The House Permanent Select Committee on Intelligence on Wednesday marked up CISPA, the controversial cybersecurity bill that allows companies to share their customers' sensitive internet information with each other and the government. The bill's sponsors and corporations are not only declaring victory, but aggressively arguing that all privacy and civil liberties problems have been solved.
This couldn't be further from the truth.
We have flagged four general categories of problems in CISPA that have to be fixed before it is passed, and the markup only substantially fixed one of them:
Fixed in Markup?
Why? What Happened?
|Civilian Control of Domestic Cyber Programs||No||Offered by Rep. Schakowsky; Failed|
|Limit Sharing of Personal Information||No||Offered by Rep. Schiff; Failed|
|Remove Unlimited Immunity for "Hack Backs"||No||Incomplete Fix Offered by Langevin; Passed|
|Incorporate Post-Collection Protections on Information||Yes||Offered by Reps. Himes and Sewell; Passed|
While protecting information after it is shared is critical, it alone does not ameliorate the overarching problems with the bill. The core problem is that CISPA allows too much sensitive information to be shared with too many people in the first place, including the National Security Agency.
Because the new CISPA is just too much like the old CISPA, the ACLU continues to oppose this overbroad privacy-eviscerating bill. We will support floor amendments to fix the remaining problems and will be looking for your support.
Time is running out though: the House is expected to vote on CISPA next week.
Tell your members of Congress to vote "no" on CISPA as long as it allows such unaccountable sharing of our intimate information. Also demand that President Obama threaten to veto CISPA like he did last year, because cyberesecurity can be done right without sacrificing our privacy online.
For more about the problems with what CISPA proposes, check out our four-part explainer here.