Privacy group calls for changes in CISPA cyberthreat sharing bill
Privacy groups want the House Intelligence Committee to debate the bill in a public session
IDG News Service - U.S. lawmakers need to make significant changes to a controversial cyberthreat information sharing bill because the legislation could be used to give federal intelligence agencies backdoor wiretapping powers, the Center for Democracy and Technology said.
A markup to amend and send the Cyber Intelligence Sharing and Protection Act (CISPA) to the floor of the U.S. House of Representatives may happen as soon as April 10, and the House Intelligence Committee could debate the bill behind closed doors, CDT staffers said Wednesday. About 30 groups, including CDT, the American Civil Liberties Union and the Electronic Frontier Foundation, are calling on the committee to hold an open markup of the bill.
CISPA would allow companies to share cyberthreat information with a broad range of federal agencies, including intelligence agencies, and the agencies could use the shared information for broad national security purposes, said Gregory Nojeim, a senior counsel at CDT.
"I think it's fair to say that a national security use could be most anything that an intelligence agency thinks might be related to national security," he said. "It's what we say risks turning this legislation into a backdoor wiretap."
The bill, as written, also gives lawsuit protections to companies that use cybersecurity systems to collect cyberthreat information without limiting how the companies are obtaining that data, Nojeim said during a media briefing. The language in the bill could potentially give legal protections to companies that hack into other networks in search of cyberthreat information, he said.
"The last place one would think you would find new authority to hack [other networks] would be in cybersecurity legislation," he said.
In addition, CISPA gives legal immunity to companies for any "decisions made based on cyber threat information identified, obtained or shared," potentially giving companies authority to shut down other networks in the name of cyberdefense, Nojeim said.
A spokeswoman for Intelligence Committee Chairman Mike Rogers, a Michigan Republican and lead sponsor of CISPA, said the committee has had regular discussions on CISPA with privacy groups for 18 months.
"During last year's committee markup and open House floor process we incorporated several of their suggestions to tightening up the bill to further cement already robust privacy protections," spokeswoman Susan Phalen said by email. "As we move through this year's committee and House floor process, [the sponsors] are fully committed to continuing that ongoing dialogue and incorporating language into the bill which further puts to rest any misunderstandings about the bill's intent."
Nojeim said he knows of no privacy groups that the committee has a continuing dialog with.
Phalen said she expects an open debate about the bill and amendments when the bill goes to the House floor.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
- Seattle Children's Accelerates Citrix Login Times by 500% with Cross-Tier Insight Seattle Children's is a leading research hospital with a large and growing Citrix XenDesktop deployment. With ExtraHop, the IT team at Seattle Children's...
- McKesson Makes Application Hosting for Hospitals Faster, More Efficient With ExtraHop, McKesson identified the root cause of slow Citrix XenApp application launches and adopted a more intelligent, proactive IT operations model that...
- Maintain Less. Create More. Spend less on maintenance and spend more time creating with Red Hat Enterprise Linux. Read on to learn how Red Hat can help...
- Flying High on the Use of Red Hat Enterprise Linux Flybe was one of the 21 companies that were interviewed for quantitative results on their operations as part of an IDC ROI analysis....
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Gov't Legislation/Regulation White Papers | Webcasts