By Joshua Ostrer
Controversial cyber privacy bill to be re-introduced to House of Representatives
The Cyber Intelligence Sharing Act (CISPA), “the Internet freedom killer,” has returned.
CISPA, the bill that was so adamantly opposed, alongside SOPA, by those favoring Internet freedom, is back again.
The bill is returning to the House next week, being introduced by Representatives Michael Rogers (R-Mich.) and Dutch Ruppersberger (D-Mich.). Both are members of the House Intelligence Committee.
The bill was originally introduced to the House of Representatives on Nov. 30, 2011, passing the house on April 26, 2012 by a vote of 248-168. However, CISPA was not put to a vote in the Senate before the previous session ended.
Formally named H.R. 3523, CISPA aims to make it easier for the government to access personal and private information about Americans held by companies with minimal regulation or explanation.
What information does “personal and private information” include? It could be the content of e-mails, your personal Internet history, and any personal information that might be stored online by any company.
CISPA does not require the company to attempt to separate information given to the government from personally identifiable information, nor does CISPA require the government to provide a reason for seeking or obtaining the information.
What bothers many about CISPA is that the bill calls for personal information to be submitted to the National Security Agency (NSA) or Department of Defense (DoD), two military agencies.
Traditionally, information dealing with American citizens has been left to civilian-run government institutions, not military ones, creating a large controversy then and now surrounding CISPA.
This issue was addressed in the April 2012 Obama Administration statement, “H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity, and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres.”
When CISPA was at the height of media attention last April, the Obama administration issued a statement on April 25, detailing the administration’s opposition to the bill, and likelihood of the use of a presidential veto if the bill passed the Senate.
“The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes. Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately,” said the Statement of Administration Policy issued by the Obama Administration.
So what happened after CISPA failed? Well, there were alternatives proposed, like the Senate’s version, the Cybersecurity Act of 2012, but that also failed.
The Senate’s alternative required annual reports on the use of information, and allowed individuals to sue the government if they believed their rights were infringed upon.
What’s brought CISPA back from the dead? First of all, CISPA was never actually voted on in the Senate, the Senate’s session ended, and given the surrounding controversy, lawmakers decided to abandon the bill at least temporarily. However, there are other reasons CISPA has returned, namely the fear of cyber-attack.
Cyber-attacks have received increased attention in the press in the past year, and there are a number of reasons why.
U.S. lawmakers have grown increasingly nervous about potential cyber threats from China and Iran’s cyber-armies. Independent reports have also verified the frequency of cyberattacks.
A study by Akamai Technologies, the “State of the Internet” report, was released last month, detailing cyberattacks in the third quarter of 2012. Akamai reported that China produced 33 percent of all cyber-attacks, followed by the United States in second at 13 percent, and Russia in third at 4.7 percent.
The United States has also been continually criticized by government officials and independent experts in the past year for having insufficient cyber-defense personnel and systems in place.
U.S. companies, including major banks and the New York Times, have also experienced recent attacks, prompting even more emphasis on defense against computerized attacks.
“This [cybersecurity] is clearly not a theoretical threat—the recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear,” said Rogers in a statement accompanying the reintroduction of CISPA.
Rogers and Ruppersberger claim that although CISPA has not been altered in any way, it does protect civil liberties. “Our bill does just that [protecting American companies] by permitting the voluntary sharing of critical threat intelligence while preserving important civil liberties,” said Ruppersberger in his statement accompanying CISPA.
While Rogers and Ruppersberger have said they are willing to work with the president on his issues with the bill, it appears that won’t be happening with CISPA.
Bloomberg.com reported on Feb. 8 that President Obama already has plans to release his own executive order regarding U.S. cybersecurity.
While the order isn’t expected to be officially made until after President Obama’s Feb. 12 State of the Union address, it seems unlikely that the White House will be involved with CISPA any further. The Presidential Order has reportedly been in the works since Fall 2012.
President Obama’s executive order reportedly intends to set voluntary cybersecurity standards for companies that operate important U.S. infrastructure.
However, information remains vague as White House officials are hesitant to divulge information before the order is officially made. Therefore, how the President’s order will actually affect CISPA remains to be seen. Disregarding President Obama’s order, CISPA’s story is still not over. CISPA passed the House once, and maybe it can again.
Even if CISPA never got a Senate vote and is opposed by the executive branch, the bill is still alive and still has the support of numerous high profile backers like AT&T, Facebook and Verizon.
Also, the last time CISPA came up, it was accompanied by a massive online protest by Wikipedia and other websites, and if that same uproar isn’t there this time, who knows what will happen. Internet freedom and security are two crucial issues today, and CISPA has a hand in both. If you feel strongly about CISPA or cybersecurity in general, contact your representative.