House Considers Controversial Internet Security Bill

Apr 19, 2012

By Brendan Conley, staff writer – April 18, 2012

The U.S. House of Representatives is considering an Internet security bill that would authorize companies to release customers’ confidential information to private security agencies and the government. The Obama administration has expressed concerns about the proposed law, while stopping short of threatening a veto. Internet users and privacy groups are organizing a campaign against the bill, which they say will legalize “cyberspying.”

The proposed law, the Cyber Intelligence Sharing and Protection Act (CISPA), would amend the National Security Act of 1947, to add provisions for Internet security and information sharing.  CISPA is intended to combat disruption of government or private computer systems or networks, such as denial of service attacks.  The bill also targets the misappropriation of government information and private intellectual property.  Opponents of the bill warn that it would create a loophole in all existing privacy laws, allowing the government to collect confidential information about private citizens.

The Electronic Frontier Foundation (EFF), a digital rights advocacy group, is one of the leaders of the opposition to CISPA.  According to the EFF, the bill would grant access to any information regarding a “cyber threat” to the government, private security agencies and private companies.  Under the bill’s original definition, a cyber threat can include theft or misappropriation of intellectual property, i.e., file sharing. Once a cyber threat has been identified, a private company could release a customer’s confidential information without regard to its own privacy policy or existing law. Companies would be under no obligation to report the release of information to the customer, and they would be immune from legal action if the information were misused. In addition, EFF said that the bill would allow companies to filter or block Internet content, potentially affecting sites such as Wikileaks, which has served as a clearinghouse for leaks of government information.

A coalition of privacy groups has signed onto a letter urging lawmakers to drop their support for the bill.  The letter warns that “CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity.”

The letter goes on to state that CISPA would allow sensitive personal data such as Internet use history or the content of emails to be shared with any government agency, including military and intelligence agencies, so long as cybersecurity is a significant purpose of the information-sharing. Signatories of the letter include the EFF, ACLU, American Library Association, Privacy Rights Clearinghouse, and others.

The uproar against the bill has already had some effect.  On April 16, the House of Representatives Permanent Select Committee on Intelligence said that several amendments to the bill had been approved.  One amendment removes intellectual property from the definitions of “cyber threat information” in the bill.  Another provision would permit federal lawsuits against the government if information gathered under CISPA is misused or violates civil liberties and privacy protections.  In addition, the amendments would “prohibit the government from conditioning its sharing of cyber threat intelligence on the sharing of private sector information with the government.”

CISPA has strong support among some of the country’s largest computer and Internet companies. Facebook, Google, Microsoft, AT&T and Verizon all support the bill, along with major trade groups and more than 800 other private companies.  The companies’ support is likely founded on a combination of genuine concern about security threats and the fact that CISPA would grant them immunity from legal action regarding the misuse of customers’ private information. Facebook, acknowledging the privacy concerns, released a statement saying that while the proposed law would allow private companies to share customers’ personal information with the government, “Facebook has no intention of doing this.”

The controversy over CISPA is only the latest battle in an ongoing struggle over electronic rights and freedoms. Nationally and internationally, as governments aim to protect against cyber attacks and copyright holders seek to protect their interests, advocacy organizations and ordinary Internet users are raising issues of privacy and freedom of speech.

The anti-CISPA campaign calls to mind the activism earlier this year against the Stop Online Piracy Act (SOPA). That bill, focused on protecting copyrighted works from infringement, would have prohibited websites from linking to other sites containing copyright-infringing material.  On Jan. 18, 2012, popular websites like the English language version of Wikipedia and Reddit, along with about 7,000 smaller websites, organized a blackout in which the sites voluntarily “went dark,” or denied service to the public, saying that SOPA, if passed, would prevent them from operating.  The measure raised awareness of the perceived dangers of the bill, and led to Congress postponing its consideration.

On the international stage, attention has been focused on the Anti-Counterfeiting Trade Agreement (ACTA), which opponents call “SOPA’s big brother.” ACTA is an international agreement intended to combat copyright infringement. Its most controversial measures would allow governments to access the personal information of suspected copyright violators and would impose a “three strikes” rule, cutting off a user’s access to the Internet after two warnings of a copyright offense. The agreement has been signed by the United States, Canada, Japan, Australia and the majority of countries in the European Union (EU), but has yet to be ratified by any of them. Opponents say that ACTA is a greater danger to privacy rights than SOPA, both because it is international in scope, and because the negotiations were conducted in secret. In the United States, Canada and the EU, citizens’ groups made official requests for the text of the treaty, only to have them denied, and during the negotiation period, the only information available to the public about the agreement came through unofficial leaks.

For the moment, however, civil liberties groups are turning their attention to CISPA.  The EFF, ACLU, Reporters Without Borders, and several other groups have designated the week of April 16-22, 2012 “Stop Cyber Spying Week.” The organizations hope to raise public awareness of the proposed law and encourage the public to contact their representatives and urge them to oppose the bill.