Digital Version of November/December 2014 Print Edition
CISPA passes House as White House threatens veto
The House approved controversial legislation that would increase cyber threat information-sharing and communications between private industry and the government, but the White House has threatened to veto the measure and privacy groups have vowed to fight it in the Senate.
The House of Representatives passed the Cyber Information Sharing & Protection Act, or CISPA, H.R. 3523, on a 248 to 168 vote late on April 26.
The sponsors of the bill, Rep. Mike Rogers (R-MI), chairman of the House Permanent Select Committee on Intelligence, and the committee’s ranking member, Dutch Ruppersberger (D-MD), said the bill’s passage was a first step in helping companies protect themselves from “dangerous economic predators.”
In an April 26 statement, Rogers and Ruppersberger claimed strong bi-partisan support for the measure and pointed to support from large corporations who have been targeted by Cyber attacks. Rogers and Ruppersberger said the bill had “strong provisions built in to keep individual American’s private information private.”
In the run up to the vote, Rogers had added language that allowed businesses that share information with the government to “minimize” personal data it passes along to exclude some details. Additionally, he said, the intelligence community’s inspector general would audit how the bill is being implemented.
Rogers and Ruppersberger pointed to the support the measure had received from Facebook, the US Chamber of Commerce, Boeing, financial trade associations, AT&T, utilities groups, Intel, tech associations.
The additional language, however, didn’t appease most opponents. They contend the bill allows the federal government to step beyond quashing Cyber threats. They said the way information would shared and who it was shared with could possibly violate the privacy of entities tied to that data. They said information gathered from private companies could to be used for intelligence purposes by intelligence agencies and urged a civilian agency like the Department of Homeland Security be put in charge of overseeing the data.
Civil liberties and privacy protection groups had become more and more vocal as CISPA made its way through the House saying its language was too vague.
As the bill came to a vote late on April 26, House Homeland Security ranking member Rep. Bennie Thompson (D-MS) said amendments authored by the Rogers and Ruppersberger to protect privacy were inadequate. He urged language be added that gives civilian agencies the lead in information sharing instead of intelligence agencies. He also wanted more restrictions on how the government could use information gathered.
The White House -- which backs Cyber security legislation in the Senate that is says provides more privacy protection and sets up the Department of Homeland Security as the central control point for information sharing -- has threatened to veto the House bill.
The Electronic Frontier Foundation, which has been fighting the bill over privacy concerns, condemned its passage in the House and vowed to “continue the fight in the Senate.”
"As the Senate takes up the issue of cybersecurity in the coming weeks, civil liberties will be a central issue," said Lee Tien, EFF senior staff attorney.
“H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres,” said a White House statement on April 25. “The Administration believes that a civilian agency – the Department of Homeland Security – must have a central role in domestic cybersecurity, including for conducting and overseeing the exchange of cybersecurity information with the private sector and with sector specific Federal agencies.”