private companies and the government in the event of a cyber attack. Supporters argue that CISPA is necessary to protect the U.S. against cyber attacks from countries like China and Iran. But opponents say that it forces companies to share users' private information with the government due to a liability clause. This, according to the Electronic Frontier Foundation, "essentially means CISPA would override the relevant provisions in all other laws—including privacy laws." It has also been questioned if the new measures under CISPA would constitute a violation of users' 4th Amendment right, which guards against unreasonable searches and seizures.
Why is the White House threatening to veto the bill?
The White House has threatened to veto CISPA, in part because it does not require private companies to anonymize data prior to sharing it with the government. Because of this, personal communications such as emails and text messages could be shared with the government (with your identifying data), or your cloud storage company could share your stored files.
So why try to pass it again?
The bill sponsors admitted that, as originally crafted, CISPA was not likely not pass the Senate or obtain President approval. Because of this, a number of amendments have since been introduced. More than a dozen proposals were approved, but most notably: companies can only use information they receive for cyber-security purposes, not to help their business; federal authorities can't hold on to shared data and use it for "national security purposes"; clarification that CISPA does not authorize hacking; and a rule that incoming cyber data will be handled by Homeland Security and the Justice Department. However, a last-minute amendment that would prevent companies from requesting passwords to employee's social media accounts was voted down 224-189, with Republicans constituting the majority.
CISPA has since moved on to the Senate, where senators can consider and approve the bill as crafted, or write their own cyber-security legislation. If the Senate opts to pass a bill that differs from the House version, the two sides must agree on the proposed legislation "in conference," before sending it on to the White House to gain President Obama's signature.
If you would like to voice your opposition to CISPA, more information can be found on the Electronic Frontier Foundation website.