Out-Law News 1 min. read
19 Apr 2013, 3:40 pm
The Cyber Intelligence Sharing and Protection Act (CISPA) would require businesses to share customers' personal data when sought by government agencies in a bid to combat threats to cyber security.
However, concerns have been raised that there are insufficient privacy safeguards built in to the draft framework.
"CISPA is a poorly drafted bill that would provide a gaping exception to bedrock privacy law,” Kurt Opsahl, a lawyer at the Electronic Frontier Foundation (EFF), said in a statement. "While we all agree that our nation needs to address pressing Internet security issues, this bill sacrifices online privacy while failing to take common-sense steps to improve security."
The House of Representatives voted 288-127 in favour of the CISPA proposals, which still require the backing of the US Senate in order to become law, although US President Barack Obama could yet use his presidential veto to block the plans as drafted.
"The Administration recognises and appreciates that the House Permanent Select Committee on Intelligence (HPSCI) adopted several amendments to [CISPA] in an effort to incorporate the Administration's important substantive concerns," the White House said, according to a report by The Register. "However, the Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill."
Prior to the vote by the House, amendments to CISPA (3-page / 216KB PDF) had been made by the HPSCI which mean that the use of "personally identifiable information obtained from the private sector" that is "not critical to the cyber threat" is either minimised or removed altogether. The scope of the proposals was also narrowed to ensure that US government agencies can only use "cyber security information" amongst the information passed on by businesses. In addition, a privacy and civil liberties watchdog was given oversight of the use of the information.
CISPA's co-author, Republican Mike Rogers, said that the legislation would help protect the US from cyber attacks and spying.
"We have a constitutional obligation to defend this nation," Rogers told the House, according to a report by the Guardian. "This is the answer to empower cyber information sharing to protect this nation, to allow those companies to protect themselves and move on to economic prosperity. If you want to take a shot across China's bow, this is the answer."
