CISPA: Cyber Intelligence Sharing and Protection Act of 2013
The CISPA bill introduced next week will be identical to the “Cyber Intelligence Sharing and Protection Act” (H.R. 3523) that passed the House by a strong bipartisan vote of 248-168 in April 2012.
This disgusting legislation led by corporations and not the US citizens, had 112 bipartisan cosponsors in the last Congress, will:
- Allow the USA Federal government to provide classified cyber threat information to the private sector to allow American companies to better protect themselves from advanced cyber threats;
- Empower American businesses to share anonymous cyber threat information with others in the private sector and enable the private sector to share information with the government on a purely voluntary basis, all while providing strong protections for privacy and civil liberties;
- Provides liability protection for companies that choose to protect their own networks or share threat information.
This bipartisan legislation was developed in close consultation with a broad range of private sector companies, trade groups, privacy and civil liberties advocates, and the Executive Branch.
Chairman Rogers said: “This is clearly not a theoretical threat – the recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear. American businesses are under siege. We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats. It is time to stop admiring this problem and deal with it immediately. Congress urgently needs to pass our cyber threat information sharing bill to protect our national security, our economy, and U.S. jobs.”
“American industry is under attack, costing our country and our economy billions of dollars and thousands of jobs. We need to do everything we can to enable American companies to defend themselves against these devastating cyber attacks. Our bill does just that by permitting the voluntary sharing of critical threat intelligence while preserving important civil liberties,” said Ranking Member C.A. Dutch Ruppersberger.
The bill’s strong protections for privacy and civil liberties include:
- Narrow definitions that permit only the voluntary sharing by the private sector of a limited category of information—cyber threat information—and only for cybersecurity purposes;
- Strict restrictions on the government’s use, retention, and searching of any data voluntarily shared by the private sector;
- Permitting individuals to sue the government in federal court for violations of the bill’s privacy restrictions;
- Requiring the independent Intelligence Community Inspector General to conduct a detailed review of the government’s use of any information voluntarily shared by the private sector, and provide an unclassified report to Congress;
- A sunset for the bill’s authorities in five years, requiring Congress to carefully review the use of the authorities provided under the legislation to determine whether they should be extended or modified.
By allowing the private sector to share cyber threat information, and employ classified information to protect its networks, this bill writers claim it will harness private sector drive and innovation while also keeping the government out of the business of monitoring and guarding private sector networks.
U.S. privacy and technology activists are preparing for a new round of fighting against an information-sharing bill they say will let private companies help the government spy on the American public.
They’re troubled by the Cyber Intelligence Security Protection Act (CISPA), which passed the House of Representatives last year but failed to get through the Senate. House members Mike Rogers and Dutch Ruppersberg are hoping to have more success passing it this year. They re-introduced the legislation at a cyber security talk in Washington Wednesday.
Supporters say CISPA will help the government defend private companies and federal agencies from cyber attacks from countries like Iran and China, as well as hacker groups like Anonymous.
“American industry is under attack, costing our country and our economy billions of dollars and thousands of jobs,” Ruppersberger said in a statement. “ We need to do everything we can to enable American companies to defend themselves against these devastating cyber attacks. Our bill does just that by permitting the voluntary sharing of critical threat intelligence while preserving important civil liberties.”
Not everyone is convinced.
The American Civil Liberties Union says the bill allows companies to turn over sensitive Internet records to the National Security Agency and the Defense Department without making a reasonable effort to protect the public’s privacy.
Sharon Bradford Franklin of The Constitution Project told The Washington Post the bill is “flawed.” She expressed concern about what information companies can hand over to the government, saying “Congress must also address the very real threat this legislation poses to Americans’ privacy rights and civil liberties.”
The ACLU is urging the public to fight for its right to online privacy.
“If the House wants smart cyber legislation that also protects privacy, it needs to ensure that the programs are civilian-led, minimize the sharing of sensitive personal information between government and corporations, and protect collected information from non-cyber uses,” the group said.
Criticism of the bill swelled on Twitter Wednesday..