The Cyber Intelligence Sharing and Protection Act (CISPA) has just recently been approved by the US House of Representatives.
This doesn't mean it's law just yet, but it's certainly a step closer to becoming such - as for the next stages of the Act, even I'm unsure about it, but I believe in the US "The Senate" has to pass it before it can be enforced or come into force.
So, what exactly is CISPA and why all the fuss?. Well, even I wondered what the fuss was about, until I actually delved into the fine details of the Act ... here's Electronic Frontier Foundation's, Mark Jaycox, explaining some of the consequences of cispa ...
- Companies have new rights to monitor user actions and share data ? including potentially sensitive user data ? with the government without a warrant.
- Cispa overrides existing privacy law, and grants broad immunities to participating companies.
- Information provided to the federal government under Cispa would be exempt from the Freedom of Information Act (FOIA) and other state laws that could otherwise require disclosure (unless some law other than Cispa already requires its provision to the government).
- Cispa's authors argue that the bill contains limitations on how the federal government can use and disclose information by permitting lawsuits against the government. But if a company sends information about a user that is not cyberthreat information, the government agency does not notify the user, only the company.
Essentially, this means any company in the US could monitor you online, and if they think the government should know about something they can pass on your details and activities and all the while you'll know absolutely nothing about the situation and in reality, you'll never know any information about you was passed to the government or monitored. Basically, it would appear you can just be randomly monitored and although I'm certain there will most likely be a "protocol" drawn up stating that individuals should only really be monitored if there are grounds to do so, Cispa potentially makes it impossible for anyone to be prosecuted for sifting through your data or monitoring your actions randomly!.
It would appear that if this bill get's through, gone are the days of "due cause" or "suspicion" and then "investigation" but it will more likely turn into "investigation" and then "due cause" or "suspicion"