U.S. lawmakers need to make significant changes to a controversial cyberthreat information sharing bill because the legislation could be used to give federal intelligence agencies backdoor wiretapping powers, the Center for Democracy and Technology said.
A markup to amend and send the Cyber Intelligence Sharing and Protection Act (CISPA) to the floor of the U.S. House of Representatives may happen as soon as April 10, and the House Intelligence Committee could debate the bill behind closed doors, CDT staffers said Wednesday. About 30 groups, including CDT, the American Civil Liberties Union and the Electronic Frontier Foundation, are calling on the committee to hold an open markup of the bill.
CISPA would allow companies to share cyberthreat information with a broad range of federal agencies, including intelligence agencies, and the agencies could use the shared information for broad national security purposes, said Gregory Nojeim, a senior counsel at CDT.
"I think it's fair to say that a national security use could be most anything that an intelligence agency thinks might be related to national security," he said. "It's what we say risks turning this legislation into a backdoor wiretap."
The bill, as written, also gives lawsuit protections to companies that use cybersecurity systems to collect cyberthreat information without limiting how the companies are obtaining that data, Nojeim said during a media briefing. The language in the bill could potentially give legal protections to companies that hack into other networks in search of cyberthreat information, he said.
"The last place one would think you would find new authority to hack [other networks] would be in cybersecurity legislation," he said.
In addition, CISPA gives legal immunity to companies for any "decisions made based on cyber threat information identified, obtained or shared," potentially giving companies authority to shut down other networks in the name of cyberdefense, Nojeim said.
A spokeswoman for Intelligence Committee Chairman Mike Rogers, a Michigan Republican and lead sponsor of CISPA, said the committee has had regular discussions on CISPA with privacy groups for 18 months.
"During last year's committee markup and open House floor process we incorporated several of their suggestions to tightening up the bill to further cement already robust privacy protections," spokeswoman Susan Phalen said by email. "As we move through this year's committee and House floor process, [the sponsors] are fully committed to continuing that ongoing dialogue and incorporating language into the bill which further puts to rest any misunderstandings about the bill's intent."
Nojeim said he knows of no privacy groups that the committee has a continuing dialog with.
Phalen said she expects an open debate about the bill and amendments when the bill goes to the House floor.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.