Congress will reportedly meet next week to conduct a markup of the controversial Cyber Intelligence Sharing and Protection Act (CISPA), but just like last year, the House Intelligence Committee reportedly plans to hold its debates behind closed doors, away from the public eye.
Originally introduced in November 2011, CISPA purportedly aims to allow sharing of Internet traffic data between companies and the government to better detect and protect critical infrastructure against cyberthreats and cyberattacks. The bill, however, has been condemned by Internet privacy and civil liberties advocates for its lack of limits on how and when the government can monitor one’s Internet browsing information.
Many believe CISPA would undermine the current cybersecurity program that protects civilian privacy, because it would allow companies in the private sector to share any information derived from communications with users directly with the National Security Agency (NSA), which would include personal information like emails and Internet browsing data. Even if the information was protected by privacy law, companies’ sharing of user data would be immune to criminal or civil liability as it is authorized by CISPA.
Opponents like the ACLU, Electronic Frontier Foundation and a coalition of 41 organizations also believe the bill’s language is dangerously broad, especially regarding the definition of “cyber threat information,” which doesn’t require companies to remove any personally identifying information (PII) unrelated to the threat. And since CISPA’s use restrictions only apply to the Federal government, the bill could potentially permit the government to use any “cyber threat information” for non-cyber security purposes.
“Since CISPA broadly immunizes corporations from criminal and civil liability, it prevents customers from holding those companies accountable if they negligently or recklessly mishandle their data,” former White House Cybersecurity Director Chris Finan wrote in a recent column for Wired.
“To avoid the moral hazards of such broad immunity, lawmakers should carefully tailor corporate liability protections,” he said. “Yes, the risk of a cyber attack is indeed real, and warrants careful legislative action. But as Congress again debates how to address this risk, our elected officials must be willing to reject the false choices and drastic measures that would undermine our fundamental principles.”
President Obama and his administration threatened to veto the CISPA bill last year, warning that the bill “lacks sufficient limitations on the sharing of personally identifiable information between private entities” and “treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres.” Given how the bill is largely unchanged from last year’s version, it’s possible Obama will issue a similar response to Congress in 2013.
“The American people expect their Government to enhance security without undermining their privacy and civil liberties,” the Obama administration said in a statement. “Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties and consumer protections.”
Over the past couple of weeks, more than 150,000 Internet users have taken action against CISPA, speaking out on Twitter with the hashtag “#CISPAalert,” and joining campaigns on behalf of Demand Progress, Daily Kos and the ACLU. The Electronic Frontier Foundation says more than 37,000 people contacted members of Congress using the organization’s own “action center,” including 15,000 people in the last week of March alone.
“Congress doesn't want an open discussion on the many problems with CISPA, so it does what it does best: try to hide things away and rush them through when (hopefully) not enough people are looking,” Floor64 founder Mike Masnick said on Tuesday via TechDirt. “It makes you wonder just what CISPA's supporters are so worried about. Congress is supposed to work for the public, not hide things away from the public. This isn't a situation where they're discussing classified info or plans -- but merely a bill focused on information sharing between the government and private companies. Any markup on CISPA needs to be public.”