Support and Opposition of CISPA and the Cybersecurity Act

Erin is a member of The Motley Fool Blog Network -- entries represent the personal opinion of the blogger and are not formally edited.

<img src="/media/images/user_920/100_2364_large.JPG" />

CISPA, the Cyber Information Sharing and Protection Act, is back in the news, but now in the form of the Cybersecurity Act of 2012. These cybersecurity measures, if passed, would have significant impact on some of the largest corporations in the United States.

The controversial CISPA was passed by the US House of Representatives in April. It passed the House with bipartisan support in April with 248-168, including 42 Democrats in favor. There were 28 Republicans against the bill.

When the Senate returns from the Memorial Day recess, it is expected to vote on its response to CISPA- the Cybersecurity Act of 2012 (CSA), supported by Senators Joe Lieberman (I-CT), Jay Rockefeller (D-WV), Dianne Feinstein (D-CA), and Susan Collins (R-ME). This bill has the tentative support of the Obama Administration, which CISPA did not receive.

(Additionally, Senator John McCain (R-AZ) has sponsored the SECURE IT Act, which addresses the same issues. It is currently stuck in committee, and not expected to reach a floor vote any time soon.)

According to Senator Lieberman, CSA “would begin to arm us for battle in a war against the cyber mayhem that is being waged against us by our nation’s enemies, organized criminal gangs, and terrorists who would use the Internet against us as surely as they turned airliners into guided missiles. The nation responded after 9/11 to improve its security. Now we must respond to this challenge so that a cyber 9/11 attack on America never happens.”

CISPA and CSA have both alienated and attracted very strange bedfellows.  The Obama Administration opposes CISPA due to concerns that the legislation would undermine personal security and civil liberties. (The Administration has supported CSA thus far.) Also in the opposition camp you will find the ACLU, and the more libertarian Tea Party members.

Supporters of CISPA included both the head Republican and Democrat on the House Intelligence Committee who believe that CISPA would broaden the intelligence community’s ability to share classified information about threats to the nation’s cyber security with private businesses or other non-governmental parties. And now, the CSA response has also received equal bipartisan support. Non-political figures who support the ongoing cybersecurity meansure include some of the largest publicly traded corporations in the United States.

Microsoft (NASDAQ: MSFT) vice president Fred Humphries stated regarding CISPA, "The bill would also clarify the ability of the government to share meaningful threat information with non-governmental entities that are capable of using it to protect critical information technology networks."

AT&T (NYSE: T) issued a statement saying CISPA is, "an important and positive step in strengthening cybersecurity collaboration."

Likewise, IBM (NYSE: IBM) believes a non-regulatory approach to spur sharing of actionable cyber threat information between government and industry is a critical piece to improving the security of our nation and its assets as we continue to operate and thrive on a digital network."

In a letter to the House Intelligence committee, Oracle (NYSE: ORCL) chief security officer, Mary Ann Davidson said, “your bill would remove key legal obstacles to effective bi-directional cybersecurity information sharing between the government, including the intelligence community, and industry. In particular, Oracle has long called for timely sharing by federal agencies with the private sector of actionable information about the most advanced cyber threats, which your bill promotes. Additionally, it would address key liability concerns that are known to inhibit information sharing by companies in certain circumstances. We also appreciate that it preserves the voluntary nature of information sharing, as you have recognized that any rigid mandate would undermine the trust that is the foundation of successful public-private cybersecurity collaboration.”

(Public list of Letters of Support Sent to Permanent Select Committee on Intelligence)

What is it that opponents are so vehemently against? Some feel that the language in both bills could allow the government to use the data provided by Internet service providers (ISP) and companies to spy on people. The information would be requested by the government from the ISP in the event of a “cyber threat.” However, the definition of “cyber threat” is vague, which irritates some, and pleases others.

The definition is vague in order to accommodate the ever-changing world of cyber-technology, and therefore, if left loosely defined, it will adapt to currently unforeseen scenarios if they were to arise. But opponents feel the definition is too loose, and as such, could allow the government to essentially fabricate a need, declare a cyber threat, and demand information of ISPs, for the government's own greedy, and malicious use.

The ACLU aired the following complaint regarding CSA on their blog, “Information can be shared with government “exchanges,” which will be appointed by the Department of Homeland Security. The CSA does not require these exchanges to be in civilian agencies and therefore would permit the NSA or other military agencies to become direct repositories for broad swaths of American internet information. Information can also be shared with other companies.”

Opponents also argue that the bills do not specify precisely what information could be collected and shared by the government. Additionally, it is not well-defined if users or others will be able to find out if their personal data was collected and shared by the government. Similarly, there is not a clearly defined avenue for users to pursue if they believe their information was share improperly.

However, it is stated in the Cybersecurity Act of 2012 that the government agencies and companies that share information “make reasonable efforts…to safeguard information that can be used to identify specific persons…”

Leading the fight against these CISPA related bills is a joint online campaign effort of: Fight for the Future, Democrats.com, The Liberty Coalition, Entertainment Consumers Association. Their collective argument, hosted on the website Privacy is Awesome, is that CISPA would end privacy on the internet.

From their website,

Here's the deal: CISPA is now tucked inside of Senate bill S.2105, which has bipartisan congressional support, is being actively supported by the Obama Admin., and is scheduled for a vote in early June. It's alive and well, and on a clear path to becoming law.

The Senate goes on recess next week, which means we have exactly 3 days to make calls before they leave for a week and then come back for the vote. The most important thing we can do with that time is to try to get meetings scheduled with our senators while they are in their home states over the recess. This is a proven grassroots strategy that was key to killing SOPA. We can beat CISPA if we do this.

(Coalition letter expressing concerns over Cybersecurity Act (PDF))

While the movement is well organized, it fails to list on its main web page what it is about CISPA, and similar legislation that it finds appalling. Instead the site merely lists ways of contacting elected officials to air grievances. Also, it refers to CISPA as the current legislation, when in fact, it is CSA that the Senate will consider.

As it is currently written, CISPA could allow the National Security Agency to request information about Internet users if a contact in their e-mail lists has contacted anyone suspected of terrorist activity. Civil rights groups, including the ACLU and the Center for Democracy and Technology believe the bill is too broad in nature, and would open the door to companies sharing too much personal information (in violation of user signed privacy and use agreements). And yet, in spite of the perceived violation of user agreements, the largest corporations favor the bill(s).

In the end, it all comes down to trust and who you trust more. The businesses supporting the bill trust that the government will not come asking for personal information unless there is a national security threat or cybersecurity threat. But while the businesses trust the government, there are the other entities and individuals that clearly do not.

It is worth noting that during this controversy, American citizens who are also shareholders of the corporations involved, have double the power. They can both call or email their Congressional representative to voice support or oppositions, and as shareholders, do the same to the corporations.

Read Also: Corporations Support CISPA

 


ErinAnnie has no positions in the stocks mentioned above. The Motley Fool owns shares of International Business Machines, Microsoft, and Oracle. Motley Fool newsletter services recommend Microsoft. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.If you have questions about this post or the Fool’s blog network, click here for information.

blog comments powered by Disqus