Civilian Oversight Overlooked as CISPA Clears House Committee
A bill to strengthen U.S. cybersecurity and provide for better sharing of data threats has cleared its first hurdle with passage by the House Select Committee on Intelligence. However, the legislation that now heads to the full House is missing privacy protections and civilian oversight, and that should guarantee more lobbying and debate before any final version gets to President Obama's desk.
Apr 12, 2013 7:00 AM PT
A revived version of the Cyber Intelligence Sharing and Protection Act (CISPA) -- with provisions for civilian oversight absent -- passed by a vote of 18-2 Thursday in the U.S. House of Representatives Permanent Select Committee on Intelligence.
The committee adopted six amendments, but removed others aimed at privacy protection. Three of those were proposed by Rep. Jan Schakowsky, D-Ill., with one offered by Rep. Adam Schiff, D-Calif.
"I am disappointed that my amendment to require that companies sharing cybersecurity information make reasonable efforts to remove unrelated private information was not accepted," Rep. Schiff said in a statement emailed to TechNewsWorld by his communications director, Patrick Boland.
Concerns have been expressed about the bill's lack of privacy protection, but it "is trending in continuing to increase in privacy protection," said David LeDuc, senior director of public policy at the Software & Information Industry Association, which strongly supports CISPA.
The bill's cosponsors, Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, and Rep. C.A. "Dutch" Ruppelsberger, D-Md., did not respond to our request to comment for this story.
Both jointly tabled CISPA and re-introduced it in February after it was killed last year by opposition from President Obama and privacy advocates.
What CISPA Seeks to Do
CISPA would establish procedures to let the intelligence community and the private sector share information about cyberthreats.
The bill has restrictions on the sharing and use of classified intelligence. It also bars the federal government from using intelligence that's been provided by the private sector for regulatory purposes.
Information shared with the federal government is exempt from disclosure under the Freedom of Information Act, or from disclosure under any state, local or tribal sunshine laws.
Acts performed in accordance with CISPA's provisions are exempt from civil and criminal liability.
The sharing will be voluntary, and the government may not use library circulation records, library patron lists, records of book sales or book customers, and other specified records that have been shared with it.
There is a provision for the protection of individual information, and the government is liable to anyone adversely affected by the disclosure, use and protection of voluntarily shared information, for actual damages or US$1,000 plus the costs of legal action and reasonable attorney fees.
What CISPA Lost
CISPA in its present form "would overturn 20 years of civilian control of the government's cybersecurity efforts for the dot-com sector and house them in a secretive military intelligence agency," Greg Nojeim, senior counsel at the Center for Democracy & Technology told TechNewsWorld. The Intelligence committee rejected an amendment that would have maintained civilian control, thus ensuring the "continued opposition of the civil liberties community."
Rep. Schakowsky's amendments included one excluding the Pentagon and the National Security Agency from accessing third party data, and one seeking to create a high-level privacy post to oversee the retention, use and disclosure of information obtained by the federal government.
Getting to The White House
President Obama last year threatened to veto CISPA and had proposed an alternative to the bill. This year, he has called on Congress to act to improve national cybersecurity.
The bill's authors have stated they are willing to amend the proposed legislation as it makes its way through Congress.
"Call me an eternal optimist, but I think [the chances of that] are decent, they're better than they looked," LeDuc told TechNewsWorld. "The administration did issue some remarks about continued progress on the bill and, given the bills' champions determination to continue trying, things look good."