The House Permanent Select Committee on Intelligence on Wednesday marked up CISPA, the controversial cybersecurity bill that allows companies to share their customers' sensitive internet information with each other and the government. The bill's sponsors and corporations are not only declaring victory, but aggressively arguing that all privacy and civil liberties problems have been solved.
This couldn't be further from the truth.
We have flagged four general categories of problems in CISPA that have to be fixed before it is passed, and the markup only substantially fixed one of them:
Fixed in Markup?
Why? What Happened?
|Civilian Control of Domestic Cyber Programs||No||Offered by Rep. Schakowsky; Failed|
|Limit Sharing of Personal Information||No||Offered by Rep. Schiff; Failed|
|Remove Unlimited Immunity for "Hack Backs"||No||Incomplete Fix Offered by Langevin; Passed|
|Incorporate Post-Collection Protections on Information||Yes||Offered by Reps. Himes and Sewell; Passed|
While protecting information after it is shared is critical, it alone does not ameliorate the overarching problems with the bill. The core problem is that CISPA allows too much sensitive information to be shared with too many people in the first place, including the National Security Agency.
Two provisions in the manager's amendment actually removed protections added to CISPA last year. First, Rep. Justin Amash's (R-Mich.) ban on collecting library, tax, gun, and other records was reversed so that these records are collected pursuant to the privacy and minimization procedures that will apply to all records under the new draft. Second, the government is no longer banned from "affirmatively searching" through the information collected through CISPA, so long as it does so for an authorized purpose.
Because the new CISPA is just too much like the old CISPA, the ACLU continues to oppose this overbroad privacy-eviscerating bill. We will support floor amendments to fix the remaining problems and will be looking for your support.
Time is running out though: the House is expected to vote on CISPA next week.
Tell your members of Congress to vote "no" on CISPA as long as it allows such unaccountable sharing of our intimate information. Also demand that President Obama threaten to veto CISPA like he did last year, because cyberesecurity can be done right without sacrificing our privacy online.
For more about the problems with what CISPA proposes, check out our four-part explainer here.