Tech Groups Push for Cyberthreat Information-sharing Bill

Several technology trade groups are pushing the U.S. Congress to pass a controversial cyberthreat information-sharing bill, despite ongoing privacy concerns voiced by digital rights and civil liberties groups.

The U.S. House of Representatives could vote on the Cyber Intelligence Sharing and Protection Act, or CISPA, next week, and several tech trade groups have called for Congress to pass the legislation.

CISPA is a "measured approach that will better protect people and the systems we rely on from cyber threats," wrote Dean Garfield, president and CEO of the Information Technology Industry Council, and Bruce Mehlman, executive director of Technology CEO Council, in a Friday column for The Hill newspaper. "It will protect the fundamental relationship between Internet users and the companies that provide them online access and services. User experience and history, transactions, and personal information will be better safeguarded, providing more personal security online -- not jeopardizing it."

Other tech trade groups voicing support this week for CISPA included TechAmerica, CTIA, the Internet Security Alliance, and the Software and Information Industry Association.

Denial-of-service attacks earlier this month by hacktivist group Anonymous on the websites of some CISPA supporters show the need for improved information sharing about cyberthreats between private groups and government agencies, TechAmerica said. TechAmerica's website was one of those attacked.

TechAmerica remains "steadfast" in its support of the bill, Shawn Osborne, the group's president and CEO, wrote in a letter to CISPA's sponsors this week. "The inability to share information is one of the greatest challenges to collective efforts toward improving our cybersecurity, and we appreciate the efforts of you and your colleagues to remove those barriers in order to foster better information sharing between the government and the private sector."

Bill sponsors Representative Mike Rogers, a Michigan Republican, and Representative C.A. "Dutch" Ruppersberger, a Maryland Democrat, have continued to work with outside groups in an effort to "fine tune the legislation to explicitly protect privacy and civil liberties," Oborne wrote.

CISPA would allow private companies such as Internet service providers to share customer communications related to cyberthreats with a wide number of government agencies. The bill would allow agencies to use the shared information for a wide range of purposes, as long as there's also a "significant" cybersecurity or national security purpose for sharing the information, critics have said.

The bill exempts private companies that share cyberthreat information in "good faith" from lawsuits from customers.

Critics, including the Center for Democracy and Technology and the American Civil Liberties Union, said the bill supersedes all U.S. privacy laws and puts few restrictions on how government agencies can use the shared information.

CDT remains in talks with Rogers and Ruppersberger, but the group still has privacy concerns, said spokesman Brock Meeks. The House Intelligence Committee, where Rogers is chairman, "continues to remain open to receiving suggestions and, from our own discussions with them, are taking these meeting seriously," he said.

On Wednesday, the House Homeland Security Committee passed an alternative cyberthreat information-sharing bill, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act, or PRECISE Act. CDT and the ACLU have said the PRECISE Act, sponsored by Representative Dan Lungren, a California Republican, raises fewer privacy and civil liberties concerns than CISPA does.

However, Homeland Security Committee Democrats, said a new, amended version of the PRECISE Act contained significant changes from the past version.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Subscribe to the Security Watch Newsletter

Comments