CISPA clears House Intelligence Committee
Privacy advocates continue to oppose the Cyber Intelligence Sharing and Protection Act (H.R. 624) after the House Intelligence Committee voted 18-2 for it April 10, saying that amendments added to the bill don't account for all their objections.
During the markup session, the committee approved via voice vote amendments that bill sponsors said were crafted to address privacy concerns, including one offered (.pdf) by Rep. Terri Sewell (D-Ala.) that removes secondary use permission to utilize cyber threat information for national security purposes.
In addition, amendments approved during the session include one (.pdf) that would limit private sector use of cyber threat information shared under CISPA auspices to cybersecurity purposes only, another (.pdf) that would stipulate that liability protection extends only to actions taken on operators' own network, and one (.pdf) that would require the government to establish data minimization procedures that would filter out personally identifiable information from data shared by the private sector.
But, the committee defeated four amendments that would have gone further to address critics, including one (.pdf) proposed by Rep. Jan Schakowsky (D-Ill.) that would have restricted the flow of cyber threat information sharing from companies to civilian agencies. The fact that under CISPA as currently written, companies would be able to share information with agencies of their choice, including Defense and Intelligence agencies, has become an increasingly large part of criticism directed against the bill.
"Civilian control is the elephant in the room that CISPA co-sponsors refuse to address," said Center for Democracy and Technology senior counsel Greg Nojeim ahead of the markup.
In a statement emailed to reporters after the session, Michelle Richardson, legislative counsel for the American Civil Liberties Union Washington legislative office, said her organization also continues to oppose CISPA because "military agencies like the NSA are still allowed to collect American internet information" and because private sector liability protection offered by the bill would still grant companies "immunity for 'hacking back.'"