Vote Nears On Controversial Cybersecurity Bill (CISPA)
Sponsors of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) released the latest changes to their legislation this week, a move they hope will address the concerns of a coalition of civil liberties groups who have launched a “week of action” to protest the proposals.
The bill, HR 3523, aims to broaden the means for communication between private companies and the federal government on issues of cybersecurity and national security, and gives authorities additional options and resources to ensure the security of U.S. networks against cyberattacks.
The original draft version of the legislation was passed last December by the House Intelligence Committee, and is scheduled for a full House vote on April 23rd. The original version included provisions to enforce copyrights and patents to help fight the growing prevalence of software and media piracy, but the changes made this week removed any reference to intellectual property.
CISPA´s primary sponsors, House Intelligence Committee Chairman Mike Rogers (R-MI) and Representative Dutch Ruppersberger (D-MD), say the legislation is vital to help protect the nation´s critical infrastructure from foreign cyberattacks.
“Consistent and extensive cyber looting results in huge losses of valuable intellectual property, sensitive information, and American jobs. The broad base of support for this bill shows that Congress recognizes the urgent need to help our private sector better defend itself from these insidious attacks,” said Rogers in a statement posted to his website.
“Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation´s vital networks – networks that power our homes, provide our clean water or maintain the other critical services we use every day. This small but important piece of legislation is a decisive first step to tackle the cyber threats we face,” said Ranking Member Ruppersberger.
Hundreds of companies and industry trade organizations, including Microsoft, Facebook, AT&T, Intel and others, have lined up in support of the bill.
The legislation would allow private companies to access classified government information to help protect their networks and servers from cyber attacks. In return, those private companies would be able to share users’ private information with the federal government, as long as it pertains to “cyber threats” or issues of homeland security.
But critics of the bill, including a broad coalition of civil liberties groups and grassroots activists from across the political spectrum, say the legislation will destroy privacy and free speech online. The bill´s dangerously vague language contains few limits on how and when the government can monitor private data, they say, and would allow federal authorities to snoop on private emails, text messages and social media profiles under the pretext of copyright and national security. Moreover, they say these new powers are more likely to be used to identify and punish file sharers rather than foreign spies or hackers.
To help spread the word about their concerns, organizations such as the American Civil Liberties Union, the Electronic Frontier Foundation (EFF), Tech Freedom and others launched a “week of action against CISPA” on Monday, and have set up a website that allows citizens to send out tweets directly to their Congressional representatives using the hashtags #CongressTMI and #CISPA.
“Using the guise of ℠cybersecurity´, CISPA aims to mobilize Internet intermediaries to institute a sweeping, privacy-invasive, voluntary information-sharing regime with few safeguards,” the EFF said on Wednesday.
The ACLU expressed similar concerns.
“Every day, we all spend more and more of our lives online and share more and more of our most sensitive information. Keeping our computer systems secure is a real concern, but CISPA is absolutely the wrong answer,” the organization said on Monday at the launch of its “Stop Cyber Spying Week” initiative.
“[CISPA] would create a loophole in all existing privacy laws, allowing companies to share Internet users’ data with the National Security Agency (NSA), part of the Department of Defense, and the biggest spy agency in the world – without any legal oversight.”
“If CISPA passes, companies like Google and Facebook could pass your online communications to the military, just by claiming they were motivated by ℠cybersecurity purposes.´”
Moreover, the bill would give these companies “immunity from lawsuits if you want to challenge what they are doing.”
“Once the government has the information, the bill allows them to use it for any legal purpose other than regulation, not just for stopping cybersecurity threats,” the group said.
The key amendments to the bill unveiled this week by Reps. Rogers and Ruppersberger include new provisions restricting the government´s capacity to apply cybersecurity intelligence for other purposes, and the removal of intellectual property theft from the description of cyber threat information. The changes also include new language that allows federal offices to share intelligence obtained through private companies under the condition that such information will not be used for regulation.
The amendments also propose the automatic transfer of intelligence to the Department of Homeland Security (DHS) whenever federal offices receive cybersecurity intelligence, and prohibit mandating or conditioning private companies to share intelligence with federal authorities.
Rogers said he believes he is making “tremendous progress” towards passing a law that protects the nation from cyberattacks without violating citizens´ right to privacy.
“We feel confident about where we´re at,” Rogers said during an interview with the technology website Mashable.
“We´ve got a coalition of companies in the high-tech industry supporting the bill“¦because we´ve listened to people´s concerns and incorporated them. It´s truly a collaborative effort.”
The legislation is gaining support among members of Congress, and has grown to include 112 co-sponsors — six of which have signed on in the last two days.
Rogers said the controversy over the bill did not entirely take him by surprise, although he didn´t expect CISPA to be seen as public enemy number one either.
“It´s not the scary piece of legislation that folks out there are making it out to be,” he said.
“The good news is“¦I think we´re crossing that threshold of getting people to understand what we´re trying to accomplish. We´re doing this in a transparent way, and we feel better by the day.”
Rogers and the House Intelligence Committee have been in ongoing discussions with privacy and civil liberties groups, members of the tech industry and others to find ways to improve the bill. The committee has been proving updated “discussion drafts” on its website as the process advances.
Rogers says the companies that support the bill want a common reservoir of knowledge where they can learn and prepare for cyberattacks.
But the EFF and other privacy organizations remain unconvinced. Of particular concern to them is CISPA´s national security provision, which they believe will allow the government to monitor users´ private data.
Rogers disputes these claims, saying CISPA is carefully worded such that the only information shared is that pertaining to cyberattacks designed to harm critical infrastructure, or those instituted by foreign governments trying to steal the intellectual property of American businesses.
“℠National security´ has a meaning,” he said.
“It´s any threat to the security of the U.S. that can either be by physical harm or in some ways economic harm, so you can have really both ways. So in other words, if you want to go and shut down and attack an electrical grid, that clearly has national security implications. I think it would be morally reprehensible for us not to prevent that loss of life.”
The White House weighed in on the legislation on Wednesday, expressing concerns — but stopping short of a veto threat — that CISPA would authorize Internet companies to disclose confidential customer records and communications.
“While information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens,” said National Security Council spokeswoman Caitlin Hayden in a statement provided to The Hill newspaper.
Tim Berners-Lee, inventor of the World Wide Web, added his voice to those opposing the bill. In an interview with The Guardian, he said the CISPA threatens “the rights of people in America, and effectively everywhere, because what happens in America tends to affect people all over the world.”
“It’s staggering how quickly the U.S. government has come back with a new, different, threat to the rights of its citizens,” he said, referring to the anti-piracy Stop Online Piracy Act (SOPA), a bill that was tabled in January amid fierce public opposition.
Although at this point CISPA appears likely to pass, expect the battle to heat up in the coming days as the full House vote approaches.