Despite a growing storm of resistance to the Cyber Intelligence Sharing and Protection Act, CISPA has cleared its first legislative hurdle. But the battle over the widely-criticized information-sharing bill is just heating up.
In an earlier-than-expected vote Thursday evening, the House of Representatives voted 248 to 168 in favor of the bill , which was originally designed to allow more sharing of cybersecurity threat information with government agencies.
The legislation has drawn the ire of legislators, civil liberties groups, security practitioners and professors, and hundreds of thousands of petitioners, who say the bill tramples over users’ privacy rights as it allows Web firms like Google and Facebook to give private users’ information to government agencies irrespective of other laws that protect users’ privacy. “It’s basically a privacy nightmare,” says Trevor Timm, a lawyer and activist with the Electronic Frontier Foundation. “CISPA would allow companies to hand over private data to the government without a warrant, without anonymity, with no judicial review.”
But even before it passed, the House voted to amend the bill to actually allow even more types of private sector information to be shared with government agencies, not merely in matters of cybersecurity or national security, but in the investigation of vaguely defined cybersecurity “crimes,” “protection of individuals the danger of death or serious bodily harm,” and cases where that involve the protection of minors from exploitation.
That statute, which in effect widened the most controversial portion of the bill just hours before it came to a vote, is sure to draw even more controversy as the bill works its way through the legislative branch and reaches President Obama’s desk. President Obama currently backs a bill in the Senate put forward by Senators Joe Lieberman and Susan Collins, designed to increase the cybersecurity regulatory powers of the Department of Homeland security, which has been opposed by the GOP and stalled in the Senate.
The White House came out Wednesday with a strongly-worded statement slamming CISPA and pushing its regulatory approach in a threat to veto CISPA, writing that “cybersecurity and privacy are not mutually exclusive” and calling CISPA an intelligence bill rather than a security bill that treats civilians as subjects of surveillance. (White House watchers have observed, however, that the president’s advisors similarly recommended that he veto the National Defense Authorization Act, which he instead signed into law.)
Regardless, reconciling the House bill in its new, even more controversial form with a Senate version, even as the White House opposes the central thrust of the legislation, will only rekindle the controversy that has grown around CISPA in the last week.
The EFF’s Timm says he sees the House’s early vote on CISPA as an attempt by its author, representative Mike Rogers, to squeeze the bill through before its opposition grew any stronger. “We’ve seen an explosion of a variety of groups and congressmen come out against the bill,” he says. “As the Senate debates this, it’s good that privacy and civil liberties will be front and center.”
xx