The US House of Representatives passed the Cyber Information Sharing and Protection Act on Thursday by a vote of 248 to 168, giving the government authority to share cyber threat information with companies.
“By permitting the private sector to expand its own cyber defense efforts and to use classified information to protect its systems and networks, this bill will help create a more robust cybersecurity marketplace with expanded service offerings and jobs,” the press release on the House website says. “More importantly, this bill does not contain any new federal spending or impose additional federal regulation or unfunded mandates on the private sector.”
CISPA amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing, and has many Internet users concerned about their online privacy since it would allow companies to bypass all existing privacy law to spy on communications and pass user data to the government, according to the Electronic Frontier Foundation.
While the protection against cyber attacks is the main focus of CISPA, other valid uses of information include protection of individuals, and protection of children.
“People are mostly talking about CISPA in terms of personal privacy, but what concerns me from a web hosting perspective is what this legislation–in its current form–will do to the competitiveness of US based hosts,” Christian Dawson, COO of ServInt and Save Hosting co-founder says in an email to the WHIR. “People can host anywhere in the world – it’s a global marketplace. If they feel their data will be less private and secure if it’s hosted in the US, then the United States is going to see hosting business go abroad.”
This is quite a different picture than what Republican Mike Rogers, chairman of the House intelligence committee, paints in a statement in a press release on Thursday. He says one American company estimated a loss of 20,000 manufacturing jobs because “countries like China stole their intellectual property and illegally competed against them in the market place.”
While SOPA and PIPA garnered a lot of attention earlier this year, CISPA kept a lower profile, and has support from companies like Facebook, Microsoft, Oracle, Symantec and Verizon since they would be granted immunity from prosecution when sharing information under CISPA.
According to a report on CNET, the US government can’t force companies to open their databases and networks, but can only request it.
The next step is for CISPA to move to the Senate, but before that organizations like the EFF and Save Hosting will be prepared to rally against the anti-privacy cybersecurity bill. Save Hosting is “putting the finishing touches on its CISPA position paper and action items” according to a tweet early last week.
As several reports point out, even if CISPA passed the Senate, President Obama would still be able to stop it. On Wednesday, the Obama administration released a statement opposing CISPA in its current form. The statement says CISPA lacks “sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes.” It also says companies would be inappropriately protected from any suits “where a company’s actions are based on cyber threat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life.”
Talk back: Are you concerned about CISPA passing the Senate? What kind of implications do you see CISPA having on your hosting business? Let us know in the comment section.