Despite White House protestations and a threatened veto [PDF], the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA) Thursday by a comfortable 288 - 127 margin (17 members did not issue a vote).
The primary aim of CISPA is to encourage corporate and public sector information sharing that could help defeat the latest cyber threats by eliminating the legal hurdles that currently deter this sort of exchange. Privacy advocates, however, fear that this bill as constructed would strip Internet users of their freedoms.
In a statement [PDF] issued prior to the vote, the White House agreed that while information sharing is essential to any cyber threat legislation, the scope of the bill places far too many potential innocent parties at risk.
"[E]ven if there is no clear intent to do harm, the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm when and if the entity knows that such inaction will cause damage or otherwise injure or endanger other entities or individuals," according to the statement.
In a press release issued following the vote, ranking House Intelligence Committee member Dutch Ruppersberger (D-Md.) lauded the process and declared passage a victory for both privacy supporters and those hoping to secure the Web.
“This has been an open, deliberative, and bi-partisan process where a number of groups came together to share ideas and make a good bill even better. CISPA recognizes that you can’t have true security without privacy, and you can’t have privacy without security. This bill effectively works to protect both."
Last week, representatives from the Electronic Freedom Foundation (EFF) and the American Civil Liberties Union (ACLU) issued strong statements against the legislation, maintaining that Congress is not addressing the fundamental network security issues that impact cyber safety.
In a statement issued yesterday, Free Press Action Fund Policy Director Matt Wood vowed to fight on, reiterating concerns that the bill would have a negative impact on Internet freedom.
“CISPA would still obliterate our privacy laws and chill free expression online. The few amendments made to the legislation do not address all the concerns highlighted by the White House and by the representatives who stood up against CISPA this week. We need to make sure companies remove irrelevant personal information when they share our data, and that companies can be held accountable for ignoring and abusing Internet users' civil liberties."
The feeling amongst information security professionals is more measured.
Mark Kraynak, senior vice president of marketing at Imperva, told Security Bistro that despite privacy concerns, threat intelligence is already being shared within the security community and that will continue regardless of whether CISPA ultimately becomes law or not.
"What’s left out of this conversation is that this type of sharing is already happening between private organizations. And because of its proven efficacy, threat intelligence sharing is bound to continue and even grow in popularity. From that perspective there is the opportunity for government regulation to have positive effect on individual privacy by placing limits on what information is shared, while at the same time encouraging appropriate sharing," Kraynak said.
"A starting point for this is to limit shared data to information on attacks or activity that is considered malicious by the sharing organizations, as opposed to any and all data about a given set of users. CISPA in its current form doesn’t seem to address those issues, but the opportunity certainly is there."
The bill now moves on to the Senate, where it was voted down last April.
“If the Senate takes up cybersecurity again, it should take the necessary steps to protect everyone's privacy and personal information," added Free Press Action Fund Policy Director Wood.
- About Corero
- Investor Relations
- News Room
- Executive Management Team
- Corero Offices
- Contact Us