CISPA draws closer to a vote amid a flurry of amendments

WASHINGTON -- Activists and lawmakers are geared up for a final push against the latest Internet security legislation, calling on Congress to reject or dial back the Cyber Intelligence Sharing and Protection Act (PDF) because of the considerable power it would give government to examine Americans’ online activities.

A number of amendments already have been made to the bill as its supporters have tried to secure passage -– a vote is likely on Friday -– by clearing up ambiguities regarding what the law would allow the government to do.

CISPA’s supporters portray it as a bill focused on opening up communication between the government and private entities for the purposes of sharing information about imminent or emerging cyber security threats, with particular emphasis on those that threaten national security from foreign sources. Since its introduction last year, the scope of the legislation has been trimmed, and oversight of the powers it would grant has been broadened.

To many of the bill’s detractors, the changes aren’t enough.

Despite a so-called week of action, in which groups such as the Electronic Frontier Foundation, the ACLU, the Sunlight Foundation, Reporters Without Borders and more sought to raise awareness of their concerns about the bill, the number of co-sponsors for CISPA in Congress has increased to 113.

A group of 18 congressional Democrats signed a letter Monday that spelled out their points of contention with the bill, writing that “CISPA would, for the first time, grant non-civilian Federal agencies, such as the National Security Agency, unfettered access to information about Americans’ Internet activities and allow those agencies to use that information for virtually any purpose.”

Rep. Ron Paul(R-Texas), a presidential candidate, joined the opposition in a statement claiming that “CISPA is Big Brother writ large” and the “latest assault on Internet freedom.”

The bill could soon be changed once again to address the concerns of critics. Rep. Adam Schiff (D-Calif.), a senior member of the Intelligence Committee, is proposing an amendment that borrows language from the Cybersecurity Act of 2012, currently sitting in the Senate. Schiff’s amendment would revise several provisions included in CISPA that critics see as overly broad and ambiguous.

Already, CISPA’s current definition of what constitutes cyber-threat information has been altered so that it no longer places the broad and contentious term “intellectual property” under the legislation’s purview. The initial inclusion of intellectual property brought immediate comparisons to SOPA, a bill focused on curbing online piracy and digital rights protections, which was canned after extensive backlash from individuals and from websites such as Wikipedia, Reddit and Google, which held blackouts or hosted prominent notifications to help end the legislation.

Under Schiff’s proposal drawing from the Cybersecurity Act, cyber security threats would be defined as “any action that may result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality or availability of an information system or information that is stored on, processed by, or transiting an information system.”

Included in the amendment are provisions to reduce the personally identifiable information obtained under CISPA. The amendment would, among other things, require data to be destroyed that does not “reasonably appear to be related to protecting a system or network” and would order requirements to be established to preserve the integrity of data that can be used to identify individuals.

Schiff’s amendment also seeks to limit the access federal agencies would have to the information swept up by CISPA’s procedures, to make sure that the data cannot be, as Schiff phrased it, “hijacked for another purpose.” The attorney general’s office would work in consultation with private and public entities to establish the procedures after CISPA’s passage. The AG’s involvement would be in conjunction with the oversight role given to the inspector general of the intelligence community in CISPA’s current text.

The need to include more oversight authority in the legislation was highlighted by White House National Security Council spokeswoman Caitlin Hayden. “Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation’s urgent needs,” she said in a statement released April 17.

Michelle Richardson, a legislative council at the ACLU’s Washington Legislative Office, is hoping that more amendments to be proposed by CISPA’s opponents will curtail the power the proposed law would give to the government.

“The changes don’t address fundamental problems,” she said, arguing that the bill still allows too much information to be shared and too much of a role for the military in the distribution of data and does not do enough to limit the government’s authority.

Schiff chalks up the degree to which CISPA has been revised since its inception to Rep. Mike Rogers (R-Mich.), chairman of the Permanent Select Committee on Intelligence, and Rep. Dutch Ruppersberger (D-Md.), the ranking member, who have “changed the culture of the committee for the better,” and sought to allay legitimate concerns over the bill.

Schiff was clear that, despite his proposed amendment, he strongly supports the goals of the bill. Critics need to accept the severity of the threats already facing the country’s cyber security infrastructure, he said.

“The problem is not one we’re anticipating. It’s one we’re encountering now,” Schiff said.

CISPA’s opponents are just as adamant that the bill shouldn’t pass in its current form, seeing it as a troubling encroachment on the privacy rights of Americans. The opposition to CISPA, in Richardson’s words, already has “taken on a life of its own.”

morgan.little@latimes.com

Original source: CISPA draws closer to a vote amid a flurry of amendments