House lawmakers have reintroduced a bill that civil liberties groups say would destroy the right to Internet privacy as we know it. An earlier version of the Cyber Intelligence Sharing and Protection Act, or CISPA (pdf), passed the House back in April 2012; it died quickly under threat of presidential veto and widespread protest from Internet activists. But this week, House Intelligence Committee Chairman Mike Rogers (R-Michigan) and ranking member Dutch Ruppersberger (D-Maryland) brought it back. What's going on?
Ruppersberger argues that CISPA is necessary to fight a cyber-security threat that has expanded since last spring – alluding to recent Chinese hacking attacks on newspapers including The New York Times and Washington Post. "People ask me all the time, 'What keeps you up at night?' And I say, 'Spicy Mexican food, weapons of mass destruction and cyber attacks,'" Ruppersberger tells Rolling Stone. "We have a serious problem. We're trying to fix this problem."
But opponents from the American Civil Liberties Union (ACLU) to the Electronic Freedom Foundation (EFF) say that in practice, CISPA would give private companies and U.S. intelligence agencies the power to pass around Americans' personal data with complete impunity – all in the name of "national security." "In one fell swoop, privacy laws no longer apply," Michelle Richardson, a legislative counsel for the ACLU, tells Rolling Stone.
Ruppersberger insists that he and Rogers worked hard on crafting CISPA provisions that will protect Americans from this kind of spying. "CISPA does not authorize the government to monitor your computer or read your emails, Tweets and Facebook," he says. "It's clearly what the bill does not do."
Yet this conveniently ignores the part of CISPA which does give private companies the power to share our private emails, tweets and Facebook messages with the government – nullifying current privacy laws, which require companies to keep your private information, well, private.
Last time around, many tech companies overwhelmingly supported CISPA, from Internet service providers like Comcast and AT&T to Web giants like Google and Facebook. With corporations lining up for the right to share your private information without any threat of prosecution, Ruppersberger's assurances are cold comfort.
As usual, the government is using national security concerns to justify the latest expansion of its powers. Rogers recently told CBS's Bob Schieffer that he believes the nation has been too soft on cybersecurity, and information sharing is the best way forward: "The senior leadership in the intelligence community said that they think we can stop 90 percent of our problems just by sharing classified cyber threat information."
But it remains to be seen why U.S. intelligence needs our personal information to combat network breaches. Even NSA director Keith Alexander, while supporting CISPA, has acknowledged that ensuring cybersecurity "doesn't require the government to read [Americans'] mail."
Moreover, computer experts dispute the very efficacy of CISPA in combating the types of threats cited by Rogers and Ruppersberger. Purdue University computer security professor Eugene Spafford tells Rolling Stone he hasn't seen "a good case made for how CISPA would improve protection of critical resources." Spafford, a leading expert, and the EFF agree that businesses should focus on securing their networks, rather than pushing shoddy legislation after their flawed systems get compromised.
"This is a very reactionary bill," adds EFF policy analyst Michael Jaycox. "What they really need is a preemptive solution."
President Obama recently signed his own executive order on cybersecurity. His order, too, clears the path for the government and private companies to share information – but unlike CISPA, it includes privacy safeguards based on the Fair Information Practice Principles. The order also directs Homeland Security officers to evaluate privacy risks related to information sharing. Civil liberties advocates have cautiously welcomed the move: "It takes important first steps to make sure that privacy is part of our cybersecurity policy," says Richardson. "It shows there are cybersecurity options besides sharing our information with the NSA."
For now, advocates are waiting to see if Obama will honor his commitment to online privacy. During last night's State of the Union address, the president urged Congress to pass "legislation to give our government a greater capacity to secure our networks and deter attacks." He didn't go into specifics on exactly what he wants from the Hill.
As CISPA's supporters learned last year, when you try to weaken Internet privacy, the Internet fights back. Jaycox tells Rolling Stone that he's "highly confident the same, robust grassroots movement" that helped kill CISPA the first time around will return in full force. That movement is already mounting.
Days after lawmakers announced intentions to bring back the bill, groups from every corner of the Web pledged action. Civil liberties groups posted primers on why CISPA is terrible. Anonymous threatened to disrupt the White House's State of the Union stream in protest. And the organization Fight For the Future launched a Web site titled CISPA is Back. The site's front page lists names and phone numbers for members of the House Intelligence Committee.
"Send Congress a message," the site reads. "Our rights are not negotiable."