Cyber Intelligence Sharing and Protection Act (CISPA) passed in House

Posted on by

From http://www.digitaltrends.com/web/cispa-what-now/:
“What happened in the House

During hours of debate, the House approved 11 amendments to CISPA. You can see the full list here (2 through 12 were approved; 1, 13, and 14 were not). Of these, perhaps the most important amendment is the one proposed by Rep. Bob Goodlatte (R-VA), which limits the way information shared under CISPA to that which is “directly pertaining to” threats, vulnerabilities, or unauthorized access to a system or network. The Goodlatte amendment (pdf) also makes it explicitly clear that information pertaining to the violation of businesses’ Terms of Service do not qualify as “cyber threat intelligence” under CISPA, and thus may not be shared.

Another notable amendment is a sunset provision (pdf) submitted by Rep. Mick Mulvaney (R-SC), which limits the life of CISPA to five years after the date of enactment. After that time, the bill must be re-approved by Congress.

The most controversial amendment approved is the Quayle amendment, which says that information shared under CISPA may “only” be used for the following five purposes:

cybersecurity;
investigation and prosecution of cybersecurity crimes;
protection of individuals from the danger of death or physical injury;
protection of minors from physical or psychological harm; and
protection of the national security of the United States

Prior to the adoption of this amendment, CISPA allowed information to be shared for “cybersecurity” or “national security” purposes, but did not outline any specific ways law enforcement may used the data. Because the language did not lay out any specific uses, privacy advocates feared the government could justifiably use the data to investigate and prosecute other crimes, even if they had had nothing to do with cybersecurity or national security.

Some privacy advocates believe that the Quayle amendment is a bad one because it explicitly expands the ways with which the government may use CISPA data to include things that have nothing to do with cybersecurity or national security. The CDT, however, sees the Quayle amendment as an improvement, since it limits the non-cybersecurity or national security uses to “protection of individuals from the danger of death or physical injury” and “protection of minors from physical or psychological harm.” Of course, given that many things on the Internet could be construed as potentially causing children psychological harm, this may not be much of a reassurance. But it definitely seems better than giving the federal government a more-or-less blank slate.

So, in short, CISPA has gone through some necessary changes, from a privacy and civil liberties standpoint, but there is still quite a lot of work to be done for it to be a “good” piece of legislation.
What happens next

CISPA now heads to the Senate, where a number of other cybersecurity bills have wallowed in legislative limbo for years. Chances are good that CISPA will face greater resistance in the Democrat-controlled Senate than it did in the House. And it may be changed significantly, or merged with other cybersecurity bills. This is increasingly likely given the fact that President Obama has indicated that he will veto CISPA if it does not provide adequate privacy protections, and explicit protections for critical infrastructure. (An amendment that would have satisfied the latter complaint was shot down in the House.)”

Leave a Reply

Your email address will not be published. Required fields are marked *