[Infowarrior] - Privacy protections booted from CISPA data-sharing bill

Richard Forno rforno at infowarrior.org
Thu Apr 11 07:47:41 CDT 2013 

Privacy protections booted from CISPA data-sharing bill

Committee overwhelmingly votes down privacy amendments that would have curbed National Security Agency's access to private sector data. Now the bill heads to the House floor for a vote.

by Declan McCullagh
April 10, 2013 11:39 PM PDT  
 
A controversial data-sharing bill won the approval of a key congressional committee today without privacy amendments, raising concerns that the National Security Agency and other spy agencies will gain broad access to Americans' personal information.

The House Intelligence committee, by a vote of 18 to 2, adopted the so-called CISPA bill after an unusual session closed to the public where panel members debated and voted on the proposed law in secret.

Rep. Jan Schakowsky (D-Ill.), who proposed three unsuccessful privacy amendments, said afterward she was disappointed her colleagues did not limit the NSA and other intelligence agencies from collecting sensitive data on Americans. (See CNET's CISPA FAQ.)

Her privacy amendments would have "required that companies report cyber threat information directly to civilian agencies, and maintained the long-standing tradition that the military doesn't operate on U.S. soil against American citizens," Schakowsky said.

Schakowsky had attempted to fix one of the most contested parts of CISPA: language overruling every state and federal privacy law by allowing companies to "share" some types of confidential customer information with the NSA and other intelligence and law enforcement agencies. While no portion of CISPA requires companies to share data with the feds, major telecommunications providers have illegally shared customer data with the NSA before, leading to a congressional grant of retroactive immunity in 2008.

Today's committee decision advances CISPA to the House floor, with a vote expected as soon as next week. It's a difficult vote to handicap: it could be a reprise of last year, when members approved the legislation by a vote of 248 to 168. On the other hand, if only 40 members switch their votes from yea to nay, CISPA is defeated.

Last time around, a formal veto threat by President Obama a day before the House vote helped galvanize Democratic opposition -- Democrats preferred their own legislation, which had a different set of privacy problems. But the White House has not responded to an anti-CISPA petition that topped 100,000 signatures a month ago, and the president's recent signature on a cybersecurity executive order may mean the administration's position on legislation has shifted.

CISPA's advocates say it's needed to encourage companies to share more cybersecurity-related information with the federal government, and to a lesser extent among themselves. A "Myth v. Fact" paper (PDF) prepared by the House Intelligence committee says any claim that "this legislation creates a wide-ranging government surveillance program" is a myth.

"Cyber-hackers from nation-states like China, Russia, and Iran are infiltrating American cyber networks, stealing billions of dollars a year in intellectual property, and undermining the technological innovation at the heart of America's economy," House Intelligence chairman Mike Rogers (R-Mich.), sponsor of CISPA, said after the vote. "This bill takes a solid step toward helping American businesses protect their networks from these cyber looters."

The four privacy amendments that were rejected included:

• Limiting the sharing of private sector data to civilian agencies, and specifically excluding the NSA and the Defense Department. (Failed by a 4-14 vote.) (PDF)

• Directing the president to create a high-level privacy post that would oversee "the retention, use, and disclosure of communications, records, system traffic, or other information" acquired by the federal government. It would also include "requirements to safeguard communications" with personal information about Americans. (Failed by a 3-16 vote.) (PDF)

• Eliminating vague language that grants complete civil and criminal liability to companies that "obtain" information about vulnerabilities or security flaws and make "decisions" based on that information. (Failed by a 4-16 vote.) (PDF)

• Requiring that companies sharing confidential data "make reasonable efforts" to delete "information that can be used to identify" individual Americans. (Failed by a 4-16 vote.) (PDF)

< - BIG SNIP - >

http://news.cnet.com/8301-13578_3-57579012-38/privacy-protections-booted-from-cispa-data-sharing-bill/

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.

More information about the Infowarrior mailing list