News Story

Controversial Cyber Security Bill Passed By U.S. House

Legitimate Internet protection or threat to civil liberties?

A controversial cyber security bill that has been compared to another government Internet oversight measure that was thwarted, passed the U.S. House of Representatives.

The Cyber Intelligence Sharing and Protection Act has been compared to the Stop Online Piracy Act that was pulled from House deliberations after several major Web sites, including Wikipedia and Reddit, temporarily shut down their sites in protest of the bill.

Chief among the stated concerns of both bills is the privacy of customers whose personal information would be shared with the government by companies with which they conduct business. The intention of SOPA was to curtail illegal downloads of copyrighted material, while CISPA deals with Internet attacks and hacking of banking, utility, and other privacy-intensive Web sites.

Two Michigan congressmen are on opposite sides of the issue.

The bill, which was introduced by Rep. Mike Rogers, R-Brighton, the House Permanent Select Committee on Intelligence chairman, and Rep. C.A. “Dutch” Ruppersberger, D-Md., passed the House by a 248 to 168 vote.

In a statement, Rep. Rogers said: “We can’t stand by and do nothing as U.S. companies are hemorrhaging from the cyber looting coming from nation states like China and Russia.... America will be a little safer and our economy better protected from foreign cyber predators with this legislation.”

In an email, Dave Yonkman, spokesman for Rep. Rogers, said: “By permitting the private sector to expand its own cyber defense efforts and to use classified information to protect its systems and networks, this bill will help create a more robust cybersecurity marketplace with expanded service offerings and jobs. More importantly, this bill does not contain any new federal spending or impose additional federal regulation or unfunded mandates on the private sector.”

Yonkman continued: “The House of Representatives took the first step in making it harder for economic cyber spies to steal American business plans and research and development. The Cyber Information Sharing & Protection Act will help US companies better protect themselves from dangerous economic predators.”

Legislators passed the bill after they unanimously approved an amendment by Rep. Justin Amash, R-Cascade Township. Rep. Amash’s amendment prohibits the government from accessing library circulation records and patron lists; book sales records and customer lists; firearms sales records; and tax-return, medical, and educational records.

In a press release, Rep. Amash, who voted against the bill, explained: “The government shouldn’t be allowed to spy on the books Americans read or the guns they buy ... We can’t sacrifice core civil liberties in the name of cybersecurity.” He also noted that the bill’s definition of “cyber threat information” is “a term that is defined broadly.”

Will Adams, deputy chief of staff for Rep. Amash, says the congressman opposes CISPA, but the amendments to the bill temper somewhat the concerns over privacy issues.

"At the very least, the Amash amendments are a common-sense narrowing of the original bill’s liability waiver, which provided private companies with immunity from all state and federal privacy laws if they share private information with the government,” he said in a phone interview. “CISPA took an ax to privacy laws, when Rep. Amash would much rather prefer a scalpel.”

Adams said Rep. Roger’s bill would grant the government the ability to do anything it wished with the information obtained through CISPA. “CISPA is a flawed bill,” he said, “because private information that is protected currently by state and federal laws wouldn’t be exempted, and CISPA could be employed to override those constraints. The amendments limit what government can do with this information.”

Adams says, “Folks say you need a broad exemption for CISPA to be viable, but our view is that we should be careful and create narrow exemptions only when there are true legal impediments to reasonable cyber security information sharing.”

Adams said Rep. Amash still opposes the bill: “Even with the narrowing of scope our amendments provide, the government can still use citizen’s information for purposes that have nothing to do with cyber security.”

“We tip our hats to Rep. Rogers for his responsiveness to our privacy concerns and companies’ rights to protect their customers,” Adams concluded.

Yonkman says comparisons between CISPA and SOPA are inaccurate. “SOPA’s focus was the protection of music and film copyrights,” he said. “CISPA’s focus is cyber threat sharing to prevent actual computer and network intrusions from advanced foreign cyber threats from countries like China, Russia and Iran. While there is still some misinformation out in the blogosphere on Chairman Rogers’ bill, even the civil liberties and privacy organizations agree that there is absolutely no relation between CISPA and SOPA.”

CISPA gives the federal government new authority to share classified cyber threat information with approved American companies and knocks down barriers to cyber thraeat information sharing,” Yonkman said. “With strong provisions built in to keep individual American’s private information private, the bill allows U.S. businesses to better protect their own networks and their corporate customers from hackers looking to steal intellectual property,” he said.

Yonkman emphasized that participation with CISPA is voluntary. “The bill only provides new authority for sharing cyber threat information, and the bill provides absolutely no authority to block web sites, or restricting and controlling Internet traffic,” he said.

Bruce Edward Walker (bwalker@heartland.org) is managing editor of The Heartland Institute’s InfoTech & Telecom News and is the former editor of the Mackinac Center’s MichiganScience magazine.

Michigan Capitol Confidential is the news source produced by the Mackinac Center for Public Policy. Michigan Capitol Confidential reports with a free-market news perspective.