Two Michigan congressmen are prominent on opposite sides of a controversial cybersecurity bill passed by the House of Representatives on April 26. The Cyber Intelligence Sharing and Protection Act has been compared to another government Internet oversight measure that was thwarted after Google, Wikipedia, Reddit, and other Web sites temporarily shut down their sites in protest of the bill.
CISPA, which was introduced by Rep. Mike Rogers, (R-MI), the House Permanent Select Committee on Intelligence chairman, and Rep. C.A. “Dutch” Ruppersberger, (D-MD), passed the House by a 248 to 168 vote.
Legislators passed the bill after unanimously approving an amendment by Rep. Justin Amash (R-MI). Amash’s amendment prohibits the government from accessing library circulation records and patron lists; book sales records and customer lists; firearms sales records; and tax-return, medical, and educational records.
CISPA has drawn comparisons to the Stop Online Piracy Act, which was shelved by the House in January. SOPA was intended to curtail illegal downloads of copyrighted material, while CISPA deals with Internet attacks and hacking of banking, utility, and other privacy-intensive Web sites.
Chief among the stated concerns over both bills is the privacy of individuals whose personal information would be shared with the government by companies with which they conduct business.
In a statement, Rep. Rogers said, “We can’t stand by and do nothing as U.S. companies are hemorrhaging from the cyber looting coming from nation-states like China and Russia…. America will be a little safer and our economy better protected from foreign cyber predators with this legislation.”
‘Dangerous Economic Predators’
Dave Yonkman, spokesman for Rep. Rogers, said, “By permitting the private sector to expand its own cyber defense efforts and to use classified information to protect its systems and networks, this bill will help create a more robust cybersecurity marketplace with expanded service offerings and jobs. More importantly, this bill does not contain any new federal spending or impose additional federal regulation or unfunded mandates on the private sector.”
Yonkman continued, “The House of Representatives took the first step in making it harder for economic cyber spies to steal American business plans and research and development. The Cyber Information Sharing & Protection Act will help U.S. companies better protect themselves from dangerous economic predators.”
In a press release, Amash, who voted against the bill, explained his concerns: “The government shouldn’t be allowed to spy on the books Americans read or the guns they buy…. We can’t sacrifice core civil liberties in the name of cybersecurity.” He also stated the term “cyber threat information” is “defined broadly” in the bill.
Will Adams, deputy chief of staff for Rep. Amash, says the congressman opposes CISPA, but the amendments to the bill temper the privacy concerns somewhat.
Limit Government’s Information Use
“At the very least, the Amash amendments are a commonsense narrowing of the original bill’s liability waiver, which provided private companies with immunity from all state and federal privacy laws if they share private information with the government,” he said. “CISPA took an ax to privacy laws, when Rep. Amash would much rather [use] a scalpel.”
Adams says Rogers’s bill would grant the government the ability to do anything it wished with the information obtained through CISPA.
“CISPA is a flawed bill,” he said, “because private information that is protected currently by state and federal laws wouldn’t be exempted, and CISPA could be employed to override those constraints. The amendments limit what government can do with this information.”
Adams added, “Folks say you need a broad exemption for CISPA to be viable, but our view is that we should be careful and create narrow exemptions only when there are true legal impediments to reasonable cybersecurity information sharing.”
Government’s New Authority
Yonkman says comparisons between CISPA and SOPA are inaccurate. “SOPA’s focus was the protection of music and film copyrights,” he said. “CISPA’s focus is cyber threat sharing to prevent actual computer and network intrusions from advanced foreign cyber threats from countries like China, Russia, and Iran. While there is still some misinformation out in the blogosphere on Chairman Rogers’ bill, even the civil liberties and privacy organizations agree that there is absolutely no relation between CISPA and SOPA.”
CISPA gives the federal government new authority to share classified cyber threat information with approved American companies and knocks down barriers to cyber threat information sharing, Yonkman said. “With strong provisions built in to keep individual American’s private information private, the bill allows U.S. businesses to better protect their own networks and their corporate customers from hackers looking to steal intellectual property,” he said.
Yonkman emphasizes CISPA participation is voluntary. “The bill only provides new authority for sharing cyber threat information, and the bill provides absolutely no authority to block Web sites or [for] restricting and controlling Internet traffic,” he said.
Adams says Amash still opposes the bill: “Even with the narrowing of scope our amendments provide, the government can still use citizens’ information for purposes that have nothing to do with cyber security.”
Nonetheless, Adams added, “We tip our hats to Rep. Rogers for his responsiveness to our privacy concerns and companies’ rights to protect their customers.”.
Bruce Edward Walker ([email protected]) is managing editor of InfoTech & Telecom News.
“The Cyber Intelligence Sharing and Protection Act,” Reps. Mike Rogers and C.A. “Dutch” Ruppersberger, April 26, 2012: http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3523