The House this afternoon passed the Cyber Intelligence Sharing and Protection Act—CISPA, for short—a controversial bill that would allow companies to share information with the federal government in the name of cybersecurity.
Some version of the bill has been around for awhile: it passed the House last year, too, but the Senate version of the bill was killed by filibuster after a presidential veto threat. This year the bill faces a veto from the president once more, but that hasn’t stopped it from moving forward in Congress. The bill cleared the lower chamber by a vote of 288 to 127, with 92 Democrats joining most House Republicans in voting for it. It was introduced by GOP Rep. Mike Rogers, who famously claimed that the opponents to this bill were mostly “people on the Internet…you, know, a 14-year-old Tweeter in their basement.”
Those opposing the bill include the ACLU, Craigslist, Reddit, the Electronic Frontier Foundation, the American Library Association, and to some extent Facebook (who initially supported the latest iteration of this bill, along with Google, who helped lobby for it). As with last years fight over SOPA (the Stop Online Piracy Act), the criticism focuses on the bill’s ambiguity and scope rather than on the need to address cybersecurity threats at all. Here’s Ars Technica, explaining:
“Civil liberties groups such as the American Civil Liberties Union oppose the legislation. Supporters have made changes to the bill to mollify critics. But in a Friday blog post, the ACLU described the latest version as “fatally flawed.” They worry that the broad limitations on liability offered by CISPA will undermine legal safeguards for Americans’ privacy. The bill would essentially give corporations a blank check to allow for widespread sharing of all kinds of information—including personal information—with other companies, or with the government, as long as it “pertains” to cybersecurity.”
The Obama Administration explained further in a Tuesday statement on their veto threat to the bill:
“The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable – and not granted immunity –for failing to safeguard personal information adequately.”
The 2013 version of the bill has a long list of corporate supporters, which you can peruse in full here. That list includes Technet, a trade association that represents, among other companies, Microsoft and Google. Or, read the full bill here.
