Cybersecurity Bill Revised to Ease Privacy Concerns
As controversial cybersecurity legislation heads to the House floor, bill's authors offer new amendments to assuage concerns that the measure would provide for unlimited government collection of personal information.
Tue, April 17, 2012
CIO — Supporters of a controversial cybersecurity bill have issued a revised discussion draft of the legislation in an effort to address the concerns raised by privacy advocates and civil liberties groups.
The Cyber Intelligence Sharing and Protection Act, or CISPA, is intended to clear barriers for the government and businesses to share information about critical digital threats, but critics have warned that the language is overly broad and could result in a massive flow of information to secretive government outfits like the National Security Agency under the thin pretense of cybersecurity.
Among those groups' concerns is the fear that the bill would greatly expand federal agencies' surveillance powers, enabling them to obtain information from private firms that could be used for a variety of purposes unrelated to cyber threats, including suspected intellectual property violations. In response, groups such as the Center for Democracy and Technology, the Electronic Frontier Foundation and the American Civil Liberties Union have designated this a "week of action," urging concerned groups and individuals to take to the Web in protest and contact their representatives, recalling a groundswell of online opposition that helped defeat two intellectual property bills earlier this year.
The changes that the bill's authors, House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), the ranking member on the panel, unveiled late Monday are positioned as an explicit address of those groups' objections.
"We have maintained an open door for all interested parties since the drafting of this bill began last year, and we appreciate all the constructive feedback and input we have received," Rogers said in a statement.
Ruppersberger said that the revisions to the bill "show a good faith effort to continue to work with interested parties to improve the bill."
The term "intellectual property," for instance, has been removed from all definitions within the legislation, a move that the bill's authors explained was meant to narrow its scope and specify that it is only to apply to legitimate cybersecurity threats.
"This change was made to avoid any misunderstanding and to clarify that the bill is intended to defend against efforts to gain unauthorized access to systems or networks, including efforts to gain such unauthorized access to steal private or government information," read a fact sheet provided by the Intelligence Committee.
In address of the concerns that the bill lacks a meaningful check on the government's authorities, the bill's authors have proposed amendments to bring more transparency to the information-sharing framework CISPA would create. One proposed amendment would stipulate that the Department of Homeland Security would be able to review most of the information collected by other government entities under the bill. Privacy advocates have warned that information shared with the NSA and other military agencies that operate under limited oversight too often disappears into a black hole, and that the civilian DHS is the proper agency to take the lead on cybersecurity in the private sector.