Sat April 28, 2012
Civil Liberties Groups See Holes In Cyber Defense Bill
Originally published on Sat April 28, 2012 4:07 pm
GUY RAZ, HOST:
Here in Washington, the House of Representatives passed its version of the Cyber Intelligence Sharing And Protection Act or CISPA, as it's known. Backers say the bill is meant to protect the country's Internet infrastructure from cyberattacks. But civil libertarians and other opponents believes CISPA will give the U.S. government unprecedented access to all sorts of private information about you that is now online without ever having to go to a judge and ask for it. NPR's Steve Henn reports.
STEVE HENN, BYLINE: The outrage over the Cyber Intelligence Sharing Protection Act or CISPA has been building all week. The ACLU has called it a horrible bill. The White House has threatened to veto it. But broadly speaking, tech companies here in Silicon Valley are pretty fond of this thing.
DEAN GARFIELD: Businesses like it because it makes the Internet a much more secure and safe place.
HENN: Dean Garfield is president and CEO of the Information Technology Industry Council. His group represents giants like Microsoft and Apple. And he likes this bill because it protects his members from getting sued if they share information while trying to stop a cyberattack.
GARFIELD: It's helpful because one of the barriers to the free exchange of information was concerned about litigation.
HENN: Garfield says right now, when a company detects a possible attack, it has to sift through the data involved and decide just what information it can legally share with the federal government or other companies to help stop the attack. This bill basically gives companies a free pass: It would trump all other privacy laws and allow firms like Internet service providers or Apple, Google and Facebook to share any cybersecurity information with anyone they want, including the federal government, even the NSA, quote, "notwithstanding any other provision of law."
LEE TIEN: So those are very, very powerful provisions that destroy accountability.
HENN: Lee Tien is a senior staff attorney at the Electronic Frontier Foundation.
TIEN: It grants very broad authorities for private entities to share information and - not only that - to conduct surveillance and do all sorts of undefined cybersecurity things with blanket immunity.
HENN: But the bill's supporters like Dean Garfield say it's not going to create a giant funnel that ships data about you and your friends and mass to domestic spying agencies. Companies, he says, not the government, will decide for themselves what information to share. And that information is supposed to be related to possible cyberattacks, or at least a threat.
GARFIELD: The bill sunsets in five years. And then, two, the bill calls for the inspector general to actually do an annual report that will outline if this new law is creating new encroachments on privacy or civil liberties.
HENN: But not everyone's convinced this bill actually makes us or our information online any safer. Scott Shackelford's an assistant professor at Indiana University.
SCOTT SHACKELFORD: And do you think there needs to be more than just a kind of old voluntary scheme here?
HENN: Shackelford says this bill protects businesses from lawsuits. But it doesn't actually create any minimum standard about what companies have to do to protect critical infrastructure or private information. He says that's what's really needed.
SHACKELFORD: Yes. There has to be some role here that the government had - needs to play in enhancing cybersecurity.
HENN: The debate over the bill now moves to the Senate where both sides expected to be taken up next month. Steve Henn, NPR News, Silicon Valley. Transcript provided by NPR, Copyright NPR.