The House of Representatives is expected to vote by the end of the week on a controversial cybersecurity bill that has received a veto threat from the White House and sparked global Internet protests as civil liberties groups raised concerns about private companies sharing Americans’ personal information with the government.
The Cyber Intelligence Sharing and Protection Act (CISPA) aims at combating cyber threats, such as foreign hackers, by allowing the government and private companies to share information on cyber threats.
Civil liberties groups, including the ACLU and the Electronic Frontier Foundation, say the bill’s language is dangerously broad and would allow private companies to circumvent existing privacy laws and share massive amounts of user information such as private emails with government agencies.
Get our free emails
Facebook, AT&T, IBM, and hundreds of other private companies endorsed CISPA. Facebook recently posted a statement telling users the company is only interested in information from the government on threats to its own systems and would not use the bill to spy on them.
White House Veto Threat
Senior White House officials said in a statement Wednesday that President Obama would be advised to veto the bill in its current form. The White House declared, “cybersecurity and privacy are not mutually exclusive.”
According to the White House, CISPA does not offer enough protection of the nation’s core cyber infrastructure and threatens civil liberties by failing to establish accountability measures and “sufficient limitations” on the sharing of personal information to ensure information is shared by the government and private companies for the right purposes.
The Obama administration does want Congress to produce legislation to address cybersecurity threats, but CISPA would not make the cut in its current form.
The online campaign to stop CISPA had some observers comparing the legislation to the Stop Online Piracy Act (SOPA) that inspired a wave of protests and a day of web site blackouts before losing support in Congress. In one weeklong campaign, more than 100,000 Tweets were sent to members of Congress asking them to oppose CISPA. More than one million people signed petitions against the bill.
“You can see that after SOPA there is a continued effort from the public to stand up for its rights when it comes to the Internet,” said Josh Levy, Internet Campaign Director for Free Press.
Many SOPA opponents came out against CISPA, but the bills are different. SOPA threatened freedom of expression on the Internet by targeting piracy and unauthorized sharing of copyrighted material, while CISPA is said to threaten privacy and personal data by allowing companies to hand over private information to the government with little oversight.
Like the anti-SOPA movement, the campaign against CISPA caught wind in Congress. CISPA co-author and champion Rep. Mike Rogers (R-Michigan), who chairs a special intelligence committee, made changes to the bill this week to appease civil liberties and Internet freedom groups.
CISPA, Spying and the NSA
On Tuesday, Rogers and co-author C. A. Dutch Ruppersberger (D-Maryland) announced amendments to the bill meant to ensure private companies and government agencies don’t use the legislation to justify collecting and using personal information from Americans unless a it pertains to a cybersecurity threat, a cybersecurity investigation, a threat to national security or crimes that threaten bodily harm to individuals. Rogers also added a provision allowing lawsuits against the government for improperly disclosing person data.
“Are we going to agree on everything? Probably not. They don’t want anything, anytime, ever,” Rogers said after announcing the changes. Rogers said he tried to give the groups “language that at least allows them to sleep at night, because I can’t sleep at night over these threats.”
Rogers claims he has enough votes to pass CISPA on to the Senate, but the revisions did not go far enough for the vocal opposition outside of Congress.
“The package of amendments produced by Rogers does nothing to prevent the unfettered data collection by Internet companies and the transfer of sensitive personal information to the government,” said Rainey Reitman, activism director for the Electronic Frontier Foundation (EFF). Rogers claims to have assuaged the concerns of the civil liberties community is unfounded.
The Department of Homeland security would handle the information coming in from private companies and distribute it to other agencies, and the EFF and other opponents fear that private citizen’s information could end up in the hands of the National Security Administration (NSA), which was caught in 2006 working with AT&T to data mine Internet traffic and gather thousands of phone records from customers.
“The NSA is an agency known for its lack of public accountability and we are particularly concerned about them getting a hold of sensitive information from American citizens,” Reitman said.
Amendments offered by two Democrats could prevent military and intelligence agencies from accessing and misusing cybersecurity information gathered under the legislation. Reitman said the EFF is supporting these amendments, but still opposing the bill as a whole. The House is expected to debate CISPA on Thursday and come to a vote on Friday.