Critics: CISPA still a government surveillance bill

A House committee doesn't change the cyberthreat sharing bill enough to win support from some digital rights groups

A U.S. House of Representatives committee failed to make the changes necessary to allay fears about government surveillance in a controversial cyberthreat sharing bill that's moving toward a House vote, critics said.

The House Intelligence Committee, in voting 18-2 Wednesday to approve the Cyber Intelligence Sharing and Protection Act (CISPA), did not address concerns that the bill would allow private companies to share too much customer information with government agencies in the name of fighting cyberattacks, digital rights groups said.

Committee leaders expect the full House to vote on CISPA as soon as next week.

"Cyberhackers from nation-states like China, Russia, and Iran are infiltrating American cyber networks, stealing billions of dollars a year in intellectual property, and undermining the technological innovation at the heart of America's economy," Committee Chairman Mike Rogers, a Michigan Republican and cosponsor of the bill, said in a statement. "This bill takes a solid step toward helping American businesses protect their networks from these cyber looters."

But digital rights groups said the bill still has major flaws. "The changes that were offered during the closed-door markup do nothing to address the specific concerns we've been expressing about the bill for months," said Evan Greer, campaign manager at digital rights group Fight for the Future.

The bill will allow private companies to share a wide range of customer information they deem to be related to cyberthreats with U.S. agencies like the National Security Agency, Greer said in an email.

"The version of CISPA that passed out of Committee yesterday has several amendments that make it appear better on the surface, but do nothing to address the fundamental flaw with the bill, which is that it still allows massive amounts of private user data to be shared with secretive agencies," he added. "It still provides sweeping legal protections for corporations that share our data."

If CISPA's sponsors don't want it to be a surveillance bill, they should make additional changes, Greer added. "If that's true, there's an easy fix: write that into the bill," he added.

Sponsors and some other lawmakers defended the bill, saying it provides significant privacy protections. The committee accepted an amendment from Representative Jim Langevin, a Rhode Island Democrat, that prohibits companies from counterattacking, or hacking back, against cyberattackers after digital rights groups raised concerns that the bill's language could allow such activity.

Langevin praised the bill, saying more cyberthreat information sharing is needed, but he also suggested that CISPA "is not a final solution to cybersecurity."

"While [the bill] promises to greatly improve situational awareness, information sharing alone will not allow us to prevent every attack," he said in a statement. "Our most vulnerable and valuable infrastructure must meet minimum cybersecurity standards in order to minimize the risk of a major cyberattack that could leave millions without electricity or safe drinking water for an extended period of time."

Another amendment approved by the committee would limit the private sector's use of any cybersecurity information received to only cybersecurity uses. Some digital rights and privacy groups had questioned whether the bill would allow companies to use the cyberthreat information they receive for other purposes.

The committee also removed language from the bill would allow the government to use data collected under CISPA "for national security purposes," in an attempt to narrow the government's use of the information.

But Greer questioned whether that was a substantial improvement. The change is "not a real fix," he said. "The term 'cybersecurity' is so poorly defined within the bill that it does not provide meaningful limitations on what can be done with the data that's collected."

Sponsors of the bill said it contains several privacy protections. CISPA prohibits the government from forcing private sector entities to provide information to the government, and encourages the private companies to "anonymize" or "minimize" the information they voluntarily shares with the government, sponsors said.

The bill also allows individuals to sue the federal government for privacy damages, costs and attorney's fees in federal court, and it requires an annual review of the information-sharing program by the intelligence community inspector general. CISPA will sunset in five years.

Still, Representative Adam Schiff, a California Democrat , said he was disappointed that the committee rejected his amendment that would have required companies to make reasonable efforts to remove unrelated private information from the cyberthreat information they share.

"It is not too much to ask that companies make sure they aren't sending private information about their customers, their clients, and their employees to intelligence agencies, along with genuine cyber security information," he said in a statement.

Among the groups voicing support for the bill were the BSA and the Software and Information Industry Association, both software trade groups. CISPA would "provide the critical necessary framework for early detection and notification of cybersecurity threats," the SIIA said. 

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags U.S. National Security AgencylegislationJim LangevingovernmentMike RogersExploits / vulnerabilitiesFight for the FutureSoftware and Information Industry AssociationprivacyAdam SchiffBSAU.S. House of RepresentativessecurityEvan Greer

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?