The Department of Homeland Security logo is reflected in the eyeglasses… (Mark J. Terrill / Associated…)
WASHINGTON -- Activists and lawmakers are geared up for a final push against the latest Internet security legislation, calling on Congress to reject or dial back the Cyber Intelligence Sharing and Protection Act (PDF) because of the considerable power it would give government to examine Americans’ online activities.
A number of amendments already have been made to the bill as its supporters have tried to secure passage -– a vote is likely on Friday -– by clearing up ambiguities regarding what the law would allow the government to do.
CISPA’s supporters portray it as a bill focused on opening up communication between the government and private entities for the purposes of sharing information about imminent or emerging cyber security threats, with particular emphasis on those that threaten national security from foreign sources. Since its introduction last year, the scope of the legislation has been trimmed, and oversight of the powers it would grant has been broadened.
To many of the bill’s detractors, the changes aren't enough.
Despite a so-called week of action, in which groups such as the Electronic Frontier Foundation, the ACLU, the Sunlight Foundation, Reporters Without Borders and more sought to raise awareness of their concerns about the bill, the number of co-sponsors for CISPA in Congress has increased to 113.
A group of 18 congressional Democrats signed a letter Monday that spelled out their points of contention with the bill, writing that “CISPA would, for the first time, grant non-civilian Federal agencies, such as the National Security Agency, unfettered access to information about Americans’ Internet activities and allow those agencies to use that information for virtually any purpose.”
Rep. Ron Paul(R-Texas), a presidential candidate, joined the opposition in a statement claiming that “CISPA is Big Brother writ large” and the “latest assault on Internet freedom.”
The bill could soon be changed once again to address the concerns of critics. Rep. Adam Schiff (D-Calif.), a senior member of the Intelligence Committee, is proposing an amendment that borrows language from the Cybersecurity Act of 2012, currently sitting in the Senate. Schiff’s amendment would revise several provisions included in CISPA that critics see as overly broad and ambiguous.
Already, CISPA’s current definition of what constitutes cyber-threat information has been altered so that it no longer places the broad and contentious term “intellectual property” under the legislation’s purview. The initial inclusion of intellectual property brought immediate comparisons to SOPA, a bill focused on curbing online piracy and digital rights protections, which was canned after extensive backlash from individuals and from websites such as Wikipedia, Reddit and Google, which held blackouts or hosted prominent notifications to help end the legislation.
Under Schiff’s proposal drawing from the Cybersecurity Act, cyber security threats would be defined as “any action that may result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality or availability of an information system or information that is stored on, processed by, or transiting an information system.”
Included in the amendment are provisions to reduce the personally identifiable information obtained under CISPA. The amendment would, among other things, require data to be destroyed that does not “reasonably appear to be related to protecting a system or network” and would order requirements to be established to preserve the integrity of data that can be used to identify individuals.
Schiff’s amendment also seeks to limit the access federal agencies would have to the information swept up by CISPA’s procedures, to make sure that the data cannot be, as Schiff phrased it, “hijacked for another purpose.” The attorney general’s office would work in consultation with private and public entities to establish the procedures after CISPA’s passage. The AG’s involvement would be in conjunction with the oversight role given to the inspector general of the intelligence community in CISPA’s current text.
The need to include more oversight authority in the legislation was highlighted by White House National Security Council spokeswoman Caitlin Hayden. “Legislation without new authorities to address our nation's critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation's urgent needs,” she said in a statement released April 17.
Michelle Richardson, a legislative council at the ACLU’s Washington Legislative Office, is hoping that more amendments to be proposed by CISPA’s opponents will curtail the power the proposed law would give to the government.