Privacy group calls for changes in CISPA cyberthreat sharing bill
Privacy groups want the House Intelligence Committee to debate the bill in a public session
IDG News Service - U.S. lawmakers need to make significant changes to a controversial cyberthreat information sharing bill because the legislation could be used to give federal intelligence agencies backdoor wiretapping powers, the Center for Democracy and Technology said.
A markup to amend and send the Cyber Intelligence Sharing and Protection Act (CISPA) to the floor of the U.S. House of Representatives may happen as soon as April 10, and the House Intelligence Committee could debate the bill behind closed doors, CDT staffers said Wednesday. About 30 groups, including CDT, the American Civil Liberties Union and the Electronic Frontier Foundation, are calling on the committee to hold an open markup of the bill.
CISPA would allow companies to share cyberthreat information with a broad range of federal agencies, including intelligence agencies, and the agencies could use the shared information for broad national security purposes, said Gregory Nojeim, a senior counsel at CDT.
"I think it's fair to say that a national security use could be most anything that an intelligence agency thinks might be related to national security," he said. "It's what we say risks turning this legislation into a backdoor wiretap."
The bill, as written, also gives lawsuit protections to companies that use cybersecurity systems to collect cyberthreat information without limiting how the companies are obtaining that data, Nojeim said during a media briefing. The language in the bill could potentially give legal protections to companies that hack into other networks in search of cyberthreat information, he said.
"The last place one would think you would find new authority to hack [other networks] would be in cybersecurity legislation," he said.
In addition, CISPA gives legal immunity to companies for any "decisions made based on cyber threat information identified, obtained or shared," potentially giving companies authority to shut down other networks in the name of cyberdefense, Nojeim said.
A spokeswoman for Intelligence Committee Chairman Mike Rogers, a Michigan Republican and lead sponsor of CISPA, said the committee has had regular discussions on CISPA with privacy groups for 18 months.
"During last year's committee markup and open House floor process we incorporated several of their suggestions to tightening up the bill to further cement already robust privacy protections," spokeswoman Susan Phalen said by email. "As we move through this year's committee and House floor process, [the sponsors] are fully committed to continuing that ongoing dialogue and incorporating language into the bill which further puts to rest any misunderstandings about the bill's intent."
Nojeim said he knows of no privacy groups that the committee has a continuing dialog with.
Phalen said she expects an open debate about the bill and amendments when the bill goes to the House floor.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is email@example.com.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions IT security decision-makers from companies with 100 to 5,000 employees evaluates the current endpoint security solution market based on Forrester's own market data,...
- Best Practices for Security and Compliance with Amazon Web Services This paper will discuss what part of the shared responsibility equation customers are responsible for and what some of the recommended security practices...
- Case Study: Intuit Turns to Self-Service IT Intuit empowered its users to resolve their own IT issues with a consumer-like experience to free IT to focus on more strategic initiatives....
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Gov't Legislation/Regulation White Papers | Webcasts