A coalition of leading technology industry groups is calling on lawmakers to pass a controversial cybersecurity bill, offering a broad show of support as the measure heads to the House floor for debate next week.
The groups, including the Information Technology Industry Council (ITI) and the Software and Information Industry Association (SIIA), delivered a letter to House leaders calling for passage of the Cyber Intelligence Sharing and Protection Act, or CISPA, a bill that would provide a framework for sharing information about cybersecurity threats among government and private-sector entities.
“Our associations believe that targeted congressional action that both preserves and promotes innovation can contribute to a more resilient global digital infrastructure,” the groups wrote in a letter to House Speaker John Boehner (D-Ohio) and Minority Leader Nancy Pelosi (D-Calif.). “Cybersecurity is best realized through effective partnerships between the public and private sectors, as the interests of government and industry are fundamentally aligned on this issue.”
In addition to their support of CISPA, the groups are also calling on House lawmakers to pass targeted bills that would strengthen the Federal Information Security Management Act (FISMA), the certification standard for government IT systems, and to improve cybersecurity research and development.
The organizations’ advocacy for CISPA comes as several privacy and civil liberties groups have been working to gin up opposition to the bill, warning that the measure could lead to businesses sending troves of personal information about their users to secretive government arms like the National Security Agency with strong liability protections and minimal accountability.
The authors of the legislation, House Intelligence Committee Chairman Mike Rogers (R-Mich.) and C.A. “Dutch” Ruppersberger (D-Md.), the ranking member on the panel, have acknowledged those concerns and earlier this week released a revised version of the bill they intend to offer as a substitute amendment.
The revisions include a provision to give the Department of Homeland Security access to much of the information being shared, meant to provide a civilian check on the activities of the NSA and other military agencies, and the removal of the term “intellectual property” from all definitions in the bill. Critics had warned that the original definitions were overly broad, inviting the possibility of using the statute to crack down on suspected copyright violations under the guise of cybersecurity.
But those revisions did little to sway the staunchest critics of the bill, including the American Civil Liberties Union (ACLU) and the Center for Democracy and Technology (CDT), which along with other groups have called for a week of protests ahead off next week’s scheduled debate as they seek amplify their objections in a manner reminiscent of the groundswell of online opposition that helped kill controversial intellectual property legislation earlier this year.
“Our criticism still stands. The changes they made do not address the fundamental flaws with the bill,” said Michelle Richardson, legislative counsel for the ACLU.
“They were not substantive. They in no way limited the amount or type of information that companies can share with the government,” Richardson said. “They still permit the companies to give the information directly to military agencies such as the NSA and it certainly still lacks meaningful use limitations to make sure the government doesn’t repurpose the information for all sorts of different uses once it receives it.”
CDT Senior Counsel Greg Nojeim similarly argued that his group’s core concerns remain after extensive talks with CISPA’s authors. He acknowledged that the revised discussion draft Rogers and Ruppersberger released represented some progress, but warned against the broad definition of what type of information could be shared with the government and how it could be used, as well as the direct sharing with the NSA that the bill still provides for.
But CISPA, which currently counts 112 House members as co-sponsors, has won considerable support from an array of industry groups and businesses, which maintain that current laws and policies inhibit the exchange of information about critical threats. At the same time, supporters have praised the bill for keeping a narrow focus on information sharing, rather than some of the more comprehensive proposals that would expand government oversight of the private sector with new regulatory requirements.
In addition to ITI and SIIA, the other groups that signed the letter to Boehner and Pelosi were: the Bay Area Council, the Computing Technology Industry Association, CTIA — The Wireless Association, the Internet Security Alliance, the Semiconductor Industry Association, the Silicon Valley Leadership Group, the Technology CEO Council and the Telecommunications Industry Association.
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.