Corporations Support CISPA

Erin is a member of The Motley Fool Blog Network -- entries represent the personal opinion of the blogger and are not formally edited.

The Obama Administration announced Wednesday it would veto the controversial Cyber Intelligence Sharing and Protection Act (CISPA) bill, H.R. 3523, if it came to the President’s desk. The Administration cited concerns that the legislation would undermine personal security and civil liberties.

Sponsored by House Intelligence Committee chairman Rep. Mike Rogers and Ranking Member Dutch Ruppersberger, CISPA would broaden the intelligence community’s ability to share classified information about threats to the nation’s cyber security with private businesses or other non-governmental parties.

Supporters of the bill, which includes some of the largest publicly traded corporations in the United States, (and the soon-to-be-traded Facebook) claim that the bill would help businesses defend themselves against cyber attacks, and to share information with other businesses about the attacks. It would also make it easier for businesses to receive critical information faster from the government regarding or during an attack, and also limits the government’s ability to force a company to share private information.

Opponents of the bill fear that CISPA could also be used by the government to force a company to share (or that a company may voluntarily share) personal information gathered on its users with the government. Notably, no large corporations have issued statements opposing the bill, but several watchdog and civil liberties groups have.

At first CISPA may appear to be a repackaging of the much maligned and defeated Stop Online Piracy Act (SOPA) from January 2012. At that time dozens of corporations lined up to protest the bill, which effectively led to its demise.

However, CISPA and SOPA have little in common now. The main difference is that SOPA would have allowed the government to shut down the internet, or internet-based businesses, for a variety of reasons, some serious, some nearly trivial. It was also originally designed to stop online piracy from foreign entities of copyrighted material. CISPA, on the other hand, is supported and championed by the many of the same companies that opposed SOPA, and has little to do with copyrights and piracy.

In a nutshell, CISPA is designed to protect businesses. SOPA would have allowed the government to shut businesses down.

As it is currently written, the bill could allow the National Security Agency to request information about Internet users if a contact in their e-mail lists has contacted anyone suspected of terrorist activity. Civil rights groups, including the ACLU and the Center for Democracy and Technology believe the bill is too broad in nature, and would open the door to companies sharing too much personal information (in violation of user signed privacy and use agreements).

In a statement released Wednesday, the White House said, “The bill would allow broad oversharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information.”

The Office of Management and Budget stated that the bill “effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres.”

Supporters of the bill includ some of the largest publicly traded corporations in the United States. Microsoft (NASDAQ: MSFT) vice president Fred Humphries stated, "The bill would also clarify the ability of the government to share meaningful threat information with non-governmental entities that are capable of using it to protect critical information technology networks." AT&T (NYSE: T) issued a statement saying CISPA, "an important and positive step in strengthening cybersecurity collaboration." Likewise, IBM (NYSE: IBM) believes a non-regulatory approach to spur sharing of actionable cyber threat information between government and industry is a critical piece to improving the security of our nation and its assets as we continue to operate and thrive on a digital network."  In a letter to the committee, Oracle (NYSE: ORCL) chief security officer, Mary Ann Davidson said, “your bill would removed key legal obstacles to effective bi-directional cybersecurity information sharing between the government, including the intelligence community, and industry. In particular, Oracle has long called for timely sharing by federal agencies with the private sector of actionable information about the most advanced cyber threats, which your bill promotes. Additionally, it would address key liability concerns that are known to inhibit information sharing by companies in certain circumstances. We also appreciate that it preserves the voluntary nature of information sharing, as you have recognized that any rigid mandate would undermine the trust that is the foundation of successful public-private cybersecurity collaboration.” (Public list of Letters of Support Sent to Permanent Select Committee on Intelligence)

So why is it the government that is opposing a bill that the other opponents fear would give the government too much access to personal data? Why would the ACLU, an organization that casually defined could be described as fighters to make sure everyone gets to do whatever it is they want to do, oppose a bill that allows businesses to share information with each other in the case of a cybersecurity threat or attack?

From the ACLU blog, “CISPA's sponsors don't seem to want it that way. Here's how CISPA's scheme might work: imagine you are emailing your doctor from your Gmail account about a medical condition. Your doctor pulls up your medical records from his cloud storage server and sends them your way. Somewhere in that communication, a virus crops up. Under CISPA, Google could send your emails, including the electronic copy of your medical records, to the NSA, so they can gather information on the virus. But, Google would be under no obligation whatsoever to scrub out your private details — which have nothing to do with the virus. And now your medical records are in government hands indefinitely — and the government can use them for all sorts of unrelated purposes like the undefined "national security."”

This is an interesting change from the past where individuals didn't trust the government. People used to fear "Big Brother was watching." But now suddenly it is Big Brother himself (separating the administrators from the legislators) who opposes the bill that would give him the information critics don't believe he should have. And the same businesses who fear Big Brother, are the ones supporting the bill.

In the end it all comes down to trust and who you trust more. The businesses supporting the bill trust that the government will not come asking for personal information unless there is a national security threat or cybersecurity threat. What constitutes a national security or cybersecurity threat is not clearly defined. Why? Because a clear definition, no matter how sweeping, is still too limiting. Technology changes every day, and therefore the creative ways in which an attack or threat could be orchestrated changes every day. A definition would therefore be outdated before the ink was dry on the President's signature. But while the businesses trust the government, there are the other entities that do not trust the businesses or the government, as seen in the ACLU comments above.

It is worth noting that during this controversy, American citizens who are also shareholders of the corporations involved, have double the power. They can both call or email their Congressional representative to voice support or oppositions, and as shareholders, do the same to the corporations.

The full text of H.R. 3523 as of April 19, 2012 can be found here (PDF).


ErinAnnie has no positions in the stocks mentioned above. The Motley Fool owns shares of International Business Machines, Microsoft, and Oracle. Motley Fool newsletter services recommend Microsoft. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

blog comments powered by Disqus