Cyber security bill CISPA is passed

A nightmare come true, last Thursday The United States House of Representatives approved the debated cyber security bill,  the act will force any company to give away all the user’s data it collects if asked by the government, trampling all claims of privacy of the people on the Internet in the name of security.

The Cyber Intelligence Sharing and Protection Act (CISPA) passed with 288-127 vote also receiving support from 92 Democrats, now the bill is submitted to the Senate and then to the President Office.

It’s second time that The United States House of Representatives passed the challenged bill, the US Senate already rejected the first draft if the bill, that appears not different to this second one, due the lack of protection on user’s privacy. Probably the bill has been set in the wrong way, we all agree on the needs to reinforce security also in the cyberspace and of course to do this US government request greater power of action.

During the last months worldwide internet community expressed great concern at the possibility of a reintroduction of  The Cyber Intelligence Sharing and Protection act (CISPA)  before the US House by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.).

Recent events have conditioned the decision to repeat the bill, many Americans are starting to be aware of the risks related to the improper use of the Internet, they understood that we can protect sea, land, sky and space but leave uncontrolled the Internet is compared to leave the door open in a fortress.

Part of the bill are necessary to improve the security of the US against cyber attacks, let’s remind that the it establishes a strict collaboration between central governments and private companies to protect their infrastructure, “information sharing” is the watchword. US Government and private business need to share information of cyber attacks they suffered to allow the authorities to activate its alert network, although the concept may seem obvious today does not happen so often hacked companies do not disclose the news to avoid any negative impact on the reputation of the corporate and the consequences can be disastrous.

Following the statements used by Rogers to sustain the bill:

 “This is clearly not a theoretical threat – the recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear,”

“American businesses are under siege,”  “We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats.  It is time to stop admiring this problem and deal with it immediately,” 

“We’re talking about exchanging packets of information, zeroes and ones, if you will, one hundred million times a second. So some notion that this is a horrible invasion of content reading is wrong. It is not even close to that.”, 

The other co-author of the bill, Dutch Ruppersberger, declared during debate on the issue that $400bn worth of American trade secrets are being stolen by US companies every year.

“If your house is being robbed, you call 911 and the police department comes. That’s the same scenario we are looking at here,” he said.

Various companies, included the giant of social networks Facebook, confirmed their support to the cyber security bill, following the declaration of Joel Kaplan, FB Vice President:

“One challenge we and other companies have had is in our ability to share information with each other about cyber attacks. When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack,” “Similarly, if the government learns of an intrusion or other attack, the more it can share about that attack with private companies (and the faster it can share the information), the better the protection for users and our systems.”

But in the same time Reuters agency confirmed the opposition of Microsoft and Facebook to the bill.

Web companies, including Google and Wikipedia and Twitter expressed disappointment  on the debated bill warning on possible violations of digital freedoms and the user’s privacy.

The American Civil Liberties Union, one of 34 groups that wrote to lawmakers this week urging them to oppose the bill, Michelle Richardson, legislative counsel at the ACLU’s Washington Legislative Office commented the act with following words:

“CISPA is an extreme proposal that allows companies that hold our very sensitive information to share it with any company or government entity they choose, even directly with military agencies like the NSA, without first stripping out personally identifiable information,”

Of course there is a side effect far from negligible, private companies daily manage user’s data ensuring non-disclosure to protect the privacy, Privacy advocates and groups of hacktivists such as Anonymous are mobilizing to protest against the bill considered poorly drafted and that represents a serious menace to freedom of expression and to civil liberties.

Anonymous collective is invited to publish a page to explain the bill and the way it could violate our privacy,  meanwhile The House Minority leader Nancy Pelosi expressed great concerns on CISPA  that represent the failure between  security and privacy.

“I’m disappointed that we did not address some of the concerns mentioned by the White House about personal information,” Pelosi said. “Unfortunately, it offers no policies and did not allow any amendments or real solution that upholds Americans’ right to privacy.”

The Center for Democracy and Technology states that CISPA would allow Internet Service Providers (ISPs) to “funnel private communications and related information back to the government without adequate privacy protections and controls. The bill does not specify which agencies ISPs could disclose customer data to, but the structure and incentives in the bill raise a very real possibility that the National Security Agency or the DOD’s Cybercommand would be the primary recipient.” 

The Bill will in fact allow the government to obtain complete control over the internet censoring every suspect content that could represent a threat to national security.

Do we need to sacrifice our privacy in the name of security? Is it really necessary?

Pierluigi Paganini

(Security Affairs – CISPA)