The House cyber-security bill that rang alarm bells throughout the civil liberties community when first proposed last year has made a troubling comeback. CISPA (the Cyber Intelligence Sharing and Protection Act), which allows the National Security Agency and the military to collect your private Internet records, is being reintroduced in the House Wednesday.
House Intelligence Committee Chairman Mike Rogers, R-Mich., and ranking member Rep. Dutch Ruppersberger, D-Md., will reintroduce the legislation, which passed the House last year but faced serious opposition over privacy concerns. The co-sponsors had planned to amend the bill to address concerns, but according to reports, it's the same old CISPA. Via the ACLU:
That's right, the same bill that allows companies to turn over your sensitive internet records directly to the NSA and the Department of Defense without requiring them to make even a reasonable effort to protect your privacy. The same bill that lets the government use the information it collects for cybersecurity purposes "to protect the national security of the United States"—a concept that is, of course, undefined and incredibly expansive. Here we are, ten months later, with a much-deserved veto threat from the administration, a smarter Senate alternative, and an Executive Order that will address part of the information-sharing issue—yet the House starts with the same old privacy-busting bill as before.
CISPA's stated purpose is to aid government, especially the intelligence community, in investigating cyber threats and ensure the security of networks against cyber attack, especially those emanating from countries like China and Iran. However, privacy concerns arose from the fact that the legislation entails companies potentially handing over users' private information and browsing histories to the government. Online activist Aaron Swartz, who committed suicide last month facing trumped up federal charges, once called CISPA akin to "the Patriot Act of the Internet." He told Russia Today, “The thing about this bill is it doesn’t really have any protections against cyber threats ... All it does is make people share their information. But that’s not going to solve the problem. What’s going to solve the problem is actual security measures, protecting the service in the first place, not spying on people after the fact.” Michelle Richardson echoed these concerns on the Hill last year when the bill was first proposed:
The very definition of what can be shared is incredibly broad, and includes sensitive and private information such as the content of emails or a person’s Internet use history. Companies are not required to even make an effort to disentangle sensitive but unnecessary information from the technical and useful data that government might really need.
Second, the bill allows companies to choose which government agency to share the information with, including the National Security Agency or other element of the Department of Defense. It is a long-held American value that the military doesn’t operate on U.S. soil against Americans, and allowing the NSA and DOD to collect information on average Americans turns that value on its head.
Recent cyber-attacks on the New York Times and the Wall Street Journal believed to emanate from China have stoked fears expressed for some months by the Obama administration that the U.S. is vulnerable to potentially serious threats. Leon Panetta last year warned that the country could face a “cyber-Pearl Harbor," with crucial infrastructure vulnerable to attack. Panetta had urged CISPA be passed.
It is also believed that President Obama may pass an executive order this week, which calls for the creation of new standards on what private-sector companies must do to protect their computer systems from a cyber-security breach.