Facebook supports Cispa cyber-security bill

Facebook says it is backing a new cyber-security bill due before US Congress later this month.

The HR 3523 Act would enable the government to access web users' private data on suspicion of a cyber threat.

The act, dubbed the Cyber Intelligence Sharing and Protection Act (Cispa) , would also allow easier information-sharing between security agencies and private web firms.

Advocacy groups claim that it is aimed at file sharers rather than hackers.

First introduced on 30 November last year, the proposed law - which is due before Congress on 23 April - has been criticised by advocates of internet privacy and neutrality.

Facebook, AT&T, Intel, Verizon, and Microsoft are among some 800 firms who have reacted positively to the bill.

In a blog post , Facebook's vice-president of US public policy, Joel Kaplan, said Facebook would continue to safeguard personal information of its 845 million-plus users.

Cispa "would make it easier for Facebook and other companies to receive critical-threat data from the US government", stated Mr Kaplan.

"Importantly, HR 3523 would impose no new obligations on us to share data with anyone - and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users' private information, just as we do today."

Organisations such as the Electronic Frontier Foundation, the American Civil Liberties Union, the Sunlight Foundation and Avaaz.org have all voiced their concerns about the extent to which the government would be able to monitor private information.

The Sunlight Foundation's John Wonderlich wrote in a blog post that Cispa "is terrible on transparency" and that the shared personal data between firms and the government would be exempt from the Freedom of Information Act (FOIA).

"Information that shouldn't be shared is already protected by law, through largely uncontroversial exemptions," wrote Mr Wonderlich.

"The FOIA is, in many ways, the fundamental safeguard for public oversight of government's activities. Cispa dismisses it entirely, for the core activities of the newly proposed powers under the bill."

The Electronic Frontier Foundation said in a statement on its website that the language used in the act was too vague.

"The broad language around what constitutes a cyber-security threat leaves the door wide open for abuse," stated the organisation.

"For example, the bill defines 'cyber threat intelligence' and 'cyber-security purpose' to include 'theft or misappropriation of private or government information, intellectual property, or personally identifiable information.'

"It's a little piece of Sopa [the Stop Online Piracy Act] wrapped up in a bill that's supposedly designed to facilitate detection of and defence against cyber-security threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property."

Sopa, along with the Protect Intellectual Property Act (Pipa), are two other bills being considered by members of the US Congress.