A controversial cybersecurity bill is one step closer to being added to the law books following a closed-door meeting between members of Congress on Wednesday.
Privacy advocates are up in arms after the House Intelligence committee overwhelmingly approved an updated draft of the Cyber Intelligence Sharing and Protection Act, or CISPA, Wednesday afternoon by a vote of 18-to-2. Now if the bill makes it all the way to the desk of US President Barack Obama, Americans will likely be subjected to having the personal information they provide to online businesses shared with the government’s top-secret spy agencies.
The authors of the bill, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), introduced a revamped version of CISPA in February after attempts to pass the act in 2012 were thwarted when the congressional session came to a close before a final vote could occur. In the few months between the original CISPA’s demise and the reintroduction, though, officials have reported an increase in cyberattacks by way of Iran and China that have been condemned by politicians as high up as the president.
“Congress must act,” Obama said during his 2013 State of the Union address, “…by passing legislation to give our government a greater capacity to secure our networks and deter attacks.”
On their part, Rogers and Ruppersberger say CIPA will “provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities,” by closely monitoring threats to the nation’s cyber infrastructure and formally legalizing the practice of sending personal user data to government agencies, including the Department of Defense and the National Security Agency.
“While no portion of CISPA requires companies to share data with the feds, major telecommunications providers have illegally shared customer data with the NSA before, leading to a congressional grant of retroactive immunity in 2008,” CNET reporter Declan McCullagh recalls.
Now with the backing of both the commander-in-chief and the overwhelming majority of the Intelligence committee, CISPA is expected to have an easier time than ever advancing in the House and Senate, which would then require nothing more than the autograph of Pres. Obama to sign the bill into law. Critics of the act aren’t so sure that’s a good idea though, and are more adamant than ever at crushing CISPA after members of the committee failed to include a handful of amendments that were touted as safeguards necessary to protect the privacy of Americans.
Rep. Jan Schakowsky (D-Illinois) voted against CISPA during Wednesday’s closed-door mark-up meeting, but might have acted differently had her congressional colleagues approved any of the three amendments that she unsuccessfully tried to tack on to the bill. One of those amendments would have excluded the Pentagon and NSA from the list government entities allowed to access third-party data; another would create a high-level privacy post to oversee “the retention, use and disclosure of communications, records, system traffic or other information” obtained by the feds.
“My amendments would have strengthened privacy protections, ensured that consumers can hold companies accountable for misuse of their private information, required that companies report cyber threat information directly to civilian agencies and maintained the long standing tradition that the military doesn’t operate on US soil against American citizens,” she told reporters after the vote. “I strongly agree with the need to enact effective cybersecurity legislation, and commend the bipartisan effort of the House Intelligence Committee, but this bill doesn’t sufficiently protect individual privacy rights.”
Schakowsky was joined in dissenting with Rep. Adam Schiff (D-California), who told reporters after the vote that CISPA simply does too much to tear away at the personal privacy of Internet users.
“It is not too much to ask that companies make sure they aren’t sending private information about their customers, their clients, and their employees to intelligence agencies, along with genuine cyber security information,” Rep. Schiff said. “While I support increased information sharing, without requirements that companies make sure they aren’t sharing Personally Identifiable Information, as well as making the Department of Homeland Security the initial point of receipt, I cannot support the bill in its current form.”
That isn’t to say that Schiff doesn’t think changes could be made: speaking to the Los Angeles Times Wednesday evening, he said that creating cybersecurity legislation is “worthwhile,” adding, “it shouldn’t be that hard to require the steps that would protect people’s privacy while also preventing the massive theft of America’s work product that’s going on.”
The authors of the bill say that foreign hackers have cost US businesses billions of dollars by stealing intellectual property by infiltrating computer networks, and CISPA could curb these assaults while also helping prevent cyberattacks that could cause actual physical damage. Opponents call these warnings trumped up and over-the-top, though, and fear that the US government is advancing a cybersecurity bill in order to not just answer these allegedly ramped up cyberattacks, but to take away what little is left of Americans’ privacy.