By Thomas Scott
Last week, while the nation held its breath during the manhunt for the Boston bombers and the Senate failed to pass more comprehensive gun regulation, a controversial bill was passed by the House of Representatives.
The Cyber Intelligence Sharing and Protection Act (CISPA) is a bill that has stirred up significant controversy in the tech industry.
The bill passed the house with 288 votes in favor of the measure and 127 opposed.
Anonymous has called an Internet blackout, which began Monday morning in response to the bill’s passage.
So far about 392 sites have joined the strike, but many noteworthy supporters of last year’s SOPA blackout, such as Google, have remained silent on the matter.
The Electronic Frontier Foundation (EFF) claims the bill “would allow companies to bypass all existing privacy law to spy on communications and pass sensitive user data to the government.”
According to the San Francisco based advocacy group, any “information collected under CISPA can still be used for a wide range of poorly defined purposes” such as “cybersecurity purpose.” Such broad language comes in the wake of an amendment which placed some limits on data that could be utilized by the government.
The amendment states concisely that personal information “may not be used by a non-Federal recipient … for a cybersecurity purpose.” The new law could also allow companies to deploy countermeasures in response to a cyber attack. That aspect of the legislation is poorly defined, and is open to broad interpretation. An amendment was added to clarify that the measures were not to “be construed to provide … authority to … use a cybersecurity system to … obtain … information from” another entity’s network.
In effect, an entity that undergoes a cyber attack may only “hack back” within its own network. However, the bill allows for significant leeway in dealing with hackers.
According to the EFF, CISPA could grant companies “immunity ‘for decisions made based on cyber threat information’ as long as they are acting in good faith.” Some government contractors have begun to develop cyber warfare capabilities that could engage in “DDoSing suspected intruders” and makes “the bill ripe for abuse.”
A distributed denial-of-service attack (DDoS) is a potent tactic which can paralyze e-commerce and vital Internet infrastructure by flooding it with traffic.
The technique is often employed by hacking groups such as Anonymous, which often grab headlines for their high profile attacks.
Lobbying groups such as TechNet, however, have expressed their approval for the legislation.
TechNet, composed of tech giants such as Dell, Microsoft, Intel and Apple, describes itself as “the voice and advocate of the innovation economy.”
In a letter to the House’s Permanent Select Committee on Intelligence last Thursday the interest group endorsed the bill, stating that it was “a reasonable, effective proposal for ensuring our nation’s cybersecurity.” Support for the new law did not stop there.
Facebook also voiced its support in a letter to the Committee back in February, asserting that the Committee’s “thoughtful, bipartisan [would] enhance the ability of companies like Facebook to address cyber threats.”
The letter also addressed how the legislation would eliminate “burdensome rules that currently … inhibit protection of the cyber ecosystem.” The letter was signed by Joel Kaplan, a former Bush administration official and one of Facebook’s top lobbyists since 2011.
Internet security firm Symantec also put its support behind the law. In a letter to the Select Committee on Intelligence, the producer of Norton anti-virus software wrote that the “bi-partisan legislation exemplifies a solid understanding of the shortfalls” involved with “information sharing” and that the “legislation will encourage the government to share vital threat information with industry.”
The White House asserts that CISPA requires “additional improvements and if the bill … were presented to the President, his senior advisors would recommend that he veto the bill.” The president ran on a platform of Internet openness in 2008. CISPA has moved past the House, but no one know yet just how far it will go.