House , would have allowed U. It means that the many who signed up to such services under terms that promised their data would not be shared with anyone — unless a subpoena or court order was served — would no longer have such rights going forward. Though it would have weakened CISPA's overall weight, now it gives additional legal immunity to companies sharing their customer data.
The key provision of CISPA is that it allows government entities to acquire your data without a warrant, should a private company holding your data hand it over. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
But while the U. The Fourth Amendment does not protect private companies from accessing and data mining your information for its own gain. It only protects against the U. The Obama administration has issued another stark warning to the US House currently preparing to vote on a regurgitated cybersecurity Bill. If it passes the president's desk, he's not going to sign it. CISPA bridges a gap between the private firms that can access your data for nefarious purposes — they would likely never do this — to the U.
By this point, the U. The kicker is that this is allowed as long as it's lawful and pertains to "cybersecurity purposes," rather than "national security" purposes.
But because the language in CISPA is so ill defined, it could be used for many more reasons than were initially considered. According to privacy and civil liberties group the Electronic Frontier Foundation EFF , even though the data was passed to the government for reasons pertaining only to "cybersecurity," it can then be used to investigate other crime, not limited to cybersecurity crime, such as the "criminal exploitation of minor, protecting individuals from death or serious physical injury, or protecting the national security of the United States.
But it all flows through the U. Even the U. Department of Agriculture can take on your data and use it against you, should you be fishing without a license. And because this is done behind the scenes and private companies do not have to tell you that they've handed your data to the government, you may never know about it.
The EFF said on its site :. As it stands, CISPA is dangerously vague, and should not allow for any expansion of government powers through a series of poorly worded definitions. If the drafters intend to give new powers to the government's already extensive capacity to examine your private information, they should propose clear and specific language so we can have a real debate.
As it stands, the bill would allow sharing for the investigation of cyber crimes, for the protection of individuals from "death or serious bodily harm" and related law enforcement needs, for the protection of children, and "to protect the national security of the United States. The government can use your personal information for a variety of purposes under the proposed law, without liability.
A shall only be shared in accordance with any restrictions placed on the sharing of such information by the protected entity or self-protected entity authorizing such sharing, including appropriate anonymization or minimization of such information;. Despite the broad definition and usage of data permitted in the bill, there are some basic protections. CISPA honors restrictions placed on data by companies, so the government cannot request access to personal information if the company chooses to protect its users by making their information anonymous.
And the bill prohibits companies that share under the law from using each other's data to gain an unfair advantage in the market. Since the bill does not require that shared data be stripped of personal information, it's up to private companies to choose how to share your information with the government. In other words, you can't sue them for sharing your information if you're deemed a "cyber threat" — even if a mistake is made. Despite public discussion, many major tech companies have not backed popular outrage.
Supporters of the bill say that it will help safeguard against cyber attacks, and cite innovation and success in industry. The Telecommunications Industry Association says that "the legislation takes a significant step forward in safeguarding consumers and businesses from increasingly aggressive and sophisticated cyber attacks," and that "it establishes a collaborative approach that won't introduce heavy bureaucracy that could harm high tech innovation. Web and civil liberties advocates have condemned the bill.
The EFF says that the bill "leaves ample room for abuse," and that it would "cut a loophole in all existing privacy laws. While the bill easily passed in committee by a vote of 17 to 1 last year, its passage yesterday was mostly driven by House Republicans for, 28 against , and opposed by Democrats 42 for, against. Additionally, the White House's threat of veto is likely to influence Democrats who currently control the Senate.
We'll continue to track the bill as it makes its way through the other half of Congress. Subscribe to get the best Verge-approved tech deals of the week.
Cookie banner We use cookies and other tracking technologies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audiences come from. In addition, most of the bill is devoted to outlining how the federal government would share information throughout its various agencies, with little mention of how the private sector might access this data.
Several privacy advocates and businesses opposed to CISA have pointed out that sharing information about new types of malware, suspicious network activity and other cyber-threat indicators will do little to crack down on cybercrime.
Such information sharing must be combined with implementing encryption, patching outdated software and otherwise bolstering cyber defenses. Scientific American has compiled a cheat sheet to help you understand the bill, why it is controversial and what it means to you. The bill calls for government agencies, businesses and other organizations to share information about cybersecurity threats with one another.
The thinking is that this shared information will help these different groups better prepare themselves to identify and defend against hackers trying to steal information from their computers. CISA in its current form, however, does not clearly define how this information would be shared, who would manage such information or how it would be disseminated. Co-sponsors include Sens. Dianne Feinstein D — Calif. The U. In Congress, Sens. Ron Wyden D—Ore. Rand Paul R—Ky.
Critics say that the process of passing customer information to government agencies or other third parties creates new opportunities for data to be stolen. They also argue the bill fails to address the real reasons hackers are able to steal data—including outdated software, malware and unencrypted files—and that because information sharing would be voluntary, a lack of participants could undermine the program.
Did recent amendments to the bill address any of these concerns?
0コメント