Free speech advocates are calling for the Senate to block controversial cybersecurity legislation they claim will give the US authorities unprecedented access to online communications.
The House of Representatives on Thursday ignored the threat of a White House veto to pass the Cyber Intelligence Sharing and Protection Act (Cispa). The bill aims to make it easier for companies to share information collected on the internet with the federal government in order to help prevent electronic attacks from cybercriminals, foreign governments and terrorists.
Sponsors of the bill have made several amendments to Cispa in the past week, but critics say the bill still threatens to overrule existing privacy protections for citizens, and hands the National Security Agency too much power to access and use people’s private information.
The Center for Democracy and Technology said it was “disappointed that Cispa passed the House in such flawed form and under such a flawed process.”
“We worked very hard in co-operation with the intelligence committee to develop amendments to narrow some of the bill’s definitions and to limit its scope. We are very pleased that those amendments were adopted, leaving the bill better for privacy and civil liberties than it was going into the process,” the tech group said.
“However, we are also disappointed that House leadership chose to block amendments on two core issues we had long identified – the flow of information from the private sector directly to NSA and the use of that information for national security purposes unrelated to cybersecurity.”
“Cispa goes too far for little reason,” said Michelle Richardson, ACLU legislative counsel. “Cybersecurity does not have to mean abdication of Americans’ online privacy. As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.”
Richardson said senior figures including Adam Schiff of the House intelligence committee, Anna Eshoo, on the subcommittee on communications and technology, plus 28 congressional Republicans had voted against the bill.
“We are disappointed that it got this far but we remain optimistic that this bill can be killed,” Richardson said. She said the big danger now was that a compromise would be drawn up which could still endanger civil liberties online.
Earlier this week the Obama administration said it would veto the bill unless major amendments were made. Obama’s Office of Management and Budget said the administration was “committed to increasing public-private sharing of information about cybersecurity threats” but said the process “must be conducted in a manner that preserves Americans’ privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace.”
“Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately,” the OMB said.
On Thursday night the bill’s author, Republican Mike Rogers, chairman of the House intelligence committee, defended it. “This is the last bastion of things we need to do to protect this country,” he said.
The bill received broad support from the tech industry – which has been granted immunity from prosecution when it shares its customers information under Cispa.
Companies including SAIC, a huge defence contractor, Lockheed Martin, AT&T and Time Warner Cable have lobbied for the bill and contributed funds to the political action committee of Mike Rogers, the bill’s sponsor.
According to opensecrets.org, Rogers’ Pac received $103,000 in this election cycle from 12 companies that have lobbied for Cispa.
Cybersecurity experts said that the threat the bill aims to tackle is serious, but that better compliance with existing rules was at least as important as new legislation.
Tony Busseri, chief executive officer of Route1, a cybersecurity firm that counts the US navy and department of homeland security among its clients, said the threat of cybersecurity was “massive” especially with the proliferation of tablet computing and mobile devices that meant more and more sensitive information was moving outside the office.
“It’s about managing vulnerabilities,” he said. “Candidly we don’t apply the rules and regulations that are already there to protect us. The risk here is that we end up politicizing this issue.”