Should You Be Concerned About The Return Of CISPA?

    February 13, 2013

On Wednesday of last week, we heard that the House Intelligence Committee was going to reintroduce CISPA after working with the White House on a revised bill that sufficiently addressed the Obama administration’s concerns. The hope of a reworked, and potentially privacy friendly, CISPA was good while it lasted because the bill’s co-sponsors aren’t going to change a thing.

The Hill reports that House Intelligence Chairman Mike Rogers and ranking member Rep. Dutch Ruppersberger said that they will be reintroducing CISPA into the House. This new CISPA, however, will not be any different from the old one.

Were you concerned about CISPA last year? Do you hate to see it back? Let us know in the comments.

It’s been a while since the original CISPA was introduced though. What made this particular piece of legislation so bad again? The EFF released a statement when CISPA was a concern last year, and the group’s words are still applicable to this day:

CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s ‘information sharing’ regime allows the transfer of vast amounts of data, including sensitive information like internet use history or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command. Once in government hands, this information can be used for any nonregulatory purpose so long as one significant purpose is for cybersecurity or to protect national security. These are not meaningful use restrictions: “national security” use is one of the problems, and the White House recognized this immense problem by precluding such use in its own cybersecurity proposal. While the bill requires the Director of National Intelligence Inspector General to issue annual reports on the government’s use of information shared with it under the bill, such reports would only be provided to congressional intelligence committees, and IG reports are no substitute for meaningful use restrictions and they will do nothing to dissuade companies from misusing personal information shared under this broad new program.

Despite this, CISPA enjoyed broad support from pretty much every major Internet-based company, with the exception of Mozilla. The same companies that came out swinging against SOPA voiced their support for CISPA. It’s pretty obvious that they supported it because it exonerates all companies from any liability should a customer’s data fall in the wrong hands when being transferred to the government, but the Telecommunications Industry Association argued last year that CISPA protected consumers:

CISPA strikes the right balance between strong cyber protection and a flexible, innovation-friendly framework. The legislation takes a significant step forward in safeguarding consumers and businesses from increasingly aggressive and sophisticated cyber attacks. At the same time, it establishes a collaborative approach that won’t introduce heavy bureaucracy that could harm high tech innovation. The relationship between government and industry that this bill supports is critical to the current and future economic success and security of America.

Is the TIA right in that CISPA helps protect consumers and companies? Or does it only serve to hurt them? Let us know in the comments.

The old CISPA may have enjoyed broad support from Internet companies, but it lacked a very important ally – the President. Last year, the White House issued a statement threatening to veto CISPA for its lack of privacy protections. It was a good sign, but that may not the be the case the time around.

In a statement released on Monday, the House Intelligence Committee says that CISPA was “developed in close consultation with a broad range of private sector companies, trade groups, privacy and civil liberties advocates, and the executive branch.”

It’s that last group that should make CISPA opponents concerned. If the new/old CISPA has support from the White House, one of its toughest opponents will be dealt with. The only thing standing in its way this time would be the Senate. Last year, the Senate pushed its own cybersecurity legislation in the Cybersecurity Act of 2012. The bill was ultimately killed and the House-approved CISPA languished and died before it could come up for a vote. That all may change this year as the House and Senate may be united in pushing forward cybersecurity legislation to combat whatever is in Obama’s cybersecurity executive order that’s expected to be revealed on Wednesday.

So, we come down to the all important question – should you be concerned? The answer is a resounding maybe. CISPA still has plenty of opponents even if the White House decides to announce its support for the bill. The Senate may try to push its own bill again thus killing it, and civil liberty groups will obviously campaign to have it killed.

In short, CISPA faces the same uphill battle that it faced last year. It’s hard to say if it will be successful time time or not. Even if it isn’t, at least we can look forward to an executive order that may just contain what we hated about CISPA.

Do you think an executive order would be preferable to CISPA? Do we even need cybersecurity legislation? Let us know in the comments.