CISPA concerns spread in Congress
18 Democratic House members urge controversial bill's authors to add more privacy safeguards
Computerworld - A growing number of lawmakers are expressing concern over the controversial Cyber Intelligence Sharing and Protection Act (CISPA) bill that's scheduled for a vote later this week in the U.S. House of Representatives.
Backers say the bill aims to improve Internet security by making it easier for Internet Service Providers and Internet companies such as Google and Facebook to collect and share a wide range of user data with government security agencies.
Privacy and civil rights groups, and even the White House have criticized the bill, contending that it oversteps existing privacy laws and its passage would enable widespread surveillance of all online activities under the pretext of cyberecurity.
In a letter to CISPA bill sponsors Rep. Mike J. Rogers (R-Mich.) and Rep. C.A. Dutch Ruppersberger (D-Md), Rep. Bennie Thompson (D-Miss.) and 17 other Democratic House members echoed the sentiments of its critics. In the letter, the group called on the sponsors to address what they called 'real and serious' privacy concerns about the proposed legislation.
Thompson, ranking minority member of the House Committee on Homeland Security, and his backers said that the "broadness and ambiguous language" in CISPA could cause problems.
"Without specific limitations, CISPA would for the first time, grant non-civilian federal agencies, such as the National Security Agency, unfettered access to information about Americans' Internet activities and allow those agencies to use that information for virtually any purpose," the letter noted.
CISPA, introduced in the House last November, would let Internet companies monitor and collect any user information they think poses a threat to their networks or systems. The bill would also let these companies share the collected information with the NSA and other federal agencies like the Department of Homeland Security.
Proponents of the bill, which include dozens of high-tech companies and trade associations, argue that the legislation would improve cybersecurity by improving information sharing between private companies and federal law enforcement agencies.
Opponents contend that the bill is dangerously worded and open to different interpretations. CISPA could, opponents say, decimate privacy protections under existing statutes such as the Federal Wiretap Act and the Electronic Communications Privacy Act.
The legislation would provide significant legal immunity to Internet companies that share user information with the federal government.
Users have little recourse if their information was unfairly collected, privacy advocates warn. And while the bill was written to boost cybersecurity, information gathered by Internet companies can be used for any law enforcement purpose, they noted
In their letter, the legislators cited a lack of "necessary safeguards" in the bill and expressed concern over its ambiguous language. "Information sharing cannot come at the expense of the constitutional rights of our constituents," it said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Gov't Legislation/Regulation in Computerworld's Gov't Legislation/Regulation Topic Center.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Gov't Legislation/Regulation White Papers | Webcasts