Debate kindles as Congress takes up the latest controversial cybersecurity bill
Congress is set to vote on a new cybersecurity bill that is drawing nationwide attention, including comparisons to the earlier, controversial Stop Online Piracy Act and Protect Intellectual Property Act and the accompanying ire of those concerned about privacy rights and the data-gathering powers it would give to the federal government.
The Cyber Intelligence Sharing and Protection Act (CISPA) is one of four cybersecurity bills up for vote on Capitol Hill this week, and it focuses on facilitating and encouraging information-sharing about cyber attacks between private companies and the federal government.
Most of the cybersecurity bills that have been introduced by members of Congress at least touch on information-sharing as part of a comprehensive national cybersecurity strategy, with the Republicans’ SECURE IT Act favoring information-sharing over the establishment of new laws and broadened governmental powers outlined in the earlier, bipartisan Cybersecurity Act of 2012.
Like SOPA and PIPA before it, CISPA has spurred a flurry of heated discussion. It’s backed by more than 100 members of Congress and some of the biggest names in the Internet business – Facebook, Microsoft, IBM, AT&T and Verizon, to name a few – but also faces heavy opposition, including from a number of privacy rights groups and the White House.
“The nation’s critical infrastructure cyber vulnerabilities will not be addressed by information sharing alone,” said Caitlin Hayden, National Security Council spokeswoman, in a statement to The Hill on April 17. “Also, while information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation's urgent needs.”
Hayden did not mention CISPA by name, but the statement came after a classified briefing on cybersecurity issues.
Supporters of CISPA say the legislation is critical to national cyber defense, billing it as a bipartisan, collaborative approach that recognizes the importance of private industry in U.S. cybersecurity.
“Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks – networks that power our homes, provide our clean water or maintain the other critical services we use every day,” said Rep. Dutch Ruppersberger (D-Md.), House Intelligence Committee ranking member, who co-sponsored the bill along with Rep. Mike Rogers (R-Mich.).
Paul Rosenzweig at the Heritage Foundation wrote that CISPA improves strides already being made in cybersecurity, and that opposition has been noted and heeded in changes made to the bill.
“CISPA is a sensible and bipartisan bill designed to enhance U.S. cybersecurity efforts by providing private- and public-sector actors with threat information that can help them thwart incoming cyber-attacks,” he noted. “CISPA avoids potentially harmful regulations and uses the innovation and resourcefulness of the private sector to make the nation more secure.”
But in recent days, criticism of the bill has reached fever pitch, with Hollywood stars, Anonymous and other members of Congress signaling the dangers posed by CISPA.
Rep. Zoe Lofgren (D-Calif.) outlined her concerns about the bill, noting that it gives internet service providers “free rein to monitor the private communications and activities of users on their networks” and would allow the government, including the Defense Department and National Security Agency, to collect and use private information for reasons other than cybersecurity.
According to the Electronic Frontier Foundation, a non-profit digital rights advocacy, the bill is “dangerously vague” and has noted concerns in a number of releases, including an April 23 open letter signed by several cybersecurity experts and industry insiders.
“We take security very seriously, but we fervently believe that strong computer and network security does not require Internet users to sacrifice their privacy and civil liberties,” the letter noted. “By encouraging the transfer of users' private communications to [f]ederal agencies, and lacking good public accountability or transparency, these ‘cybersecurity’ bills unnecessarily trade our civil liberties for the promise of improved network security.”