Lawmakers have defended the return of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) bill, arguing that the legislation is necessary in order to protect the United States against cyberattacks from regions such as China and Iran.
In a conference call with reporters, Representative Mike Rogers, who is chairman of the House Permanent Select Committee on Intelligence, emphasized that his bill protects civil liberties while preserving the open and free Internet. "[CISPA] protects privacy by empowering Web services and providers to protect their services," the Michigan Republican said. He added that the bills' supporters are working to resolve issues with the White House, which has criticized the bill in its current form.
With CISPA, the U.S. government and private companies will be permitted to exchange information regarding cyberthreats. For example, should the Homeland Security become aware of a scheduled hack of Facebook, it would subsequently notify the social network. That said, the bill would also allow Facebook to notify the feds if it detected hackers on its network.
CISPA would "empower American businesses to share anonymous cyber threat information with others in the private sector and enable the private sector to share information with the government on a purely voluntary basis."
The general consensus is that CISPA would allow technology firms such as Facebook and Google to expose personal information about their users. "What constitutes 'good faith' is unclear on the face of CISPA, given its overall vagueness—which is likely to make difficult any attempt at litigating against companies," the Electronic Frontier Foundation said in 2012.
The non-profit advocacy group cited that if a firm doesn't have strong security measures in place and is consequently hacked with all of its users' data being stolen, it could potentially avoid any issues with the law by providing details about the hack to the feds.
CISPA simply "empowers the private sector to protect itself in a better way," representative C.A. Dutch Ruppersberger said. "The threat is real," he added, referring to recent hacks of the "New York Times" and "The Wall Street Journal." Rogers stressed that members of Congress are surprised to hear about such threats during classified briefings, which "motivates people to do the right thing."
The United States is "really under siege here from countries like Iran, who are trying to bring down our financial services industry," in addition to China, which has carried out "unprecedented [and] epic" cyber attacks.
CISPA had passed the House last year, but failed to make it through the Senate. The White House, meanwhile, threatened to veto it. Ruppersberger said that the administration's veto threat was made at an advanced stage of the bill, which caught him off guard. Alongside Rogers, he has been discussing a revised CISPA bill with the White House. Rogers anticipates "meaningful negotiations" with the administration.
U.S. President Barack Obama recently signed a cybersecurity executive order that allows firms to share information, while allowing federal agencies to notify private companies about cyberthreats, but it doesn't allow private companies to notify the government in order to receive protection from possible repercussions.