Debate kindles as Congress takes up the latest controversial cybersecurity bill

Congress is set to vote on a new cybersecurity bill that is drawing nationwide attention, including comparisons to the earlier, controversial Stop Online Piracy Act and Protect Intellectual Property Act and the accompanying ire of those concerned about privacy rights and the data-gathering powers it would give to the federal government.

The Cyber Intelligence Sharing and Protection Act (CISPA) is one of four cybersecurity bills up for vote on Capitol Hill this week, and it focuses on facilitating and encouraging information-sharing about cyber attacks between private companies and the federal government.

Most of the cybersecurity bills that have been introduced by members of Congress at least touch on information-sharing as part of a comprehensive national cybersecurity strategy, with the Republicans’ SECURE IT Act favoring information-sharing over the establishment of new laws and broadened governmental powers outlined in the earlier, bipartisan Cybersecurity Act of 2012.

Like SOPA and PIPA before it, CISPA has spurred a flurry of heated discussion. It’s backed by more than 100 members of Congress and some of the biggest names in the Internet business – Facebook, Microsoft, IBM, AT&T and Verizon, to name a few – but also faces heavy opposition, including from a number of privacy rights groups and the White House.

“The nation’s critical infrastructure cyber vulnerabilities will not be addressed by information sharing alone,” said Caitlin Hayden, National Security Council spokeswoman, in a statement to The Hill on April 17. “Also, while information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation's urgent needs.”

Hayden did not mention CISPA by name, but the statement came after a classified briefing on cybersecurity issues.

Supporters of CISPA say the legislation is critical to national cyber defense, billing it as a bipartisan, collaborative approach that recognizes the importance of private industry in U.S. cybersecurity.

“Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks – networks that power our homes, provide our clean water or maintain the other critical services we use every day,” said Rep. Dutch Ruppersberger (D-Md.), House Intelligence Committee ranking member, who co-sponsored the bill along with Rep. Mike Rogers (R-Mich.).

Paul Rosenzweig at the Heritage Foundation wrote that CISPA improves strides already being made in cybersecurity, and that opposition has been noted and heeded in changes made to the bill.

“CISPA is a sensible and bipartisan bill designed to enhance U.S. cybersecurity efforts by providing private- and public-sector actors with threat information that can help them thwart incoming cyber-attacks,” he noted. “CISPA avoids potentially harmful regulations and uses the innovation and resourcefulness of the private sector to make the nation more secure.”

But in recent days, criticism of the bill has reached fever pitch, with Hollywood stars, Anonymous and other members of Congress signaling the dangers posed by CISPA.

Rep. Zoe Lofgren (D-Calif.) outlined her concerns about the bill, noting that it gives internet service providers “free rein to monitor the private communications and activities of users on their networks” and would allow the government, including the Defense Department and National Security Agency, to collect and use private information for reasons other than cybersecurity.

According to the Electronic Frontier Foundation, a non-profit digital rights advocacy, the bill is “dangerously vague” and has noted concerns in a number of releases, including an April 23 open letter signed by several cybersecurity experts and industry insiders.

“We take security very seriously, but we fervently believe that strong computer and network security does not require Internet users to sacrifice their privacy and civil liberties,” the letter noted. “By encouraging the transfer of users' private communications to [f]ederal agencies, and lacking good public accountability or transparency, these ‘cybersecurity’ bills unnecessarily trade our civil liberties for the promise of improved network security.”

Reader comments

Wed, May 9, 2012 junbug20

@ G.V.Range: Right on

Wed, Apr 25, 2012 G.V.Range Maryland

It was only a decade ago, Government was dealing with the Internet and had a panel of experts defining criteria for it's new Internet Security. Recently the Cloud - It gobbled it all up.. It was obvious then, it should have been isolated from public users. Perhaps, for Government and Large Contractor's it is in their best interest, to use it as a tool for collective information acquisition, technology attack proof of concept and other criteria definition "Network Penetration Activities" as they are referred, and specific application developed to attack and also to detect intrusion and vulnerabilities. Even contractors join in that effort once initiated in the process. They either knowing or unknowing, enable the process and become targets to their fine tuning, simulating attack, collecting information and intrusion search, database mining and content analysis seeking IP information some times for exploit in the name of security. Let's not ignore the unsecured interface and permitted alarm signal monitoring access of telecommunication services land line and wireless providers. Above mentioned coupled with unknown to client outsourcing, and device provider data acquisition, monitoring and manipulation, all interfering with citizens privacy and small business. Needless to say, through online Banking Industry, search engines, marketing and online service providers, acquire Billions of Data ZetaBites they mine, sell and use. Why would anyone even ask the reason for the new rules on first to file with the USPatent Office? By pass IP acquisition review.........fast pre-allocation of IP rights? I can't access any account or service without being question - What are the last four of your social....Social what? Give me all nine, please. Biometrics replication is in virtual works now... :)

Wed, Apr 25, 2012 Ft Sill

Why can't we separate government and public internet? Let the government collect all it wants on its network that would contain critical infrastructure systems and keep the public internet a private enterprise? Is this not possible?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above