The House of Representatives passed the privacy-invading Cybersecurity Intelligence Sharing and Protection Act (CISPA) by a vote of 288 – 127. The bill must still pass the Senate, and overcome a veto threat from Obama, before it becomes law.
This is CISPA’s second passage through the house. Like last year, the bill lacks adequate privacy protections, offers overly broad immunity to corporations, and would undermine existing legal protections for user data and privacy. Like last year, Access condemns the passage of CISPA, and will continue to work against it as it passes to the Senate.
CISPA allows for sharing of personally identifiable data from private companies with the military and government agencies, without limited safeguards. While CISPA does not require that companies share this data, it grants them broad legal immunity–so long as they acted in “good faith.”
The vote came after hearings on a number of amendments, which Access is still analyzing. Some proposed privacy-protecting amendments were ignored or blocked from consideration; including one which would have required that information be shared only with civilian agencies, and another would have required private entities to take “reasonable efforts” to remove personally identifiable information on individuals unrelated to cyberthreats.
Despite the bill’s passage, the threat of a presidential veto still stands. The Obama administration’s threat comes after an open letter by dozens of US privacy and civil liberties organizations requesting he reject the bill.
CISPA would not only affect users in the US, but anyone using US-based services, like Facebook or Google, or communicating on US networks–and it would set a dangerous precedent around the world for cybersecurity policy.
The bill was publicly opposed by academics and engineers, companies (a list is available at CISPAisBack.org), and civil liberties and privacy organizations.