President Obama announced a new cybersecurity executive order in his State of the Union address last night and urged Congress to follow his lead "by passing legislation to give our government a greater capacity to secure our networks and deter attacks."
Congress is acting today by reintroducing the Cyber Intelligence Sharing and Protection Act (CISPA), an older bill President Obama threatened to veto last year that would allow private companies to share information on "cyber threats" with the government and each other. The bill, which is said to be "identical" to the previous version, goes a step further than President Obama's cybersecurity order passed Tuesday.
Goes a step further than President Obama's cybersecurity order
While the President's order gives only government agencies permission to share their threat information with companies (not the other way around, according to Forbes), CISPA would give companies the ability to share information about suspicious activity on their networks and security breaches back with the government.
CISPA was originally introduced in late 2011 by Rep. Mike Rogers (R-MI), chairman of the House Intelligence Committee, and ranking member Dutch Ruppersberger (D-MD) and was passed by the rest of the House of Representatives in April 2012, but didn't go any further and didn't become law.
The bill was resoundingly criticized by internet privacy and freedom activists, including the Electronic Frontier Foundation and Fight for the Future, who said that it did not contain enough restrictions on how companies and the government could share personal user information. Even the White House threatened to veto the bill if it passed the Senate and made it all the way to the President's desk (it didn't — that time).
The bill's major cosposnors did make a public attempt to address some of that criticism by releasing amendments to CISPA that they said would narrow the types of user information shared, the scope of sharing, and how the government could use it, which won over the privacy advocacy group Center for Democracy and Technology, previously a critic.
The new CISPA "will be identical" to that final amended version that passed the House, according to press materials provided by the House Intelligence Committee. But this time, Ruppersberger said that he's been working with the White House to avoid another veto threat.
Already, Fight For the Future has set up a new CISPA protest website
CISPA's revival was formally announced by Congressmen Rogers and Ruppersberger during an event at the think tank the Center for Strategic and International Studies (CSIS) in Washington, DC, which was livestreamed on the CSIS website and on the House Intelligence Committee website at 2 PM ET.
"We are in a cyber war," Rogers said during the event, "Most Americans don't know it, most people in the world probably don't know it. But we're in it, and at this point, we're losing."
As evidence of this fact, Rogers and Ruppersberger cited the cyber attacks reported on oil company Saudi Aramco back in 2012 and those on the New York Times, Wall Street Journal and Washington Post, reported earlier this year.
"If we have a catastrophic [cyber] attack like 9/11 we'll get all the bills passed we want," Ruppersberger said. "But right now, we're focused on this bill."
Already, Fight For the Future has set up a new CISPA protest website encouraging users to email Congress against the bill. Meanwhile, AT&T, Verizon (PDF) and the telecommunications lobbying group USTelecom all declared their support for the revival of CISPA in the hours after it was announced.
The full text of the new version of the bill is available here (PDF).