House passes CISPA bill

The US House of Representatives voted to approve CISPA, the much criticized legislation that aims to protect businesses from cyber attacks.

|
J. Scott Applewhite
In this Oct. 8, 2012 file photo, House Intelligence Committee Chairman Rep. Mike Rogers, R-Mich., left, and the committee's ranking Democrat, Rep. C.A. "Dutch" Ruppersberger, D-Md., participate in a news conference on Capitol Hill in Washington. The House passed the CISPA Thursday.

Pro-business legislation aimed at helping companies fend off sophisticated foreign hackers sailed through the House on Thursday despite a White House veto threat and an outcry from privacy advocates and civil liberties groups that say it leaves Americans vulnerable to spying by the military.

The House vote, 288-127, puts the spotlight on the Senate, which hasn't taken up the issue and is consumed with other high-profile issues such as gun control and immigration. The lack of enthusiasm in the Senate and objections by the White House mean that the legislation is in limbo despite an aggressive push by lobbyists representing nearly every corner of industry.

The Cyber Intelligence Sharing and Protection Act, or CISPA, is widely backed by industry groups that say businesses are struggling to defend themselves against aggressive and sophisticated attacks from hackers in China, Russia and Eastern Europe.

Hackers haven't been able to deliver crippling blows to the U.S. economy or infrastructure, but they have been able to wreak havoc on some key commercial systems. Most recently several news outlets including the New York Times acknowledged that their systems had been penetrated, while banks are said to be quietly fighting daily intrusions. North Korea was recently held responsible for a cyberattack that shut down tens of thousands of computers and servers at South Korean broadcasters and banks.

The bill, said House Intelligence Committee Chairman Rep. Mike Rogers, R-Mich., strikes "that right balance between our privacy, civil liberties and stopping bad guys in their tracks from ruining what is one-sixth of the U.S. economy."

Under the legislation, businesses and the federal government would be able to share technical data without worrying about anti-trust or classification laws. The bill also would grant businesses legal immunity if hacked so long as they acted in good faith to protect their networks. The bill is sponsored by Rogers and Rep. Dutch Ruppersberger, D-Md., the panel's top Democrat.

But privacy advocates and civil liberties groups say the bill would open up Americans' most private online records to the federal government. The bill doesn't include a requirement that companies scrub data of sensitive information like health or credit records before sharing it with the government.

In its veto threat issued Tuesday, the White House echoed that concern.

"Citizens have a right to know that corporations will be held accountable — and not granted immunity — for failing to safeguard personal information adequately," the White House stated.

Rep. Adam Schiff, D-Calif., had tried to amend the bill to require companies to strip any data of personally identifiable information before sharing it with the government. But Republicans blocked his proposal from being debated on the floor because they said tough mandates might deter companies from participating.

Business groups say the privacy concern is overblown.

"When it comes to sharing, there are practical, business reasons why companies carefully protect" sensitive information, Tim Molino with the Business Software Alliance recently wrote in an online post urging lawmakers to pass the bill.

"At the end of the day, personal information is customer information, and maintaining trust with customers is a core business imperative," Molino added.

Privacy groups also objected to the bill because they said it would give the National Security Agency a front-row seat in analyzing data from private computer networks. The bill doesn't address the NSA's role specifically, but it's presumed that the military intelligence agency would have a central role in the data-sharing program because of its technical expertise in tracking foreign-based hackers.

Democratic Rep. Jan Schakowsky of Illinois had tried to amend the bill to prohibit the military from collecting threat data directly from industry. But that proposal also was blocked from floor debate amid GOP objections. Still facing a veto threat, Rep. Michael McCaul, R-Texas, worked with Democrats on a measure that would ensure that companies go first through the Department of Homeland Security. While that proposal was adopted, the American Civil Liberties Group and others still were not satisfied.

The White House had asserted in its statement that any information from the private sector should enter the government through a civilian agency, namely the Department of Homeland Security.

"We have long said that information sharing improvements are essential to effective legislation, but they must include proper privacy and civil liberties protections, reinforce the appropriate roles of civilian and intelligence agencies and include targeted liability protections," said White House spokeswoman Caitlin Hayden in a statement.

A similar version of the bill passed the House a year ago by a 248-168 vote. But that bill also had prompted a veto threat and never gained traction in the Senate.

Rogers has said he thinks the political calculus has changed and that China's hacking campaign was too brazen for the White House to justify the status quo.

"There's a line around the Capitol building of companies willing to come in and tell us in a classified setting (that) 'my whole intellectual property portfolio is gone,'" Rogers said. "I've never seen anything like this, where we aren't jazzed and our blood pressure isn't up."

In February, Obama signed an executive order that would help develop voluntary industry standards for protecting networks. But the White House and Congress agreed that legislation was still needed to address the legal liability companies face if they share threat information. Senate Majority Leader Harry Reid, D-Nev., promised at the time to advance a bipartisan proposal "as soon as possible," although one hasn't emerged.

Sen. Jay Rockefeller, D-W.Va., chairman of the Senate Commerce Committee, is expected to take the lead on a cybersecurity proposal that would likely address the issue of information sharing but also take up other issues including ways to improve research and development. A panel spokesman said Rockefeller intended to work with Sen. John Thune, R-S.D., to introduce a plan to committee members "in the near future."

Associated Press writer Jim Abrams contributed to this report.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to House passes CISPA bill
Read this article in
https://www.csmonitor.com/Technology/Latest-News-Wires/2013/0418/House-passes-CISPA-bill
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe