Congress takes up CISPA as critics say cyber security measure would impinge on Internet privacy

On Capitol Hill today, the House of Representatives took up the Cyber Intelligence Sharing and Protection Act, or CISPA. The bill’s broad language allows private companies to share consumers’ personal data with the government and one another. While the bill’s Democrat and Republican supporters say it’s a crucial step to protect the country’s databases from foreign and domestic cyber attacks, its path to becoming law has challenges. The White House has threatened a veto, and civil liberties advocates are mobilizing to defeat it. FSRN’s Alice Ollstein reports.

TRANSCRIPT: Privacy and civil liberties advocates say the cybersecurity bill would break down the walls between companies with questionable privacy records, including Facebook and Google, and agencies with a history of privacy violations, including the National Security Administration. But CISPA’S supporters on both sides of the aisle have countered these concerns, saying the information sharing is voluntary, not required.

Lawyer Michelle Richardson with the American Civil Liberties Union says that doesn’t solve the problem.

RICHARDSON: The government isn’t forcing these companies to turn over the information and the companies have a choice. But the important thing is that the customers don’t. Customers are not going to be able to opt out of this program and prevent their information being shared with the NSA and other military agencies.

Unlike the successful protests against the anti-piracy bills SOPA and PIPA earlier this year, the campaign against CISPA does not have the backing of industry. In fact, most major tech and telecom companies, including Facebook, IBM, AT&T, Microsoft and Verizon, are actively backing the bill and lobbying for its passage.

Josh Levy with the online advocacy group Free Press explained why.

LEVY: It lets them off the hook for something they’re already doing and participating in. National security agencies already ask Facebook and other companies for the information of their users. And it’s not actually legal. It lives in a legal grey area. So what this would do is indemnify companies like Facebook from any legal challenges for giving up our private information. It would make that behavior officially legal.

CISPA places no limits on the kinds of data that could be shared, and would override existing anti-wiretapping laws, companies’ individual privacy rules, and the Electronic Privacy Act. Any kind of personal data, from bank, education and medical records to the content of e-mails would be up for grabs. The bill would also block any Freedom of Information Act requests from consumers trying to find out who is sharing their personal data with whom.

In a speech on the House floor on Thursday, Colorado Democrat Jared Polis raised further concerns about the bill.

POLIS: While ostensibly a cybersecurity bill, CISPA allows information sharing for the “protection of national security,” a broad and undefined category that could include practically everything under the sun. Is a Tea Party activist a threat to national security? Is a communist activist a threat to national security? The danger that this could be used for political oppression and to stifle political speech is very real.

On Wednesday, the President wrote to Congress saying he “strongly opposes” CISPA, citing a lack of oversight and accountability measures and threatening to veto the bill.

Seeking to address these and other criticisms, the House took up a long list of amendments to CISPA on Thursday. One provision up for debate stripS the immunity CISPA gives companies for improperly sharing personal data. Another limits what kind of data can be shared. And another prohibits the government from saving or using the data for anything other that cybersecurity reasons.

Without these safeguards, Josh Levy with Free Press says CISPA will have a chilling effect on free expression on the Internet.

LEVY: It would make it harder for us to communicate online without fear of being spied on, and that would result in us communicating less. So this incredible opportunity we have to connect with each other would be chilled, because we wouldn’t know who was watching and what the effect of that spying would have on us.

Despite the opposition to CISPA, the bill HAS strong support from many Democrats and Republicans, and is likely to pass the House. To drum up support during Thursday’s debate, Texas Republican Mac Thornberry described the consequences of not passing CISPA and leaving the country vulnerable to a cyber attack. 

THORNBERRY: The electricity grid going down, a whole city being poisoned by its water supply, chemical plants releasing emissions they didn’t intend to release. Real death and destruction can occur all because of things going on on the Internet.

But some civil liberties advocates, including the ACLU’s Richardson, say these kinds of “what-ifs” should not scare Congress into signing away important protections.

RICHARDSON: Those sorts of issues have not materialized yet, it’s unclear if they ever will, but they certainly do not merit a response where the NSA is turned loose on the domestic, civilian Internet.

The House will vote on CISPA and its amendments on Friday. But with the threat of a White House veto and the Senate companion bills still stuck in committee, CISPA has a difficult road ahead to become a law.

Alice Ollstein, FSRN, Washington