X

Opposition grows to CISPA 'Big Brother' cybersecurity bill

CISPA is met with a last-minute wave of opposition, including from Rep. Ron Paul and 18 House Democrats. But it may not be enough to stop the U.S. House of Representatives from approving the bill on Friday.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read
GOP presidential candidate Rep. Ron Paul, shown here in a previous visit to Silicon Valley, says CISPA is "Big Brother writ large."
GOP presidential candidate Rep. Ron Paul, shown here in a previous visit to Silicon Valley, calls CISPA "Big Brother writ large." Declan McCullagh

Last-minute opposition to the CISPA, which has been criticized as a "Big Brother" cybersecurity bill, is growing as the U.S. House of Representatives prepares for a vote this week.

Rep. Ron Paul, the Texas Republican and presidential candidate, warned in a statement and YouTube video today that CISPA (PDF) represents the "latest assault on Internet freedom." Paul warned that "CISPA is Big Brother writ large," and said that he hopes that "the public responds to CISPA as it did to SOPA back in January."

In addition, 18 Democratic House members signed a letter (PDF) this afternoon warning that CISPA "does not include necessary safeguards" and that critics have raised "real and serious privacy concerns." The number of people signing an anti-CISPA petition is now at more than 718,000, up about 100,000 from a week ago.

CISPA Excerpts

Excerpts from the Cyber Intelligence Sharing and Protection Act:

"Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes -- (i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such self-protected entity; and (ii) share such cyber threat information with any other entity, including the Federal Government...

The term 'self-protected entity' means an entity, other than an individual, that provides goods or services for cybersecurity purposes to itself."

CISPA would permit, but not require, Internet companies to hand over confidential customer records and communications to the U.S. National Security Agency and other intelligence and law enforcement agencies.

It's hardly clear, however, that this wave of opposition will be sufficient.

CISPA -- also known as the Cyber Intelligence Sharing and Protection Act -- has 113 congressional sponsors. Instead of dropping off as criticism mounted, which is what happened with the SOPA protests in January, more continue to sign up, with six new sponsors adding themselves in the last week.

Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, said today that he remains confident that the CISPA will be approved this week.

"Chairman Rogers continues to have an open door and continues to work to address privacy concerns as the bill moves toward the floor," a House Intelligence Committee spokesman told CNET this afternoon.

Foes of CISPA are hoping to submit amendments that, they believe, would defang the most objectionable portions.

The House GOP leadership has scheduled a vote on CISPA for this Friday. Proposed amendments to CISPA are required to be submitted to the House Rules committee by 1:30 p.m. PT tomorrow.

Rep. Zoe Lofgren, a California Democrat whose district encompasses the heart of Silicon Valley, said today: "I cannot support it in its current form. I made suggestions to improve the bill to safeguard the privacy and due process rights of all Americans." (Lofgren posted (PDF) a longer list of concerns on her Web site.)

What sparked the privacy worries -- including opposition from the Electronic Frontier Foundation, the American Library Association, the ACLU, and the Republican Liberty Caucus -- is the section of CISPA that says "notwithstanding any other provision of law," companies may share information "with any other entity, including the federal government."

By including the word "notwithstanding," CISPA's drafters intended to make their legislation trump all existing federal and state civil and criminal laws. It would render irrelevant wiretap laws, Web companies' privacy policies, educational record laws, medical privacy laws, and more. (It's so broad that the non-partisan Congressional Research Service once warned (PDF) that using the term in legislation may "have unforeseen consequences for both existing and future laws.")

A position paper on CISPA from Rogers and Ruppersberger says their bill is necessary to deal with threats from China and Russia and that it "protects privacy by prohibiting the government from requiring private sector entities to provide information." In addition, they stress that "no new authorities are granted to the Department of Defense or the intelligence community to direct private or public sector cybersecurity efforts."

During a town hall meeting that CNET hosted last week in San Francisco, Jamil Jaffer, senior counsel to the House Intelligence Committee, said the protests ignored the fact that the bill was approved by a bipartisan committee majority back in December.

"There's no secret agenda here. It's only 19 pages," Jaffer said. "You don't need to be a lawyer to read this bill."