The Cyber Intelligence Sharing and Protection Act (CISPA) is back, albeit with expected revisions. CISPA author Rep. Dutch Ruppersberger (D-MD and co-author Chairman Mike Rogers (R-MI) are planning to reintroduce the bill in the House. But, this time they are working in conjunction with the White House in order to avoid a veto from President Obama.
When CISPA was first introduced, it passed in the House but was shelved after the Senate began work on its own cybersecurity bill. Adding to the mix, Department of Homeland Security Secretary Janet Napolitano has urged Congress to come up with legislation governing areas of cyber security so that individuals’ personal information can be shared between the private sector and the government. Napolitano hopes that this will help prevent cyber attacks on infrastructure that is critical to U.S. national security.
At the same time, Obama is working on a cybersecurity executive order, according to information leaked to the media. This executive order is expected to be signed some time following the president’s State of the Union address, which will be on Tuesday.
The White House opposed the original CISPA bill due to privacy concerns, but now Obama may completely bypass Congress and issue a cybersecurity executive order.
The White House began working on the executive order after Congress failed to pass CISPA last year. The issue of cybersecurity returned to the forefront due to recent reports of cyberespionage against The New York Times, The Wall Street Journal, and The Washington Post, along with attacks on the Federal Reserve’s Web site and on several U.S. banks.
Tom Carper (D-DE), Senate Homeland Security and Governmental Affairs Committee Chairman explained that the draft executive order will be the topic of a joint hearing with the Commerce and Intelligence committees. The order will be discussed and feedback will be sought. ”I think the smart thing for us to do would be to receive it, to read it, and I raised this as a possibility with [Commerce Committee] Chairman Sen. Jay Rockefeller [D-W.Va.] today: Maybe the relevant committees do a joint hearing … and invite the administration to come in, explain the executive order, and invite other folks to come in and react to the executive order,” Carper said.
So, why did so many oppose CISPA? For one thing, it would allow any company to share all the data it has collected on you, if asked to by the government. And, some of the terms in CISPA are very vague. Additionally, very little oversight would be in place. U.S. citizens would have a much reduced expectation of privacy.
According to ZDNet:
CISPA was a tricky law to get your head around. It defined cyber-security threats as efforts to “disrupt, degrade, destroy or gain unauthorized access to any system or network, whether privately owned (by a company) or owned by government,” said ZDNet’s Violet Blue, who covered the topic extensively and in great detail.
But arguments have been made that suggest such attempts to “disrupt [or] degrade” a network—commonly known as a denial-of-service (DoS) attack—could in fact be a method of online protest.
A quick breakdown of the Cyber Intelligence Sharing & Protection Act:
Cyberthreats are anything which makes “efforts to degrade, disrupt or destroy” vital networks; or, anything that makes a “threat or misappropriation” of information owned by the government or private businesses. And, of course private businesses and government can share information about cyberthreats.
CISPA rewards companies for:
- Collecting data
- Intercepting or modifying communications
- Providing the government with information
A Few of the Companies who support the measure:
It is important to note that information collected from you is proprietary–you don’t have the right to know what’s being collected. In addition to that, your name, address and phone numbers can also be shared.
We’ll soon find out what modifications Congress and Obama will make to the original CISPA bill.