Care2 – by Kristina Chew Last night, after nearly seven hours of debate, the Cyber Intelligence Sharing and Protection Act (CISPA) passed the House of Representatives by a vote of 248-168. CISPA is intended to protect websites and the government from hackers by giving internet companies the authority to reveal users’ confidential records without facing legal action. The bill also allows the government to share classified information with companies to help protect computer networks to improve the government’s and private companies’ ability to share information about possible security threats from China and other countries. But opponents have critiqued the bill as being too broad and vague about what it would regulate as a cybersecurity threat and for infringing too much on privacy.
CISPA still has to pass the Senate; as of yet, there is not a corresponding bill. The Senate is working on a bipartisan bill that instead calls for the secretary of the Department of Homeland Security to create regulations that would protect “critical infrastructure” such as the “electric power grid, water and sewer systems, transportation hubs and financial service networks,” says the New York Times. On Wednesday, the Office of Management and Budget had said that it recommended a presidential veto on CISPA.
The White House has argued that the government should set “minimum cybersecurity performance standards” but that CISPA could undermine “fundamental privacy, confidentiality, civil liberties and consumer protections.” House Speaker John A. Boehner countered that “The White House believes the government ought to control the Internet, government ought to set standards and government ought to take care of everything that’s needed for cybersecurity.”
While support for CISPA was initially not split along partisan lines, CNET points out that it has “gradually moved in that direction.” Rep. Jared Polis, a Colorado Democrat and once a web entrepreneur, told CNET that CISPA would give the military and the National Security Administration the “right to spy on Americans on American soil” by in effect waiving “every single privacy law ever enacted in the name of cybersecurity.” Rep. Mike Rogers, a Michigan Republican who is the chairman of the House Intelligence Committee and an author of CISPA, defended the bill as not at all what it was being characterized as, urging legislators to “Stand for America! Support this bill!” In the final vote, 206 Republicans voted for CISPA with 28 opposed; in contrast, 42 Democrats voted for CISPA and 140 were opposed.
Are the Concerns About CISPA Justified?
Writing in The Atlantic, Conor Friedersdorf says that opposition to CISPA is not paranoid, but highly justified because the bill lacks sufficient safeguards to protect citizens from what could turn into government surveillance. CISPA in its current incarnation is simply too general. It adds a “cybersecurity loophole to every law on the books,” says the Cato Institute’s Julian Sanchez. It does not provide for any regulatory body to oversee intrusions on user’s privacy in the name of national security.
Friedersdorf describes how the Bush administration engaged in illegal wiretapping for years, yet no NSA officials have been prosecuted under the Obama administration. NSA whistleblower Thomas Drake has been “prosecuted by both the Bush and the Obama Administrations” after raising complaints about a separate warrantless surveillance project.
While acknowledging the real dangers of a cyberattack, Rep, Joe L. Barton, a Republican from Texas pointed out that “the absence of explicit privacy protections for individuals is, to me, a greater threat to democracy and liberty than the cyberthreats that face America.” CISPA wants to “strike a balance” between allowing “government access to potentially sensitive information without making citizens vulnerable to dangerous abuses.” But in trying to provide such access to information, CISPA fails to adequately protect the rights of private users.
Describing CISPA as “horrible,” ACLU legislative counsel Michelle Richardson said in Ars Technica: “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back.” The ACLU pointed out that amendments would have only put the “veneer of privacy protections” on the bill and that the problem is CISPA in its current form itself.