CISPA revived in wake of Sony hack
A controversial cybersecurity bill was reintroduced in the House of Representatives Friday in the wake of last month’s hack that crippled Sony Entertainment.
The Cybersecurity Information Sharing and Protection Act, better known as CISPA, was reintroduced by Rep. Dutch Ruppersberger, D-Md., Friday. The bill (H.R. 234), which is identical to the version that passed the House in 2013, is built to help the public and private sectors share information in the wake of cyber attacks.
However, just like the first time around, privacy advocates are sounding the alarm over CISPA’s implications, saying the bill would allow companies and the government to swap data containing personally identifiable information.
“The law puts few limits on the transfer of personal user information that can be collected from private companies by the U.S. government all while creating broad liability protections for doing so,” wrote Amie Stepanovich and Drew Mitnick on behalf of Access, a digital rights advocacy group. “In short, this is a bill that hurts users by creating a new surveillance regime and doing little to actually increase in data security.”
While the bill has not changed since the 2013 version that died in the Senate, the political climate looks markedly different. Ruppersberger is acting the wake of the Sony attack, which the FBI has publicly said twice was the result of work of hackers tied to North Korea. Even with the FBI’s edict, some security experts still say the evidence that North Korea is responsible isn’t concrete.
“The reason I’m putting bill in now is I want to keep the momentum going on what’s happening out there in the world,” Ruppersberger told The Hill newspaper, who first reported the bill’s reintroduction, in an interview Thursday.
Ruppersberger is reintroducing CISPA on his own, after the bill’s original co-sponsor, former House Intelligence Committee Chairman Mike Rogers, R-Mich., retired at the end of last year.
The Electronic Frontier Foundation has also condemned CISPA, saying the bill wouldn’t prevent hacks like the Sony attack from happening.
“Instead of proposing unnecessary privacy-invasive bills, we should be collectively tackling the low-hanging fruit,” wrote Mark Jaycox, a legislative analyst with EFF, in a blog post. “This includes encouraging companies to use the current information sharing regimes immediately after discovering a threat.”
You can read the full bill below.