Cybersecurity Bill Update: House to Vote, President Threatens Veto
The Cyber Intelligence Sharing and Protection Act is headed to a vote in the U.S. House of Representatives. But does the finished product offer any answers to its critics?
The U.S. House of Representatives is expected to vote Wednesday on a controversial cybersecurity bill—one that tech companies, associations, and activists are still very much divided over. Even President Barack Obama says he’ll veto the bill unless changes are made to protect privacy.
The Cyber Intelligence Sharing and Protection Act (CISPA) was introduced in February and aims to “help American businesses better protect their computer networks and corporate trade secrets from advanced cyber attacks.”
According to its sponsors in the House, the amended bill would:
- allow the federal government to provide classified cyber threat information to the private sector to help American companies better protect themselves from advanced cyber threats
- empower American businesses to share cyber threat information with others in the private sector and enable the private sector to share information with the government on a purely voluntary basis, all while providing strong protections for privacy and civil liberties
- provide liability protection for companies acting in good faith to protect their own networks or share threat information
“American businesses are under siege,” said Rep. Mike Rogers (R-MI), chairman of the House Intelligence Committee and cosponsor of the bill. “It is time to stop admiring this problem and deal with it immediately. Congress urgently needs to pass our cyber threat information-sharing bill to protect our national security, our economy, and U.S. jobs.”
Despite the security concerns, opinions about the bill are deeply divided because it would give government agencies the ability to share information with companies, and vice versa.
Some support: The bill had support from CTIA–The Wireless Association and the National Cable and Telecommunications Association when it was introduced last month.
TechNet, a technology association that represents Google, Yahoo, and Microsoft executives, sent a letter to the intelligence committee saying the legislation is “an important step forward in removing the barriers and disincentives that can prevent the kind of information sharing that is most effective in combating cyberattacks.”
Some concern: Several organizations, as well as several members of Congress, have expressed serious concerns that the bill goes too far and will infringe on citizens’ right to privacy.
The American Civil Liberties Union maintains that the bill “allows too much sensitive information to be shared with too many people.”
Opponents are also dismayed that lawmakers rejected a proposal to keep cybersecurity authority in civilian hands. “CISPA … would overturn 20 years of civilian control of the government’s cybersecurity efforts for the dot-com sector and house them in a secretive military intelligence agency,” Gregory Nojeim, senior counsel at the Center for Democracy and Technology, said in an email to CIO.com.
And one news report speculates that the tech trade groups are supporting the bill in large part because it’s “preferable to a competing bill that’s more regulatory.”