CISPA Clears House Intelligence Panel

Compromise on Privacy, Civil Liberties Is in Eye of the Beholder

By , April 11, 2013.
CISPA Clears House Intelligence Panel

Legislation to encourage the U.S. federal government and industry to share cyberthreat information cleared the House Intelligence Committee by an 18-2 vote after being amended to strengthen privacy and civil liberties' protections.

See Also: Breaking Down Ease-of-Use Barriers to Log Data Analysis for Security

At a markup session on April 10, the House Permanent Select Committee on Intelligence adopted three amendments to the Cyber Intelligence and Sharing Protection Act that sponsors assert would strengthen privacy protections and civil liberties by:

  • Requiring the government to establish minimization procedures designed to limit the receipt, retention and use of personally identifiable information not necessary to protect systems or networks from cyberthreats while ensuring the critical cyberthreat information necessary to protect systems can flow quickly.
  • Adding responsibilities for the Privacy and Civil Liberties Board and individual agency privacy officers to provide additional oversight of the government's use of information received from the private sector under the bill.
  • Limiting the private sector's use of any cybersecurity information received only to a cybersecurity use purpose.

Opponents: Privacy Safeguards Insufficient

The amendments are seen as a concession to privacy advocates, although two Democratic members of the committee contend the protections didn't go far enough, and provided the only two votes against the bill. "I strongly agree with the need to enact effective cybersecurity legislation, and commend the bipartisan effort of the House Intelligence Committee, but this bill doesn't sufficiently protect individual privacy rights," said Rep. Jan Schakowsky, D-Ill., who along with Rep. Adam Schiff, D-Calif., voted against the bill.

Still, other Democratic committee members said the amended version should affirmatively address the objections raised last year when President Obama threatened to veto the bill known as CISPA over privacy and civil liberties concerns. "I would not support a bill that did not take our citizens' privacy seriously," said Rep. Jim Langevin, the Rhode Island Democrat and committee member who co-founded the Congressional Cybersecurity Caucus.

The White House hasn't taken a position yet on the 2013 version of CISPA, which goes to the full House for consideration, possibly as early as next week [see Is Compromise in Offing for CISPA?]. The 2012 version of the bill passed the House, but never came up for a vote in the Senate.

Backed by advocacy groups such as the American Civil Liberties Union and the Electronic Frontier Foundation, Schakowsky said the amended bill failed to provide an adequate balance between cyber-protection and privacy and civil liberties safeguards.

Amendments Rejected to Fortify Privacy Rights, Keep Data from Military

The committee rejected three amendments Schakowsky offered that the Illinois Democrat contends would have strengthened privacy protections, ensured that consumers can hold companies accountable for misuse of their private information, required that companies report cyberthreat information directly to civilian agencies and maintained the long standing tradition that the military doesn't operate on U.S. soil against American citizens.

Schakowsky said she'll bring up her amendments when the House considers the measure.

But Langevin, in voting for the bill in committee, said the amended bill provides sufficient privacy and civil liberties protections, although he suggested the legislation could be strengthened.

"We cannot address these challenges without effective information sharing, and after much collaboration with civil liberties advocates, we have included strong precautions that guard against government access to and use of people's personal information," Langevin said. "I will continue to work with the committee, the White House and stakeholders to strengthen the measure when it comes to the House floor."

Anti-Hack-Back Rider Affirmed

Langevin offered an amendment that the committee accepted that specifies the measure does not provide any new authority to "hack back," addressing concerns that the measure could be misinterpreted to authorize companies to hack into other companies' networks to take back information that was stolen from them.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE AV Firms Defend Regin Alert Timing

Anti-virus firms Symantec, F-Secure, and Kaspersky Lab have been criticized for not issuing public...

Latest Tweets and Mentions

ARTICLE AV Firms Defend Regin Alert Timing

Anti-virus firms Symantec, F-Secure, and Kaspersky Lab have been criticized for not issuing public...

The ISMG Network