October 22, 2013
This summer, when Edward Snowden dropped his bombshell about PRISM, the NSA’s vast Internet spying program, the House had recently passed a bill called the Cyber Intelligence Sharing and Protection Act (CISPA). Widely criticized by privacy advocates, CISPA aimed to beef up US cybersecurity by giving tech companies the legal freedom to share even more cyber information with the US government—including the content of Americans’ emails, with personal information intact. CISPA supporters, among them big US companies such as Verizon and Comcast, spent 140 times more money on lobbying for the bill than its opponents, according to the Sunlight Foundation. But after Snowden’s leaks, public panic over how and why the government uses personal information effectively killed the bill. Now that the dust has settled a bit, NSA director Keith Alexander is publicly asking for the legislation to be re-introduced, and two senators confirmed that they are drafting a new Senate version.
“I am working with Senator Saxby Chambliss (R-Ga.) on bipartisan legislation to facilitate the sharing of cyber related information among companies and with the government and to provide protection from liability,” Sen. Dianne Feinstein (D-Calif.) told Mother Jones in a statement. “The legislation will…still maintain necessary privacy protections.” NSA’s Alexander threw his weight behind this kind of bill in September: “If we can’t work with industry, if we can’t share information with them, we can’t stop [cyber attacks]” he told the Washington Post.
Privacy advocates aren’t happy to see that the “zombie bill” is returning—it’s been killed and resurrected twice since it was originally introduced by Rep. Mike Rogers (R-Mich.) in 2011. “This summer has confirmed that any information that goes into the NSA will be shrouded by secrecy and there will be no oversight,” says Michelle Richardson, a legislative counsel with the ACLU. “Since this is a domestic issue, the NSA is more likely to get involved…and companies haven’t provided concrete examples that they even need this legislation, especially when it’s this broad.”
The way CISPA was written earlier this year, it would have given US companies the legal protection to share cyberattack incidents with the government, which could then help companies better defend sensitive information, such as the design for the F-35 Joint Strike Fighter and US electrical grids. The way the law stands now, cyber attack information is only supposed to be shared in emergencies, otherwise it can be a violation of laws like the Electronic Communications Privacy Act (ECPA) and the Wiretap Act. Tech companies, including Google and Facebook, have quietly supported CISPA in the past—possibly because, according to Snowden, they were already being forced to share user information with the US government, anyway, and CISPA would protect them from lawsuits.