US House of Representatives passes CISPA cybersecurity bill

18 Apr, 2013 16:17 / Updated 12 years ago

The US House of Representatives has passed the controversial Cyber Intelligence Sharing and Protect Act (CISPA).

Lawmakers in the House voted 288-to-127 Thursday afternoon to accept the bill. Next it will move to the Senate and could then end up on the desk of US President Barack Obama for him to potentially sign the bill into law. Earlier this week, though, senior White House advisers said they would recommend the president veto the bill.

Should CISPA earn the president’s autograph, private businesses will be encouraged to voluntarily share cyberthreat information with the US government. The authors of the bill say this is an effort to better combat the reportedly increasing attempts to harm America’s critical computer networks and pilfer the systems of private companies for intellectual property and other sensitive trade secrets.

One of the bill’s creators, Rep. Dutch Ruppersberger (D-Maryland), said during a round of debate on Wednesday that $400 billion worth of American trade secrets are being stolen by US companies every year. Passing CISPA, he said, would be a common sense solution to a threat that’s growing at an alarming rate.

“If your house is being robbed, you call 911 and the police department comes. That’s the same scenario we are looking at here,” he said.

Also testifying Wednesday, Rep. Alcee Hastings (D-Florida) said CISPA could be used to combat the 25 million cybercrime victims she claims are targeted every day.

That same day, CISPA co-author Rep. Mike Rogers (R-Michigan) stressed that his bill doesn’t extend any extra surveillance powers to the federal government, despite condemnation from critics that say exactly that. “It does something very simple: it allows the government to share zeroes and ones with the private sector,” he said. Rather, he called it "a critical bipartisan first step for enabling American’s private sector to defend itself" and "improves cybersecurity without compromising our civil liberties."

“We have yet to find a single United States company that opposes this bill,” said Rep. Rogers.

But companies do in fact oppose CISPA, including a number of entities that carry a good deal of clout around both Silicon Valley and inside the beltway. Just last month Facebook rescinded their support of the act, according to Cnet’s Declan McCullagh, because a spokesperson for the social media site says they prefer a legislative "balance" that ensures "the privacy of our users.”

After CISPA was unsuccessfully introduced to Congress last year — only to stall in the Senate — Microsoft endorsed the act only to eventually do an about-face.

“Microsoft believes that any proposed legislation should facilitate the voluntary sharing of cyber threat information in a manner that allows us to honor the privacy and security promises we make to our customers,” the company’s Scott Charney told McCullagh at the time.

But just last week, TechNet President Rey Ramsey sent a letter to Reps. Rogers and Ruppersberger saying his group thinks CISPA "recognizes the need for effective cybersecurity legislation that encourages voluntary, bi-directional, real time sharing of actionable cyberthreat information to protect networks," but that further work may be needed. TechNet’s Executive Council includes Yahoo's Marissa Mayer, Google's Eric Schmidt and Microsoft General Counsel Brad Smith.

Web browser makers Mozilla oppose the bill, as does the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union, and last year’s attempt to pass CISPA after it was unveiled for a first time prompted the White House to issue a veto warning then. In the months since the bill stalled in the Senate, though, the president has on his own part urged Congress to adopt a new cybersecurity bill.

CISPA 101: Originally introduced in late-2011, CISPA passed the House but never advanced to a full Senate vote after massive public campaigns waged against the bill. It's authors say CISPA will "provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities" by encouraging private companies such as Google, Facebook and others to hand over to the government any data that could be used to combat cyberattacks. Critics of the bill say its language is too broad, though, and allows federal agencies to access too much personal information.

In February, Pres. Obama signed an executive order that urges his administration to begin working towards improving cybersecurity protections until Congress can craft a bill. Hours later, he said during his annual State of the Union address how imperative legislation action is.

“Earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks,” the president said.

But in the veto threat extended by his office earlier this week, the White House writes, “the Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill.”

Rep. Nancy Pelosi (D-California) corroborated on that statement during Thursday’s pre-vote discussion, vowing to cast her ballot against CISPA because it did not, in her opinion, protect the privacy of Americans to the degree it should.

“I’m disappointed,” said the congresswoman, “that we did not address some of the concerns mentioned by the White House about personal information. Unfortunately, it offers no policies and did not allow any amendments or real solution that upholds Americans’ right to privacy.”

CISPA, added Pelosi, provides “overly broad liability protections and immunity to the businesses that violate our liberties,” and fails to strike a “crucial balance between security and liberty.”

But elsewhere during Thursday’s debate, another elected lawmaker cited national security concerns as paramount to these privacy woes. Speaking before his congressional colleagues, Rep. Mike McCaul (R-Texas) said this week’s deadly terrorist attack in Boston are reason enough to pass a cybersecurity bill, despite lacing evidence that the pair of bombs detonated Monday at the Boston Marathon were acts of cyberterror.

“Recent events in Boston demonstrate that we have to come together as Republicans and Democrats” in order to pass a bill that will strengthen national security, McCaul (R-Texas) said Thursday morning.

“In the case of Boston,” said McCaul, “there were real bombs.”

“In this case, they are digital bombs — and these digital bombs are on their way.”

Another lawmaker, Rep. Dan Maffei (D-New York), said CISPA was necessary to protect the US against “independent groups like WikiLeaks,” adding unfounded claims that the whistleblower website is “taking very aggressive measures to hack into” US computer networks.

Other noteworthy statements that came out of this week’s CISPA debate include one quip from Rep. Candice Miller (R-Michigan), who said Wednesday that the billl "helps us fulfill every one of the responsibilities mandated on us by the US Constitution."

“I believe strongly that you should have constitutional concerns about not passing this bill,” said Rep. Miller.

"By supporting CISPA, we move to fulfill our oath” to protect the American people, added Rep. William Enyart (D-Illinois).

As news broke Thursday afternoon that CISPA cleared the House, opponents took to social media to sound out. The EFF responded by saying the House “shamefully” passed, “undermining the privacy of millions of Internet users.”

One popular account associated with the hacktivist group Anonymous wrote:

When they passed an Internet-killer bill #CISPA, they used the logic of #Boston bombing. We all know how fear and terrorism works now.

— Anonymous (@CIApressoffice) April 18, 2013

When Rep. Ruppersberger reintroduced CISPA at the start of this congressional season, he evoked the terrorist attacks of September 11, 2001 to suggest that Congress can and will do whatever is necessary in the wake of another tragedy.

"We don’t do anything well after a significant emotional event,” said Ruppersberger. Should there be a cyberattack on America on par with 9/11, Congress “will get all the bills passed we want,” he said.