SOPA fears risk blocking new cyber-security bill

  • Article

Building on my previous post about upcoming proposed cyber legislation, a couple of other articles appeared in the past couple of days that discuss the smaller likelihood of passing the bills because lawmakers are spooked that they may face another SOPA-style backlash. 

From Mashable: Could CISCPA become the SOPA (the fourth bill I summarized, which I won’t summarize here):

A bill introduced to the House of Representatives late last year could become the centerpiece of the next SOPA-style struggle between the tech community and Washington, D.C.

The bill already has over 100 co-sponsors and the backing of some of Silicon Valley’s most prominent companies, including Microsoft and Facebook — support which SOPA never enjoyed.

It’s called the Cyber Intelligence Sharing and Protection Act (or CISPA, for short). CISPA would alter the existing National Security Act of 1947 to allow private businesses and the government to share information about cyberthreats — including “efforts to degrade, disrupt or destroy” vital networks or “threat or misappropriation” of information owned by the government or private businesses, such as intellectual property.

To ensure that business-government information sharing happens on a two-way basis, CISPA requires the Director of National Intelligence to set up ways for the intelligence community to pass along threat information to private companies and make sure they actually go ahead and do that. To prevent sensitive information from being shared willy-nilly, CISPA requires that any recipient of such threat reports have a security clearance and a valid need for the information.

Finally, CISPA allows third-party cybersecurity firms (which provide cyber protection to the government and private businesses) to “use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property” of their clients. They’re also allowed to share that information with any other business or government department, provided their client gives them permission to do so.

As long as a cybersecurity firm acts in “good faith” according to these stipulations, it’s immune to civil or criminal lawsuits regarding information sharing.

The Electronic Frontier Foundation, a digital rights advocacy group, feels differently.

According to the EFF, the language in CISPA is worded so broadly that it could be interpreted to allow Internet Service Providers (ISPs) and companies such as Google and Facebook to intercept your messages and transmit them to the government.

They also warn that CISPA could be used as a blunt instrument against copyright infringement, similar to concerns about SOPA. Finally, they’d rather not see the Director of National Intelligence in charge of information sharing — they feel a civilian position would provide for more transparency and accountability.

“The idea is to facilitate detection of and defense against a serious cyber threat, but the definitions in the bill go well beyond that,” said the EFF in a blog post. “The language is so broad it could be used as a blunt instrument to attack websites like The Pirate Bay or WikiLeaks.”

This is echoed in an from Roll Call: Cybersecurity Bill Faces Tough Odds:

After last year’s intense debate of an anti-piracy bill, any legislation dealing with Internet security faces an uphill climb.

That point was made clear today by House Intelligence Chairman Mike Rogers, who was careful to point out differences between his bipartisan cybersecurity legislation and last year’s failed online piracy bill that was crushed after an all-out lobbying campaign from Internet companies and users.

“Apples and oranges,” the Michigan Republican told reporters in a conference call today when asked whether his legislation, which encourages private companies and the federal government to share information related to cybersecurity threats, might face a similarly grim fate as the Stop Online Piracy Act that was killed last year.

But after the SOPA mess, one telecom lobbyist said: “There’s a fear about any Internet bills now. Barring the worst with a real cyber threat, I don’t see how it can move.”

On the one hand, there’s paranoia from the EFF about privacy rights.  And on the other hand, there’s paranoia from telecoms company that they’re trying to back door another bill.  And on the other other hand, there’s skepticism from other government departments:

Sources say that Democrats on the House Homeland Security Committee are largely opposed. Ranking member Bennie Thompson (D-Miss.) said in a statement that “while promoting information sharing on cyber threats is urgently needed, I am concerned about the approach taken in the Rogers bill, as approved by the Intelligence Committee, and its potential implications on Americans’ privacy and civil liberties.”

Are Democrats on the House Homeland Security Committee really concerned about Americans’ privacy or civil liberties?  Or are they trying to push their own bill, the PrECIST Act, which is run under the authority of the Department of Homeland Security whereas CISPA is run under the NSA, which reports to the Department of Defense?

Cyber command reports to the NSA, not DHS.  It’s no surprise that we are seeing turf wars and “concerns about privacy.”  It’d be a lot more believable if the DHS didn’t have their own legislation.