CISPA, the Cyber Intelligence Security and Protection Act, is being debated today in the U.S. House of Representatives, ahead of a vote tomorrow. What does it mean for internet users? What can we do about it? Update: House approves CISPA
House approves CISPA
The House approved CISPA by a 248 to 168 vote late on Thursday 26th April. The vote was supposed to happen on the next day (Friday).
The voting figures were: 206 Republicans, 42 Democrats voted for and 28 Republicans and 140 Democrats voted against.
A late amendment to the bill extended its reach to include not only sharing information for cybersecurity reasons but also for the protection of individuals and/or children.
The bill now moves to the Senate and hopefully eventual presidential veto.
CISPA has been openly backed by AT&T, Facebook, IBM, Intel, Microsoft, Verizon and others but the campaigning organization Access Now warns us:
We all agree that cyber security is important for users. But this bill is a step in the wrong direction, because it allows for the unlimited sharing of personal data among private companies and the government, without a single safeguard for civil liberties.
The American Civil Liberties Union has criticized CISPA on the grounds that it
"would create a cybersecurity exception to all privacy laws and allow companies to share the private and personal data they hold on their American customers with the government for cybersecurity purposes"
and Tim Berners-Lee, creator of the World Wide Web, agrees that the bill threatens Internet privacy and freedom of expression saying it
is threatening the rights of people in America, and effectively rights everywhere, because what happens in America tends to affect people all over the world.
The Obama administration has already signaled its opposition to CISPA, despite being committed to increasing public-private sharing of information about cybersecurity threats.
In the event that the bill passes through the House and Senate President Obama will be advised to veto it. A statement issued on April 25th includes the paragraph:
The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes.
Plans to veto legislation have on occasion been reversed and, as it looks fairly likely that CISPA will be passed by House of Representatives, it is still worth voicing concern. Follow the links below to add your name to two petitions:
Mozilla is working on a defense platform to automate the handling of security incidents, and to enable the use of incident handlers. Why not create tools for defence - the attackers have plenty!? [ ... ]
Microsoft has made the source code for early versions of MS-DOS and Word for Windows available in the Computer History Museum which already has a range of significant software programs in its collecti [ ... ]