The US House of Representatives pushed the Cyber Intelligence Sharing and Protection Act (CISPA) forward last night.
Despite a White House threat to veto the controversial information-sharing bill, it was passed and protocols for sharing cyber intelligence information among the US government and the private sector were formalised, in a 288-127 vote.
However the version of the act, which was rejected in 2012 and was never taken up by the Senate, faces the same hurdles, along with a signature from President Obama, before being enacted. Two days earlier, the White House expressed longstanding concerns about the bill's privacy.
This year's version of the bill, which cleared the House Intelligence Committee last Wednesday, features a number of revisions from when the legislation was first re-introduced. But to the chagrin of privacy advocates, some of the bill's toughest privacy amendments, did not make their way into the final iteration of the bill.
Critics of CISPA wanted the bill to include limited liability protection for companies sharing intelligence with the government, and requirements that personal information be eliminated from threat data prior to it being shared. Supporters believe it is necessary to counter increasingly advanced threats, such as those emanating from China, Iran, Russia and elsewhere.
Rainey Reitman, activism director at the digital rights advocacy group Electronic Frontier Foundation, explained her problems with CISPA during a Reddit discussion held 10 days ago. "Congress wants to appear as if it's doing 'something' about internet security," she wrote. "But the truth is that the proposals they're suggesting don't address most of the major network security issues.
“From social engineering to two-step authentication, from the broken CA [certificate authority] system to encrypting the web, there are concrete and real issues around network security that can and should be addressed (though a lot of them aren't legislative solutions). Instead of grappling with these issues, Congress is trying to push an information 'sharing' bill that would undermine existing privacy laws.”