Obama, Cybersecurity And The Return Of CISPA

The more things change the more they stay the same.

With the strike of his pen Tuesday, President Obama signed an executive order aimed at bolstering the nation's cyber defenses and improving security. Later that night, in his State of the Union address, the President preached about the need to protect the country from online threats and the value of the private and public sector coming together to face protect the nation's critical infrastructure. In his speech, he urged Congress to get to work to make this happen.

"Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks," Obama said.

Emboldened by the chief executive's rhetoric, on Wednesday members of the House of Representatives reintroduced CISPA (Cyber Intelligence Sharing and Protection Act), the highly controversial legislation that saw heavy opposition and online protest last year for its failure to protect the very privacy rights that the President's current executive order claims to protect. The measure, which passed the House last year but failed in the Senate, amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence sharing. That means CISPA offers legal protection for sharing personal data (such as private email correspondence) between the government and private companies - all without a warrant. Here's the updated version of CISPA, introduced by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.).

If enacted, this would give Federal agencies a blank check to search our private data. Our once "unalienable rights" as Americans are starting to look more and more alienated. 

Backing the bill are a host of major trade groups as well as tech giants like AT&T, Facebook, IBM, Intel, Oracle, Symantec and Verizon. Why do these companies support it? One of those supporters, Facebook, said the law would not make the company share any more of its own data than is required. Others have explained their support by saying that sharing major data about cyber attacks would help protect all companies.  

Backlash And Measured Responses

In the wake of this news, there's been a major backlash online. Privacy advocate groups such as the ACLU, and the Center for Democracy and Technology, are all up in arms. The Electronic Frontier Foundation is asking people to contact their representatives to oppose the bill. The Internet nonprofit Fight For The Future has set up the protest website CISPAisBack.com as a resource to petition the bill, and provides info on CISPA and even phone numbers of representatives and a script to use when calling.

There's no denying that America is vulnerable online. In 2012, the number of attacks reported to the U.S. Department of Homeland Security grew by 52%, according to Homeland Security's Industrial Control Systems Cyber Emergency Response Team. But while something significant must be done, our privacy should not be sacrificed in the process.

Marc Rotenberg, the executive director of the Electronic Privacy Information Center,  calls CISPA a "civil liberties minefield." Instead, he's in favor of "the approach set out in the executive order: Transparent, collaborative, and under the direction of a civilian agency."

Michelle Richardson, legislative counsel at the ACLU, adds that the main danger of CISPA is that it makes companies exempt from all the privacy laws currently on the books. And in so doing, creates tremendous uncertainty when it comes to our personal data.

"The idea of 'information sharing' isn’t necessarily offensive in and of itself, but the question is what info will be shared, who can it be shared with and what can be done with it?" Richardson asked.

Richardson agrees with Rotenberg that such programs should remain in civilian hands, and future privacy protections must include sharing restrictions. Richardson doesn't think CISPA meets those requirements, and hopes that as it moves along the legislative process, it will incorporate some of the amendments made to last year's failed Senate bill. "The Senate bill is not perfect, but it's a better alternative privacy-wise and hopefully the House will consider incorporating some of those protections."

But whether or not the new bill will incorporate those earlier changes is still a big question mark. 

"No one knows what will be in the final bill voted on by the Senate," said Michael Hussey, the chief executive and founder of the personal search engine site PeekYou.

Who Will Really Win And Lose?

While Hussey and most Web companies and individuals want improvements, they are only seeking specific regulations to what kind of information can be shared, and regs geared to protecting people's privacy. Hussey thinks major companies, like Facebook and IBM, are supporting the bill because that could keep them on top, and competitors out of or pushed down within the marketplace.

"In this case, the largest players all stand to gain from open-ended legislation towards this end, likely at the expense of competitors and consumers," Hussey emphasized.

This is the first chapter in Book Two of the CISPA saga. There are many more to go through as the proposal begins its long route through Congress. If you are concerned about online privacy, it would be a good idea to monitor the progress of the bill, and make your concerns known to your Congressional representative.

Image courtesy of Shutterstock.