CISPA backers reintroduce bill; privacy advocates quick to reiterate criticism
Backers of a controversial cybersecurity bill approved by the House in April 2012 reintroduced it again Feb. 13 for consideration by the new Congress.
The Cyber Intelligence Sharing and Protection Act (H.R. 624) would create a mechanism for the private sector to share with the federal government cyber threat information--the Homeland Security Department, or another federal agency. Critics such as the Center for Democracy and Technology say the bill language creates an avenue for information on American Internet users to go to the intelligence community, a criticism CDT President Leslie Harris reiterated soon after the bill's reintroduction.
Privacy groups have also said the bill would allow federal agencies to repurpose the information they do receive through the information sharing program, something that goes against privacy principles requiring data to be used only for the purpose for which it was collected.
The reintroduced bill, like the version that passed the House, says the government could use the information for cybersecurity itself, as well as the investigation and prosecution of cybersecurity crimes; protection of individuals from the danger of death or physical injury; protection of minors from physical or psychological harm; and protection of the national security of the United States.
Critics have particularly noted the crime and national security provisions, stating that they could lead to overly broad uses of the data.
Bill co-sponsors Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), chairman and ranking member, respectively, of the House Intelligence Committee, have said much of the criticism is unwarranted.
The bill's language prevents an Internet service provider from sharing information about its individual customers, a committee "myth v. fact" document (.pdf) says.
Worries that the federal government would be able to read private emails without a warrant ignores "the highly rapid and automated nature of cyber threat information sharing," the document also says.