U.S. privacy and technology activists are preparing for a new round of fighting against an information-sharing bill they say will let private companies help the government spy on the American public.
They’re troubled by the Cyber Intelligence Security Protection Act (CISPA), which passed the House of Representatives last year but failed to get through the Senate. House members Mike Rogers and Dutch Ruppersberg are hoping to have more success passing it this year. They re-introduced the legislation at a cyber security talk in Washington Wednesday.
Supporters say CISPA will help the government defend private companies and federal agencies from cyber attacks from countries like Iran and China, as well as hacker groups like Anonymous.
"American industry is under attack, costing our country and our economy billions of dollars and thousands of jobs,” Ruppersberger said in a statement. “ We need to do everything we can to enable American companies to defend themselves against these devastating cyber attacks. Our bill does just that by permitting the voluntary sharing of critical threat intelligence while preserving important civil liberties."
Not everyone is convinced.
The American Civil Liberties Union says the bill allows companies to turn over sensitive Internet records to the National Security Agency and the Defense Department without making a reasonable effort to protect the public’s privacy.
Sharon Bradford Franklin of The Constitution Project told The Washington Post the bill is “flawed.” She expressed concern about what information companies can hand over to the government, saying “Congress must also address the very real threat this legislation poses to Americans' privacy rights and civil liberties.”
The ACLU is urging the public to fight for its right to online privacy.
“If the House wants smart cyber legislation that also protects privacy, it needs to ensure that the programs are civilian-led, minimize the sharing of sensitive personal information between government and corporations, and protect collected information from non-cyber uses,” the group said.
Criticism of the bill swelled on Twitter Wednesday.
The bill is identical to the one that passed the House last year. It will allow the federal government to provide classified cyber threat information to private companies; allow U.S. businesses to share cyber threat information with the government and other companies; and provide liability for companies that share or receive such information.
CISPA’s re-introduction came just a day after President Barack Obama signed a new cybersecurity executive order that will also let the government share information about cyber threats with private companies involved in key infrastructure, like banking, communication, power and transportation.
The order sounds very similar to the controversial CISPA, but the ACLU actually praised the president’s action.
“An executive order by definition cannot take away the privacy protections granted by current statutes,” the ACLU said in a statement. “In other words, the [executive order] cannot exempt companies from privacy statutes, or let the government collect new information. It can only act within its existing power to change policies and practices.”
CISPA must still be approved by both the House and the Senate to become law. And even then, the president has veto power, a power he threatened to use last year when the bill made its way through Congress.