In November 2011, the introduction of the Cyber Intelligence Sharing and Protection Act (CISPA) spurred mass protests over individual and Internet privacy concerns. It initially passed the House, but died in the Senate while also facing opposition from the White House.
CISPA was recently reintroduced in the U.S. House of Representatives and has been met with the same opposition it received in 2011.
The bill, written by Mike Rogers (R-Mich), chair of the House Intelligence Committee, and ranking member C.A. Dutch Ruppersberger (D-Md), intends to make it easier for companies and government agencies “to share information regarding cyber-threats.” Advocates of the measure — AT&T, Facebook, Microsoft, and more — argue that such legislation would help combat cyber attacks and increase Internet safety for users.
The act serves as a response to the growing risk of cyber attacks and hacking by outside entities, most fearfully terrorists.
“The next Pearl Harbor we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems, our government systems,” warned Leon Panetta.
The threat has escalated over the years. A recent, massive cyber attack targeted over 760 companies, including Sony, Apple, Amazon, Facebook, Microsoft, and even government entities such as the European Space Agency. Hacking groups like Anonymous threaten companies and governments, and fears of a Chinese hacking group have escalated.
The security firm Mandiant released a 60-page report wherein they accuse the Chinese government of sponsoring hackers. China vehemently denies all allegations, though, insisting that it “resolutely opposes any form of hacking activities.”
With a wide array of attacks, one might see why corporations overwhelmingly support CISPA; it protects their company. Not only that, but it may also serve as a national security apparatus, deterring and possibly preventing potential attacks. However, not everyone sees the bill in this light.
The ACLU, for instance, spoke out against CISPA when it was first introduced in 2011. After its reintroduction, the ACLU continued to protest the bill, claiming the legislation “allows companies to share sensitive and personal American internet data with the government, including the National Security Agency and other military agencies.”
The act also grants companies “broad immunity” from the law when monitoring or sharing information so long as they act “in good faith.” To supplement this, information passed on to the government will be exempt from disclosure laws such as the Freedom of Information Act (FOIA) and other state laws.
Additionally, in the case of the government receiving non-threatening information, the government agency “does not notify the user, only the company” that sent the information in the first place.
Such a controversial measure would most likely take a great deal of time to pass. In the meantime, President Obama has issued an executive order reforming the administration’s policy on cyber-security.
While not setting any concrete laws, the order does make it somewhat easier for private industries and government to share information, similar to CISPA. However, unlike CISPA, the order implements and enforces safeguards to better protect individual privacy via public reports and assessments:
Assessments shall include evaluation of activities against the Fair Information Practice Principles and other applicable privacy and civil liberties policies, principles, and frameworks. Agencies shall consider the assessments and recommendations of the report in implementing privacy and civil liberties protections for agency activities.
Because it contains measures to protect individual privacy, organizations (many of whom opposed CISPA) came out in support of the executive order. “The president’s executive order rightly focuses on cyber-security solutions that don’t negatively impact civil liberties,” said ACLU Legislative Counsel Michelle Richardson.
Others, however, take a critical view of the president’s action. The Heritage Foundation’s Paul Rosenzweig and David Inserra assert that “such a model will only impose costs, encourage compliance over security, keep the U.S. tied to past threats, and threaten innovation.”
They go on to claim:
“While the EO does take some positive steps in the area of information sharing, these steps are hamstrung by the EO’s inability to provide critical incentives such as liability protection. As a result, this order could result in few modest changes, or it could result in substantial negative effects.”
Without a doubt, cyber-security will become a mainstream issue as time progresses and attacks become more imminent in our technologically-advanced society. Many people agree that proper security measures remain a necessity. However, ensuring privacy rights is also seen as a major priority.
The arduous path may spark another political firestorm and unprecedented political engagement from colloquial citizens. The end result of which might either fundamentally alter the relationship between citizens, private companies, and government entities, or find the golden balance between security and privacy.