Last week, Congress backed the Cyber Intelligence Sharing and Protection Act (CISPA) by a vote of 248-168. While it has caused a similar, if somewhat smaller, reaction on the Internet to the one caused by SOPA, these are very different bills. SOPA dealt mainly with piracy; CISPA is all about security.
The concern by some is that the bill’s language is too broad, giving companies and the government power to intercept, share or block user information as long as it is to fight “cybersecurity threats.” Proponents say it will increase the ease and speed with which the private and public sectors can cooperate to fight threats against this country’s woefully unprepared networks.
The debate now moves on to the Senate, but before that let’s take a look at the key players behind and opposed to CISPA.
Facebook was vehemently opposed to SOPA but has written to Congress in support of CISPA. Facebook’s Washington D.C. office gave a fairly reasonable defense when it stated “When one company detects an attack, sharing information about that attack promptly with other companies can help protect those other companies and their users from being victimized by the same attack.” Sounds reasonable, although some critics of the bill believe tech companies are supporting it because it protects them from lawsuits. Take IBM, for example.
“IBM believes a non-regulatory approach to spur sharing of actionable cyber threat information between government and industry is a critical piece to improving the security of our nation and its assets as we continue to operate and thrive of a digital network.” Non-regulatory is the key phrase in the company’s letter to Mike Rogers (R – MI), chairman of the House Intelligence Committee and the author of CISPA. The bill makes it much more difficult for a user to sue a company if it gives his or her information over to the government.
That’s why companies including Microsoft, Verizon and AT&T have expressed similar sentiments when it comes to CISPA, although Microsoft has expressed some concerns over its wording. Competing bills have put a lot more responsibility on the shoulders of businesses, who would have to be more careful about what information is okay to share what isn’t.
The Financial Sector
“We are encouraged that the bill provides a voluntary approach to information sharing, which reduces regulatory burden to American businesses,” wrote the Financial Services Roundtable, which represents 96 members including Citibank, JPMorgan Chase and MasterCard. Like many tech companies, banks also want to know that they won’t be sued if they share their customers’ information with the government.
It wasn’t unanimous, but of the 234 Republican Congressmen who voted on the issue, 206 of them voted to pass the bill. House Speaker John Boehner (R-Ohio) was the most vocal supporter, telling Politico “The bills we’re moving this week are common-sense steps that would allow people to communicate with each other, to work together, to build the walls that are necessary in order to prevent cyberterrorism from occurring.”
U.S. Chamber of Commerce
CISPA is, overall, very popular in the business world; thus it stands to reason that the U.S. Chamber of Commerce would be behind it too, calling it an “important step in assisting the nation’s public and private sectors to prevent, deter, and mitigate the array of cyber threats from illicit actors without imposing burdensome regulations on industry.” Again, it comes down to regulation. Companies and the government would have a lot of freedom to share information without worrying about legal action which, of course, is the source of a lot of the tension over the bill.
The White House
President Obama threatened to veto the bill if it passed in its current form, with his office issuing a statement that said “the bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information.” The Obama administration prefers legislation it wrote in May which would give more power to the Department of Homeland Security and impose certain standards on businesses, stating that if a “private-sector business, state, or local government wants to share information with DHS, it must first make reasonable efforts to remove identifying information unrelated to cybersecurity threats.”
Reps. Joe Barton (R-Texas) and Edward Markey (D-Mass.)
The co-chairs of the Congressional Privacy Caucus proposed an amendment that would have explicitly banned the government from using information for anything other than fighting cybersecurity threats. According to The Hill, the two released a joint statement after it passed:
Electronic Frontier Foundation
It’s no surprise that the EFF opposes CISPA, as it opposes almost all policies that allow for the sharing of personal information. Its complaints:
The language of the bill is too broad, and it’s hard to know what information will actually be shared by private entities as a result of the bill, or what “cybersecurity systems” will do once they are enabled … CISPA also grants sweeping immunity to companies to share information “notwithstanding any other provision of law,” and unsurprisingly has a fair amount of industry support as a result.
While many Republicans have supported CISPA, many in the Libertarian wing of the party have opposed it. Ron Paul called it “Big Brother writ large” and “essentially an internet monitoring bill that permits both the federal government and private companies to view your private online communications with no judicial oversight–provided, of course, that they do so in the name of ‘cybersecurity.’ ”
The American Civil Liberties Union has, as expected, spoken out against the bill. After it was passed by the House, the ACLU issued a statement calling it “a dangerously overbroad bill that would allow companies to share our private and sensitive information with the government without a warrant and without proper oversight” and that it would give “companies the authority to share that information with the National Security Agency or other elements of the Department of Defense, who could keep it forever.”