To the disappointent of advocates for civil liberties and internet freedom, the controversial Cyber Intelligence and Protection Act (CISPA) passed the U.S. House of Representatives on Thursday by a vote of 288-127. 196 Republicans voted for the measure and almost half the House Democrats.
Few would dispute that cybersecurity is not a concern. A rapid flurry of recent cyberattacks of government and corporate websites has highlighted the issue. But as Internet security experts argue, CISPA approaches the problem in a wrongheaded manner, allowing companies to share information to make their networks more secure but at a cost to users’ rights.
To protect the U.S. against hackers, CISPA allows companies, including internet service providers, to share information, the better to coordinate efforts in the event of a cyberattack. But CISPA is vague about precisely what sort of information will be shared. As a result, “in theory everything from e-mails to medical records could end up being shipped to intelligence agencies, even if it is not needed,” the Economist points out.
As Electronic Frontier Foundation’s Mark Jaycox explains,
Companies have new rights to monitor user actions and share data – including potentially sensitive user data – with the government without a warrant.
Cispa overrides existing privacy law, and grants broad immunities to participating companies.
CISPA’s supporters, including its sponsor, Michigan Republican Mike Rogers, say that the bill contains limitations that would keep the federal government from using and disclosing information as people would be able to bring lawsuits against it. But in its current incarnation, “if a company sends information about a user that is not cyberthreat information, the government agency does not notify the user, only the company,” writes Jaycox.
Having passed the House, CISPA is now headed for the Senate. Last year saw similar legislation (the Stop Online Piracy Act, SOPA) also clear the House only to be filibustered in the Senate. President Obama has indicated he may veto CISPA in its current incarnation.
Jaycox and others are not exactly holding their breath. Supporters for CISPA include TechNet, an industry group that counts Facebook and Google as members. Google has itself “taken no formal position on the draft legislation and is “watching the process closely,” according to the Economist. That is, large companies that, as we know, make use of our data in return for the services they provide for “free,” now have a chance to speak up about CISPA. As the bill proceeds to the Senate, what will they say — or will they continue to keep their view private, to themselves?
Related Care2 Coverage