House passes cybersecurity bill despite veto threat over privacy protections
The cybersecurity bill seeks to protect the nation from cyberattack, but concerns over how personal information is shared with the government and corporations has sparked opposition and a veto threat from the Obama administration.
(Page 2 of 2)
Citizens have "a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately," the White House added. "The government, rather than establishing a new antitrust exemption under this bill, should ensure that information is not shared for anti-competitive purposes."Skip to next paragraph
Subscribe Today to the Monitor
Privacy advocates joined in hammering CISPA for making data handed over to the government exempt from the Freedom of Information Act for reasons of "national security."
"With this bill you're talking about granting access to everyday Americans' Internet access records – because this bill doesn't lay out the type of information records that can be shared," says Michelle Richardson, staff attorney for the American Civil Liberties Union. "So it's going to be their Internet use history, their search terms, records of your e-mail that are going to the government."
It's not so much the flow of information from government to private industry, but the flow from industry to government that most worries these privacy advocates.
"This bill creates a cybersecurity loophole in all existing privacy laws," says Trevor Timm, a spokesman for the Electronic Frontier Foundation, an Internet privacy rights group. "Right now we have longstanding laws – the Wiretap Act and the Electronic Communications Privacy Act that have been on books for decades – saying government needs probable cause or a judicial warrant if they want to read your e-mails. This bill would allow companies to read your e-mails as long as there was some vague cybersecurity purpose – and hand them to government with no judicial review."
Another group, the Center for Democracy and Technology, worked closely with CISPA co-author Mike Rogers on amendment language – and indicated it might not oppose the bill – if amendments the group favored made it to the House floor for a vote.
But on Wednesday those amendments restricting the flow of information to the NSA – and government authority to use information for noncybersecurity purposes – were shot down even before being voted on. So the group pulled its support.
To CISPA advocates, however, the wrangle over just how and what kind of data could flow to government – and how it could or could not be used – was too much.
"The information they [companies and government are sharing] is information being used to break into our nation's networks," says Stewart Baker, a former NSA and Department of Homeland Security official now with the Washington firm of Steptoe and Johnson.
"The question really is: What can you do with that information after it's shared? To say you can use it for cybersecurity, but not national security – that's nuts! Are we willing to sacrifice national security and not protect the country?"
Others, however, say there's no need to sacrifice the nation – or lose privacy.
"There's a way for Congress to craft a very narrow information sharing program that still respects privacy," the ACLU’s Ms. Richardson says. "But this bill isn't it."
Get daily or weekly updates from CSMonitor.com delivered to your inbox. Sign up today.