Skip to content Skip to footer

CISPA Critics Warn Cybersecurity Bill Will Increase Domestic Surveillance and Violate Privacy Rights

As it heads toward a House vote, critics say the Cyber Intelligence Sharing and Protection Act (CISPA) would allow private internet companies like Google, Facebook and Microsoft to hand over troves of confidential customer records and communications to the National Security Agency, FBI and Department of Homeland Security, effectively legalizing a secret domestic surveillance program … Continued

As it heads toward a House vote, critics say the Cyber Intelligence Sharing and Protection Act (CISPA) would allow private internet companies like Google, Facebook and Microsoft to hand over troves of confidential customer records and communications to the National Security Agency, FBI and Department of Homeland Security, effectively legalizing a secret domestic surveillance program already run by the NSA. Backers say the measure is needed to help private firms crackdown on foreign entities — including the Chinese and Russian governments — committing online economic espionage. The bill has faced widespread opposition from online privacy advocates and even the Obama administration, which has threatened a veto. “CISPA … will create an exception to all existing privacy laws so that companies can share very sensitive and personal information directly with the government, including military agencies like the National Security Agency,” says Michelle Richardson, legislative counsel for the American Civil Liberties Union. “Once the government has it, they can repurpose it and use it for a number of things, including an undefined national security use.”

Juan Gonzalez: A legislative battle has erupted on Capitol Hill over a controversial House bill that critics say would allow private internet companies to hand over troves of confidential customer records and communications to the National Security Agency and other agencies. In a letter on Monday, 18 Democratic House members warned that unless specific limitations were put in place, the bill, quote, “would, for the first time, grant non-civilian federal agencies, such as the National Security Agency, unfettered access to information about Americans’ internet activities and allow those agencies to use that information for virtually any purpose.” The bill is titled the Cyber Intelligence Sharing and Protection Act, or simply CISPA.

Backers of the legislation say it is needed to help private companies crack down on foreign entities—including the Chinese and Russian governments—committing online economic espionage that is stealing trade secrets from U.S. corporations and the government. But the bill has faced widespread criticism from online privacy advocates and even the Obama administration.

Amy Goodman: On Thursday, the White House threatened to veto the legislation, saying, quote, “The sharing of information must be conducted in a manner that preserves Americans’ privacy, data confidentiality and civil liberties and recognizes the civilian nature of cyberspace. Cybersecurity and privacy are not mutually exclusive,” they said. Critics also say the bill would essentially legalize a secret domestic surveillance program already being run by the National Security Agency.

Last week, a former top NSA official appeared on Democracy Now! to give his first TV interview. William Binney said domestic surveillance is already expanding under the Obama administration.

William Binney: Actually, I think the surveillance has increased. In fact, I would suggest that they’ve assembled on the order of 20 trillion transactions about U.S. citizens with other U.S. citizens.

Amy Goodman: How many?

William Binney: Twenty trillion.

Amy Goodman: Where do you get the number 20 trillion?

William Binney: Just by the numbers of telecoms, it appears to me, from the questions that CNET posed to them in 2006, and they published the names and how—what the responses were. I looked at that and said that anybody that equivocated was participating, and then estimated from that the numbers of transactions. That, by the way, estimate only was involving phone calls and emails. It didn’t involve any queries on the net or any assembles—other—any financial transactions or credit card stuff, if they’re assembling that. I do not know that.

Amy Goodman: National Security Agency whistleblower William Binney. To see the full interview with him, you can go to our website at democracynow.org.

We’re joined now by two guests. Michelle Richardson is with us in Washington, D.C., legislative counsel for the American Civil Liberties Union. Jacob Appelbaum is back with us again here in Democracy Now!’s studios in New York, computer security researcher, developer and advocate for the Tor Project, a system that enables its users to communicate anonymously on the internet.

Michelle, let’s begin with you. Talk about this legislation, this bill that is expected to be voted on this week, debates beginning today.

Michelle Richardson: CISPA, the bill that will come up later today and probably be voted on tomorrow, will create an exception to all existing privacy laws so that companies can share very sensitive and personal information directly with the government, including military agencies like the National Security Agency. And then, once the government has it, they can repurpose it and use it for a number of things, including an undefined national security use. The violations of privacy are just amazing under this bill, and it’s even invoked a veto threat from the Obama administration.

Juan Gonzalez: And specifically in terms of the new powers that this grant, what does this do to existing laws that protect the privacy of American citizens and requires the government to get even FISA warrants when it wants to actually do surveillance in particular situations?

Michelle Richardson: Right. Current law now creates a presumption of privacy in our phone calls, emails and internet records, and they say that companies have to keep them private unless there’s an emergency or the government serves them with a subpoena or warrant. And in one fell swoop, this bill will say that these privacy laws simply no longer apply. So, all of the process afforded under those laws, the protections, the congressional reporting, the role of a judge, all of that is swept away in one bill and will allow companies to decide how much and what type of information they want to turn over to the government. And it can include incredibly sensitive information, like the content of emails or internet use history. There’s no obligation on the companies to extract the personally identifiable information. And that’s the important thing to remember here, that information sharing may be a good thing. There are ways that it could be done, where companies would share technical data with the government that wouldn’t invade privacy. But that’s not what we’re talking about. This bill is incredibly broad and will allow the companies to turn over even the personally identifiable information.

Amy Goodman: The chief author of CISPA, Republican Congress Member Mike Rogers, the chair of the House Intelligence Committee and a former FBI agent, when he introduced the bill in November, predicted privacy advocates would oppose the legislation.

Rep. Mike Rogers: I expect that some will allege that the bill creates a new wide-ranging government surveillance program. This is false. The bill has nothing to do with government surveillance. It simply provides clear authority to the private sector, not the government, to identify and share cyber threat information. And remember what the threat is: up to a trillion dollars a year in lost intellectual property. The one thing that has set America apart from every other nation is our innovation in our intellectual property. If we lose that game, we lose this fight.

Moreover, the bill only permits sharing of cybersecurity threat information when a company is engaged in the protection of its own systems or networks or those of the corporate customer. Our bill does not require anyone to provide information to the government. Any sharing of information with the government is completely voluntary every step of the way. A government surveillance program that doesn’t require any information privileged to the government shouldn’t be a very good surveillance program. Now, I couldn’t believe it. As an old FBI guy, we would say that is an unworkable event.

Amy Goodman: House Intelligence chair, Michigan’s Republican Congress Member Mike Rogers, unveiling the legislation at a meeting hosted by the National Cable and Telecommunications Association, a lobbying powerhouse. The association’s president, Michael Powell, praised the legislation. Powell is the former chair of the Federal Communications Commission and the son of former secretary of state, General Colin Powell.

Michael Powell: It’s not an exaggeration to say, when it comes to cybersecurity, what you don’t know can hurt you. And one of the most valuable aspects of this legislation is it deals with the most critical problem when industries and government face a challenge like this: inadequate information flow. You can’t fix what you don’t know. You can’t work in cooperation and coordination with others when you’re not able to effectively share information. I think the legislation we’ll hear about today takes a dramatic and important step.

Amy Goodman: That was Michael Powell, formerly chair of the FCC. Michelle Richardson, your response?

Michelle Richardson: Well, the advocacy and civil liberties community is united in their opposition to this bill. We all believe that this is an unjustifiable infringement on privacy. And while the sponsors speak about limitations, they’re just not in the bill. We’re being asked to just trust the companies and the NSA to work in secret and protect our privacy. And we know from the warrantless wiretapping scandal after 9/11, when these groups are allowed to work in private like this, they’re going to invade our privacy.

Juan Gonzalez: Well, Michelle Richardson, there’s been apparently a series of amendments proposed, some of them by liberal Democrats like John Lewis and others who are hoping to make portions of this legislation more palatable. Your sense of these attempts at soothing the rough edges of this legislation, but leaving it essentially intact?

Michelle Richardson: Well, last night, the House Rules Committee decided which amendments would actually get a vote on the floor tomorrow, and they decided that amendments offered by Mr. Lewis or Jan Schakowsky or some of the other progressive members simply will not get a floor vote. And these were incredibly important amendments that would have squarely made Congress decide whether the military and the NSA would be able to collect internet records on innocent Americans. But Congress will not be able to vote on that this week, and instead they’ll just have to vote no on the entire bill, to send the message that they don’t want the military surveilling internet.

Amy Goodman: Interestingly, the legislation was co-sponsored by Democratic Congress Member Dutch Ruppersberger, the ranking member of the House Intelligence Committee. He has denied the bill would increase surveillance.

Rep. Dutch Ruppersberger: What the bill basically does is—in 1947, there was a bill, the intelligence bill, that really created what the rules or regulations were for CIA, NSA and all of the intelligence agencies. And what this bill basically does is allow a government entity—in most situations, the NSA here—it allows them to give information to the private sector. The 1947 bill says, if it’s classified information, you cannot give it to the other side. And how the bill really came together was this DIB pilot program. It’s a pilot program that allowed the NSA, working with the providers, the—I believe it was AT&T, it was Verizon and Qwest—and allowed them to give that information over to the private companies to work to protect themselves. That worked extremely well. And as a result of that, we kind of—we kind of modeled our bill after that.

Amy Goodman: Now, interestingly, the Obama administration at this point says that they would veto this, but that’s Democratic Congress Member Dutch Ruppersberger. And among those who are supporting the legislation are major companies, ones that have actually opposed SOPA, the Stop Online Privacy Act—for example, Google, and then there’s Facebook and these other companies. What do they have to gain, and what are the companies that are supporting it?

Michelle Richardson: Last I heard, all of the major corporations that are involved with the internet are supporting this CISPA, the Rogers bill. And frankly, they’re going to make out like bandits. Under this bill, if they share our private information, they get complete protection from liability. Consumers will no longer be able to assert their privacy rights that exist under current law and hold them accountable in court. They can’t be prosecuted by the government like they currently can for illegal wiretapping or sharing information. They’re getting FOIA exemptions, so that no one will ever know about these breaches or the things that they share with the government. They’re really walking away here with maximum flexibility to share our personal information with minimum accountability and no enforcement to make sure that they are not oversharing and infringing on our privacy.

Juan Gonzalez: Well, Michelle Richardson, what are the prospects of this legislation passing, first in the House, and obviously then it would also have to pass in the Senate? And how would the White House react to its possible passage?

Michelle Richardson: Well, we were very, very pleased to see that the Obama administration issued a veto threat yesterday and said, in very clear terms, that they believe that control of the internet needs to remain civilian, and the military shouldn’t be routinely collecting information on innocent people. We expect the bill to probably pass tomorrow, but we expect a strong no vote. And even just a month ago, if this bill had been brought to the floor, it probably would have sailed through without much amendment at all. But the online organizing and the organizing by the advocacy community over the last month has really changed the game, and the members are more educated. And I think we’re going to see a very strong no vote from both Democrats and Republicans tomorrow.

Amy Goodman: Michelle Richardson—

Michelle Richardson: Now, the Senate has its own alternative and is slated to vote on their bill in May. And it does include more protections, so it will come down to a conference between the House and the Senate to see which bill prevails.

Amy Goodman: Michelle Richardson, legislative counsel for the American Civil Liberties Union. When we come back, Jacob Appelbaum is back with us, computer security researcher. This is Democracy Now! Back in a minute.

We’re not going to stand for it. Are you?

You don’t bury your head in the sand. You know as well as we do what we’re facing as a country, as a people, and as a global community. Here at Truthout, we’re gearing up to meet these threats head on, but we need your support to do it: We must raise $18,000 before midnight to ensure we can keep publishing independent journalism that doesn’t shy away from difficult — and often dangerous — topics.

We can do this vital work because unlike most media, our journalism is free from government or corporate influence and censorship. But this is only sustainable if we have your support. If you like what you’re reading or just value what we do, will you take a few seconds to contribute to our work?