by Hayley Tsukayama
April 27, 2012
The House passed the Cyber Intelligence Sharing and Protection Act (CISPA)
Thursday night, despite some controversy over how the bill addresses privacy
and a threat of a veto from the White House.
The measure, designed to make it easier for the federal government and
private sector to share cyber threat data with each other, was approved by a
Its supporters and opponents were quick to issue statements following
passage of the bill, which now moves to the Senate.
The Obama administration had issued a veto threat against CISPA earlier this
week. The White House has previously endorsed a bill from Sens. Joseph
Lieberman (I-Conn.) and Susan Collins (R-Maine), which would put
cybersecurity oversight and private sector coordination in the hands of the
Department of Homeland Security.
Some business interests have opposed this proposal, saying it would add
unnecessarily regulation. Business groups hailed the CISPA’s passage, saying
that it will make it much easier for the private sector to share possible
cyber threat information without additional regulatory burden.
Robert Holleyman, president and chief executive of the Business Software
Alliance, said in a statement that the act is,
“critical because it unties
the hands of companies on the front lines of the digital economy.”
Other business leaders urged the Senate to pass the bill quickly.
strongly urge the Senate to swiftly take up this issue because the United
States cannot afford to wait to improve our nation’s cybersecurity posture,”
said TechAmerica President and chief executive Shawn Osborne.
will only further risk our national security.”
Privacy advocates, however, remained concerned that the measure will violate
basic civil liberties.
The Center for Democracy and Technology (CDT), which withdrew its support for the
bill on Wednesday, said it was,
“disappointed that CISPA passed the House in
such flawed form and under such a flawed process.”
While the group was
pleased with some of the amendments, which tried to narrow the scope and
language of the bill, the group is still concerned that CISPA allows
information to move,
“from the private sector directly to the NSA.”
said that the bill inappropriately allows for data to be applied to national
security issues other than cybersecurity.
In a statement, the American Civil Liberties Union said that it is
“CISPA goes too far for little reason,” said Michelle Richardson,
ACLU legislative counsel.
“Cybersecurity does not have to mean abdication of
Americans’ online privacy. As we’ve seen repeatedly, once the government
gets expansive national security authorities, there’s no going back. We
encourage the Senate to let this horrible bill fade into obscurity.”
Shortly after the the House passed CISPA, it also unanimously approved
another cybersecurity measure:
amendments to the Federal Information
Security Management Act (FISMA) proposed by Rep. Darrell Issa (R-Calif.),
which address security on the government federal computer systems.
Four Viewpoints You Should Hear
by Christina DesMarais
April 28, 2012
Citing its effort to better protect American infrastructure from foreign
attacks, the U.S. House of Representatives passed the Cyber Information and
Security Protection Act April 26 in spite of worries that consumer data
privacy will be compromised if the bill eventually becomes law.
In an interesting and informative debate hosted by KQED public radio Joshua
Johnson in San Francisco yesterday, several parties with strong opinions
weighed in on the matter - one that stirs up a plethora of questions.
For instance, can CISPA really protect America from hackers who could do
nefarious things such as shut down or blow up power plants?
While the answer
isn’t cut and dried, certainly cyber terrorists could feasibly do a lot of
harm. In fact, as Johnson pointed out, just this week Iran took several of
its oil terminals offline due to fears hackers would program the machinery
And will fears about terrorism ultimately trump the popular desire to keep
regular people’s data private? As we become more entrenched in all things
online and the social data revolution continues to unfold, is
reminiscent of Orwell’s Big Brother or - to use a more modern prophecy from
popular culture - the movie Minority Report inescapable in years to come?
These questions have no easy answers. The good news is that dialogue on the
policy front and in the tech media is earnest and unrelenting.
Here are what
several experts had to say during yesterday’s debate:
Against CISPA - EFF
Rainey Reitman, activism director for the Electronic Frontier Foundation, is
an outspoken contributor to the CISPA debate.
Reitman said that while CISPA
proponents employ rhetoric that the bill will “fend off a cyber Pearl
Harbor,” what they’re really doing is inciting fears of security threats
when, in fact, such concerns have existed for years.
“I do think there is a
need for companies to get more information from the government in a timely
fashion. The problem that arises with CISPA is that it does so much more
than that,” she says.
“It also opens the floodgates for companies to intercept communications of
everyday Internet users and pass unredacted personal information to the
governments,” she says, adding that several amendments to the bill would
have addressed such concerns but they never made it to the House floor for a
Reitman says civil liberties groups like the EFF don’t want cyber security
programs to be a method by which intelligence agencies or the military can
garner information about American citizens.
As for why many companies such as Facebook support CISPA, Reitman says the
companies understandably want to be better informed about security
vulnerabilities and promise not to spy on users or hand unredacted
information over to the government.
On the other hand, she says CISPA as it
stands now lets companies bypass all existing privacy law and pass citizens’
personal data to the government even if there’s a weak excuse that the
information is related to cyber security purposes.
“The government in return has said that if they get information that’s
unrelated to cyber security they “may” - don’t have to, but may choose to - remove some of the implications toward civil liberties. But they don’t
have to and there’s no real guidelines on what they would have to do about
it,” she says.
“What we want[are] actual laws in place that make that
impossible or difficult. In the very least that if the government wants
personal information about users of services including the content of
e-mails they [have to ] go to a judge and get a warrant.”
For CISPA - Information Technology Industry Council
Dean Garfield, president and CEO of the Information Technology Industry
Council, has also weighed in on behalf of that industry organization.
Garfield said 95 percent of the data breaches that take place on the
Internet are breaches of people’s personal information - things like social
security numbers and credit card numbers.
“This is really about protecting
the people who are a part of the Internet ecosystem on an everyday basis and
that’s why it’s so critically important,” he says.
He also makes the point that CISPA doesn’t mandate that companies give the
government information, but that doing so is voluntary.
As for why cyber security is so important now, Garfield says it’s a problem
that just keeps getting worse and he points to data that said between 2009
and 2010 there was an increase of 93 percent in cyber security breaches.
“Most of us spend seven-plus hours a day in a network environment in front
of our computer and so we make all sorts of information available on the
Internet. It’s an integral part of our everyday life. And of the information
that’s being compromised, 95 percent of it is our personal information and
it’s important that we take steps to protect that.
And there are simple
straightforward ways to do that which from our perspective and from the
majority of the Congress’ perspective CISPA was a vehicle for doing just
One fly in CISPA’s pie has been that the White House staff says it will
recommend to President Obama that he veto the bill if it makes it to his
However, Garfield asserts that the recommendation was made regarding a
prior version of the bill and not the amended version that was passed by the
House of Representatives.
As for concerns about the bill giving the government free reign to get its
hands on whatever data it convinces companies to give it, Garfield says
that’s not a concern.
“In fact, there was an amendment in the bill that passed that makes clear
that CISPA doesn’t enhance the power of the NSA or any other government
agency to engage in the kinds of activity that Rainey’s talking about…For
example, the bill sunsets in five years.
It has a FOIA (Freedom of
Information Act clause) so that those who want to find out the types of
information that’s being shared can do so. It sets up the process which I
don’t think has existed anywhere else where if the government misuses
private information, it’s subject to liability for that misuse of
A Tech Entrepreneur Speaks Out
A caller into KQED's show identified as “Bruce in Los Gatos” said he is a
long-time serial entrepreneur in Silicon Valley who, along with other tech
innovators, has invested heavily to develop services, social media, GPS, and
mobile apps that give him insight into the behavior and habits of consumers.
“We take pride for the most part in doing the best job we can to use the
data responsibly and give consumers value around that,” he says.
What concerns him about CISPA and other previous bills that have been under
consideration is that the government seems to want to get at that data.
the courts thus far haven’t been very tough on the government in preventing
them from accessing it.”
He also points out that modern technology and services companies
legitimately know where and when people travel and with whom they
“But if the government should choose to start to aggregate and track that
data, it’s very concerning. And I would be concerned as a consumer that
there aren’t more safeguards in place to prevent the government from just
grabbing that data or forcing the companies to turn it over in secret,” he
What Will Happen to CISPA in the Senate?
Garfield says he’s still hopeful about the bill’s future and Reitman says
the EFF’s goal is to have a voice in whatever bill the Senate considers.
That said, Jennifer Martinez, technology policy reporter for Politico, says
Democratic sources told her that CISPA is “basically dead on arrival”
because of the privacy concerns associated with it.
She also says that
nothing will happen with CISPA at least for the next week because the Senate
is currently in recess and Senate Majority Leader Harry Reid has said the
issue will get picked up sometime in May.
What’s most likely to get attention first, Martinez says, is a bill by
Senator Joe Lieberman (I-Connecticut) that supports a different method of
evading and mitigating cyber threats.
“The main difference is that the core component [of Lieberman’s bill] puts
new security mandates on operators of critical infrastructures [such as]
utilities companies, [and] possibly water plants [whereas] CISPA is focused
on improving information sharing about cyber threats between the government
and industries so it doesn’t have that piece that addresses security gaps in
critical infrastructures,” she says.
How You Can Hear and Be Heard
To listen to the entire radio interview for yourself:
And regardless of which side of the fence you’re on, the
EFF has posted an
online tool that makes it easy for you to send a tweet to your U.S. senators
cyber security and privacy.
If legislators perk up when a few dozen phone
calls come into their offices, imagine the effect of hundreds or thousands
of Twitter interactions on the matter.
Why You Should Care -
April 30, 2012
SOPA didn't die. It transformed into CISPA and again Internet privacy is
under attack. Tim's robot doesn't give a darn about privacy but will
revealing his dark online secrets change his mind?
Find out right now!