CISPA concerns spread in Congress
18 Democratic House members urge controversial bill's authors to add more privacy safeguards
A growing number of lawmakers are expressing concern over the controversial Cyber Intelligence Sharing and Protection Act (CISPA) bill that's scheduled for a vote later this week in the U.S. House of Representatives.
Backers say the bill aims to improve Internet security by making it easier for Internet Service Providers and Internet companies such as Google and Facebook to collect and share a wide range of user data with government security agencies.
Privacy and civil rights groups, and even the White House have criticized the bill, contending that it oversteps existing privacy laws and its passage would enable widespread surveillance of all online activities under the pretext of cyberecurity.
In a letter to CISPA bill sponsors Rep. Mike J. Rogers (R-Mich.) and Rep. C.A. Dutch Ruppersberger (D-Md), Rep. Bennie Thompson (D-Miss.) and 17 other Democratic House members echoed the sentiments of its critics. In the letter, the group called on the sponsors to address what they called 'real and serious' privacy concerns about the proposed legislation.
Thompson, ranking minority member of the House Committee on Homeland Security, and his backers said that the "broadness and ambiguous language" in CISPA could cause problems.
"Without specific limitations, CISPA would for the first time, grant non-civilian federal agencies, such as the National Security Agency, unfettered access to information about Americans' Internet activities and allow those agencies to use that information for virtually any purpose," the letter noted.
CISPA, introduced in the House last November, would let Internet companies monitor and collect any user information they think poses a threat to their networks or systems. The bill would also let these companies share the collected information with the NSA and other federal agencies like the Department of Homeland Security.
Proponents of the bill, which include dozens of high-tech companies and trade associations, argue that the legislation would improve cybersecurity by improving information sharing between private companies and federal law enforcement agencies.
Opponents contend that the bill is dangerously worded and open to different interpretations. CISPA could, opponents say, decimate privacy protections under existing statutes such as the Federal Wiretap Act and the Electronic Communications Privacy Act.
The legislation would provide significant legal immunity to Internet companies that share user information with the federal government.
Users have little recourse if their information was unfairly collected, privacy advocates warn. And while the bill was written to boost cybersecurity, information gathered by Internet companies can be used for any law enforcement purpose, they noted
In their letter, the legislators cited a lack of "necessary safeguards" in the bill and expressed concern over its ambiguous language. "Information sharing cannot come at the expense of the constitutional rights of our constituents," it said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about gov't legislation/regulation in Computerworld's Gov't Legislation/Regulation Topic Center.