CISPA voting session slated for this week

CISPA voting session slated for this week

Summary: Should firms be exempt from lawsuits stemming from data sharing, and should citizen privacy become a victim?

SHARE:

If the current cybercrime space prompts firms to share citizen data, should companies be held liable in citizen lawsuits?

Many firms, including AT&T, Verizon and Boeing, do not think so. This is the issue that is coming before the House Intelligence Committee this week, and the governmental body may pass a bill which would provide large companies lawsuit immunity in the case of data exchange and unhappy, privacy-conscious Americans. 

Citing anonymous sources, Bloomberg reports that the bill, the Cyber Intelligence Sharing and Protection Act (CISPA), may be changed to stipulate data has to become more anonymous and would limit ways in which it can be used. However, vague language and privacy concerns caused the Obama Administration to threaten a veto on the bill, which was passed last year before stalling in Congress. The next round of proposed changes are meant to soften President Obama's view on the bill, and stop the bill from being buried for the second time. 

A closed session is slated for a committee vote this week on April 10.

The bill is designed to shave away legal barriers that prevent firms from sharing information, which includes data harvested from U.S. citizens. Information gleaned from web services including social media sites, searches and cell phone records are included. The principle aim is that by sharing data across institutions -- whether they be commercial, governmental, law enforcement-based or military -- cybercrime defenses can be improved. However, removing these barriers can also mean that as firm hands over your data to agencies, citizens can wave goodbye to their privacy.

In addition, if a citizen takes umbrage at their data being shared in such a way, companies will be protected from legal repercussions, which is naturally an attractive proposition for many companies. 

See also: Surprise, surprise: House committee to amend CISPA in secret, again | How SOPA protests were used to push CISPA | CISPA: more heinous than SOPA, and it just passed

Supporters of the bill include Boeing, AT&T and Verizon.

Privacy groups and civil rights unions have expressed concerns over the bill's individual data and privacy protection stipulations, and many consider CISPA a step too far in chipping away at privacy -- even in the name of improving cybersecurity defenses. An online petition created Feb. 13 has reached 108,000 signatures, over the 100,000 threshold required to elicit an official White House response, although nothing has yet been issued.

Frank Cilluffo, director of George Washington University’s Homeland Security Policy Institute told the publication:

"We need to get a little more specific in terms of what type of information we’re sharing and under what circumstances."

In addition, Michelle Richardson, ACLU legislative counsel, has caused the bill in its current form a "privacy disaster," which may allow citizen data to be used to undefined purposes by the government. Civil rights groups have called CISPA a "privacy killer," and sent a letter to the committee last week which said "the public has a right to know how Congress is conducting the people’s business, particularly when such important wide-ranging policies are at stake."

California Democrat Adam Schiff, a committee member, said he would introduce an amendment "requiring companies to try to remove personal data" before it is shared among other parties. "Try" being the word to take note of, and unlikely to soothe privacy groups. In addition, Bloomberg's sources say that the proposed changes to try and make the bill successful in the second attempt do not include putting a civilian agency in charge of how information is shared.

CISPA was passed in April last year, but lost the battle when it was flatly rejected in the Senate. The proposed amendments to the bill are designed to stop Obama's Administration vetoing the bill once more, and while the United States is in need of modernized legislation in response to the cybercrime environment, protecting industry leaders and placing citizen data at risk isn't necessarily the best way to go about it.

Let's hope the Obama Administration sticks to its guns, having previously stated it opposes the "privacy killing" bill. 

Topics: Security, Government US, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • The U.S. Congress and cybersecurity

    Go as well together as right wingers and climate science.
    JustCallMeBC
  • The U.S. Congress and cybersecurity

    Go as well together as right wingers and climate science.
    JustCallMeBC
  • Confessional Level Confidence

    Data that are shared must be used only for PREVENTING cyber crimes or terrorism, not for prosecution after the fact, unless a search warrant was legally obtained for the specific kind of data. The act of preventive arrest itself, of course, is always legal evidence to convict (i.e. we caught you with weapon X red handed, never mind how we did it). But data must be made anonymous before sharing whenever possible. And ideally, governments, companies, and the individual workers in them must have a legally enforceable vow of confidence for data that is either (1) private and irrelevant to a legal case, or (2) private and relevant, but illegally obtained. This confidence must be of the same level as an attorney, doctor, therapist or priest, with stiff penalties for leaking it.

    When Desi Arnaz Jr. was conceived, the nurse working for Lucille Ball's doctor reported the pregnancy to the FBI, and J. Edgar Hoover called Desi to congratulate him BEFORE LUCY had a chance to tell her husband! Under the Confessional Level of Confidence, the nurse and Hoover would both have been guilty of a felony. No less than this level of privacy will convince Americans that the government really respects their privacy.
    jallan32
  • re: CISPA voting session slated for this week

    > a veto on the bill, which was passed last year
    > before stalling in Congress.

    Whatever...
    none none
  • so did it pass? what now

    yep
    dosmastr@...