Story URL: http://news.medill.northwestern.edu/chicago/news.aspx?id=220185
Story Retrieval Date: 10/22/2014 10:03:50 PM CST

Top Stories
Features
Harold Washington Library computers

Esther Bergdahl/MEDILL

Libraries, such as the Harold Washington Library in Chicago, are a major stakeholder in any online privacy legislation. The American Library Association  opposes CISPA.


Cybersecurity bill agitates privacy advocates on eve of House debate

by Esther Bergdahl
April 16, 2013


A cyber security bill that critics say allows military agencies to spy on private citizens will come up for a vote in the U.S. House of Representatives on Wednesday.

The Cyber Intelligence Sharing and Protection Act of 2013, commonly known as CISPA, includes provisions that allow private companies to pass information about suspicious online behavior directly to the National Security Agency without oversight by a civilian agency like the Department of Homeland Security.

Advocates say the bill is necessary to protect against online threats to government infrastructure and private companies. Opponents say it endangers individuals’ online privacy. The bill passed a closed-door vote of the House Intelligence Committee 18-2 last week.

The vote comes in the wake of widely publicized cyberattacks on U.S. companies and government sites that experts have said originate in China. Bills similar to CISPA, including the Stop Online Privacy Act, or SOPA, and the Protect IP Act, or PIPA, provoked widespread online protests in 2012. President Barack Obama threatened to veto an earlier version of CISPA in 2012 that never reached his desk.

"One of the things [CISPA] does, it overrides any other law, including any state laws, including even privacy statements of companies themselves," said Bamshad Mobasher, professor of computer science at DePaul University in Chicago.

Mobasher said that companies aggregate data about how people use online resources, but their use of that data is governed by internal privacy policies. He added that under current laws, the federal government requires a court order to obtain records of user behavior, and legislation bars the government from matching user data with publicly available identifying information.

A coalition of civil liberties groups, including the American Civil Liberties Union, the American Library Association and the National Association of Criminal Defense Lawyers, signed a letter to Congress on Monday urging members to vote against the bill.

In its own online statement about CISPA, the ACLU called out provisions that allow companies to collect and share personal information ranging from location data and membership rolls to health status and reading habits.
“This fatal flaw persists despite testimony by industry representatives before the House Intelligence and Homeland Security Committees that such information is not generally needed to fight cyber threats,” the statement said.

Rep. Jan Schakowsky , D-Ill., cast one of two votes against CISPA in the House Intelligence Committee hearing. She proposed three amendments to the bill, none of which were approved. Sabrina Singh, communications director for Schakowsky, said that legislation needs to strike a balance between the country's security and personal privacy.

"Congresswoman Schakowsky is fighting for an amendment that will ensure the protection of civil liberties by ensuring that U.S. military or defense agencies do not directly collect information on American citizens," Singh said.

The bill's sponsor, Rep. Mike Rogers, R-Mich., defended CISPA in an online statement, calling it a necessary protection against hackers and theft. "The bill is a critical, bipartisan first step to empowering the private sector to protect its own networks, which hold invaluable intellectual property and personal information," he said.

Even CISPA's supporters have expressed some reservations. Rep. Luis Gutierrez, D-Ill., is one of the bill's co-sponsors. “The threat of cyberattack is real and growing, and needs to be addressed, but [Gutierrez] also understands that there are legitimate privacy concerns with the legislation,” said Douglas Rivlin, Gutierrez's director of communication, in an email.

The promise of a debate on privacy protections has not convinced many activists that CISPA should be salvaged. An American Library Association representative said in an email that the organization was "staunchly opposed" to the bill.

"It has been a longstanding belief in the library community that surveillance undermines a democratic society, and we have taken steps to urge our members to tell their legislators to oppose the bill,” the statement said.

For those concerned about securing intellectual property against hackers, or government infrastructure from terrorists, developers are innovating in online security as quickly as infiltrators figure out new ways to access servers, Mobasher said.

“It's not a technology problem, it's a political issue,” he said.