Cyber security bill pits tech giants against privacy activists
SAN FRANCISCO — The escalating cyber attacks on corporate and government computers have provided a rare opportunity for bipartisan legislation to address the problem. But rather than sailing through Congress, the latest cyber security legislation is exposing a fault line in the tech industry.
On one side stand some of tech’s biggest companies, such as Intel Corp., Oracle Corp. and IBM Corp., which are pressing for more government action. On the other side are thousands of smaller tech firms and privacy activists who have launched online protests to raise the alarm over a bill they say harms privacy and civil liberties.
Last year, these two camps joined forces in a powerful protest that stopped a piracy bill favored by the entertainment industry. Now they find themselves pitted against each other, trying to find a middle ground between increased security and protecting privacy.
With the bill headed toward a possible vote in Congress next week, the results of this high-tech family feud may demonstrate in stark terms whether the Internet can truly be the great political leveler when going against the more traditional methods of wielding policy influence, such as lobbying and campaign donations.
“This is sort of a ‘privacy versus big corporation’ moment,” said Michelle Richardson, an attorney at the American Civil Liberties Union, which has been campaigning against the cyber security bill.
This is a striking departure from the much-publicized fight last year over the Stop Online Piracy Act, or SOPA, a bill backed by Hollywood and the recording industry. Activists launched a high-profile and sweeping online campaign against the bill. Many hailed it as evidence of the power of Internet activism.
But the truth wasn’t quite so simple. In that fight, large tech companies largely aligned with those grass-roots activists, bringing their own lobbying might to bear.
“This will be a much truer test of the Internet’s power because there are no big tech companies lining up with the citizen grass-roots groups,” said Daniel G. Newman, president of MapLight, a nonpartisan research organization in Berkeley that tracks the influence of money on politics.
This schism emerged over a bill called the Cyber Intelligence Sharing and Protection Act of 2013, or CISPA. On Wednesday, the bill was approved by the House’s Permanent Select Committee on Intelligence by a vote of 18 to 2, with two Democrats voting against. It now will move to the full House for a vote that could be held as early as next week.
Big tech companies have been clamoring for the government to take a stronger role in cyber security amid the growing number and complexity of cyber attacks in recent years. This battle is causing companies to ramp up spending to defend themselves.
In turn, companies have stepped up their own efforts around cyber security policy. According to a recent analysis by Bloomberg, the number of firms and corporations lobbying on cyber security issues has grown to 513 in 2012 from 183 in 2010.
This year, the Obama administration issued an executive order that directs the federal government to create voluntary standards for cyber security protections for private-sector companies, while also finding ways to enable companies to share more information about these attacks.
The House intelligence committee has received letters of support for the bill from Intel, Oracle, IBM, Juniper Networks Inc. and Motorola Solutions Inc. On Wednesday, TechNet, which represents such companies as Google Inc., Cisco Systems Inc., Apple Inc. and Yahoo Inc., issued a letter praising the committee for its work on the bill.
“We commend the committee for providing liability protections to companies participating in voluntary information-sharing and applaud the committee’s efforts to work with a wide range of stakeholders to address issues such as strengthening privacy protections,” TechNet President Rey Ramsey wrote.
Still, many of these companies are tiptoeing carefully in their support of the bill, acknowledging the importance of getting the privacy parts of the legislation right.
“We are calling for conversation and discussions between folks concerned with privacy and security,” said David Hoffman, director of security policy and global privacy officer at Intel. “I would say that we’re encouraged by the conversations that have been had.”
But such talk may not be enough to satisfy the grass-roots activists.
These groups say CISPA doesn’t do enough to protect personal information while absolving companies of liability over sharing that data. They also argue that such information could be shared directly with the military, and instead should be handled primarily by civilian agencies.
“A bill in Congress could kill online privacy as we know it,” reads the website at https://www.cispapetition.org, started by San Francisco programmer Daniel Jabbour using the technology that powers online petition site Change.org. “It would allow corporations to share your personal information with the government — without a warrant.”
The Internet Defense League, a network of small tech businesses and privacy activists, sent out an alert using its “cat signal” urging its members to take action by signing petitions and contacting their representatives.
The cat signal is a piece of code the group developed that can be placed on a website. When the IDL activates the program, a banner appears on the websites with information about the issues and instructions for getting involved.
“The cat is the unofficial mascot of the Internet,” said Evan Greer, campaign manager at Fight for the Future, an Internet activist group that is part of the IDL. “When you take away people’s ability to view and share content about cats, they get very upset.”
