House approves cybersecurity bill over Obama veto threat
The House on Thursday approved controversial cybersecurity legislation that the Obama administration has threatened to veto.
Members approved the Cyber Intelligence Sharing and Protection (CISPA) act, H.R. 3523, in a 248-168 vote that split both parties somewhat. The bill was supported by 42 Democrats, while 28 Republicans opposed
The House approved the bill after making a number of changes aimed at limiting the way the government could use the information that companies provide. CISPA would make it easier for companies to share information with the government about the threats facing their networks. Supporters ó Republicans and Democrats alike ó said the proposal is a reasonable compromise between the need for privacy and security.
"The intelligence community has the ability to detect these cyber threats, these malicious codes and viruses, before they are able to attack our networks," said Intelligence Committee ranking member Dutch Ruppersberger (D-Md.). "But right now, federal law prohibits our intelligence community from sharing the classified cyber threat with the companies that will protect us that control the network, the AT&Ts, the Verizons, the Comcasts, those groups.
"We have the ability to give them the information to protect us, but yet we have to pass a law to do that."
The bill enjoyed strong bipartisan support before the administration issued a veto threat and sided with privacy advocates who argue the bill does not do enough to protect consumers' private information. The White House also wants regulatory mandates for critical infrastructure providers, which are not contained in CISPA.
It also seemed to have the effect of peeling Democrats off the bill, as several Democrats took up Obama's arguments during floor debate.
"In an effort to foster information sharing, this bill would erode the privacy protections of every single American using the Internet," said Rep. Bennie Thompson (D-Miss.). "It would create a Wild West of information sharing, where any certified business can share with any government agency, who can then use the information for any national security purpose and grant the business immunity from virtually any liability."
Rep. Jared Polis (D-Colo.) added that the bill is an "unprecedented, sweeping piece of legislation that would waive every single privacy law ever enacted in the name of cybersecurity."
Republicans did allow several amendments to be considered that narrowed the scope of the bill, including proposals from members of both parties. One from Rep. Ben Quayle (R-Ariz.) would allow the government to use the information it collects only for five purposes, all related to protecting people and prosecuting crimes.
Others would prohibit the government from using certain electronic data as it works to fight cyber threats, narrow the definition of what information can be shared, and encourage the government to create procedures to protect privacy.
Even before those amendments, supporters argued that the bill has enough safeguards in it to ensure the privacy of consumer data.
"The bill includes significant safeguards to protect personal and private information," Rep. Rich Nugent (R-Fla.) said. "It significantly limits the federal government's use of that information that the private companies voluntarily provide, including the government's authority to search data."
The bill is one of four cybersecurity bills the House is expected to consider this week. The others are the Federal Information Security Amendments act (H.R. 4257), the Cybersecurity Enhancement act (H.R. 2096), and the Advancing America's Networking and Information Technology Research and Development act (H.R. 3834). House Republicans have put these three bills on the suspension calendar, a process usually reserved for non-controversial bills that will require them to pass by a two-thirds majority vote.
CISPA: A vaguely-defined bill against an imaginary threat Ė commentator
The House of Representative has passed CISPA, a bill seeking to increase the government's power to monitor private data online. Political commentator Luke Samuel says the law is directed against a nebulously-defined and imaginary threat.
Luke Samuel, who writes for Spiked magazine, sat down with RT to talk about the reasons why thereís such a push for the bill to be adopted Ė and what it means for Internet users.
RT: Is CISPA really so bad for the average user? If you do nothing wrong, what does anybody have to worry about it?
Luke Samuel: Well, this is the common attitude in the discussion around privacy. Effectively, if youíve got nothing to hide, you shouldnít be worried about passing over your private information.
And I actually think thatís a really damaging attitude. We as citizens have a right to hold back information from the state and from government snoops. So I think this portrays whatís underlying a lot of anti-privacy legislation around the world, not just online, but also offline. This attitude that being able to hold your personal information is no longer important, which it is.
ĎNo one really knows what cyber security actually means, which makes CISPA a far more dangerous act. í
RT: Weíve seen so much of these web-regulating lawmaking attempts, SOPA, PIPA, and now CISPA. Why is it all coming at once?
LS: Well itís important, actually, to distinguish CISPA from the rest of them because CISPA is not about intellectual property. This is an act about something far more nebulous. Itís about protecting "cyber security." And by the way, no one really knows what cyber security actually means, which makes it a far more dangerous act. Itís effectively giving the American government significant powers to inspect and to snoop, to investigate concerns which no one has really defined.
And thatís what a lot of campaigners around this act have pointed out. But these terms are fundamentally ill-defined and nebulous. That actually makes it a more dangerous piece of legislation than those that have gone before it.
RT: Thousands of Europeans came out against ACTA. What can they do about CISPA? Itís a US law, but it could still reach them if they use, for instance, Google.
LS: Well thatís absolutely right. But that also underplays the role that the British government specifically have played during much the same in lawmaking over here. We know that earlier this year the coalition government in the United Kingdom announced plans very similar to whatís being proposed in CISPA now: the power to effectively intercept and read private communications from the web.
CISPA does affect an international audience, but it almost doesnít need that because governments, especially in the United Kingdom, are sharing that impulse to interfere in our private Internet communications. Itís an extremely worrying global trend.
ĎCan anyone actually name a significant act of cyber terrorism that has happened in the West, ever?í
RT: Cyber security is a concern, though. A lot of sensitive information is online these days. Isnít it time to have some more tightened laws to police it if it gets out of hand?
LS: Well, thatís the wrong focus. What we should be discussing is our right to retain information. Sure, there may be some spotty jihadi sympathizers out there who may want to come and infiltrate our Internet security.
To be honest, I think these spotty jihadists exist more in the minds of Western governments than they do anywhere in reality. Can anyone actually name a significant act of cyber terrorism that has happened in the West, ever? No, because it never has. Itís an imagined threat. And itís an imagined threat which now threatens our freedom online and threatens our experience of the Internet. So the fact that this legislation is being effectively introduced in response to an imagined threat actually adds to the suspicion and danger around it.
I donít think this is about Internet security. I think itís about national security generally. I think this act is more likely to be used to control and monitor efforts to organize terrorist attacks offline. The danger with that is that in America specifically, weíve recently had arrests of individuals for encouraging al-Qaeda sympathies. Now, that couldnít be possible under the American legal system because of the First Amendment.
And because of these recent cases, thereís a radical reinterpretation underway of the First Amendment and, more broadly, free speechís position in American society. So I donít think we should be concerned about that small minority that might try to shut down MasterCard for another half an hour. We should be concerned about the American governmentís will and drive to control not just our freedom online, but our freedom to publish ideas more widely.
The House of Representatives approved CISPA, which stands for the Cyber Intelligence Sharing and Protection Act, with a vote of 248-168 on Thursday. The Senate is set to discuss and vote on the legislation, after which it will go to President Obamaís desk. The White House has so far come out with a statement saying Obama will be advised to veto the legislation.
CISPA was introduced by Representative Mike Rogers last November and has since been amended a number of times. The bill has been censured by a number of famous personalities and NGOs, including Tim Bernars-Lee, the man credited with creating the World Wide Web, and the American Civil Liberties Union (ACLU).