The Cyber Intelligence Sharing and Protection Act, or CISPA (HR 3523), is a controversial bill intended to let businesses and governments share information about "cyber threats" by circumventing privacy laws. The bill has passed the US House of Representatives, but President Barack Obama is expected to veto it if a final version is approved.
Mar 28, 2014
CISPA author and NSA supporter Mike Rogers leaving Congress to host radio show
Representative Mike Rogers (R-MI), chair of the House Intelligence Committee and author of the controversial CISPA cybersecurity bill, is stepping down in 2015 in order to host a nationally syndicated radio show. On a Michigan radio program, Rogers announced that he would not seek reelection in 2014, instead accepting a spot on the Cumulus network. "I had a career before politics and always planned to have one after," he said in a statement published by MLive.com. "The genius of our institutions is they are not dependent on the individual temporary occupants privileged to serve.
Read Article >In his statement, Rogers promised that he would continue to support "American exceptionalism" and "a strong nation security policy agenda." Among other things, Rogers has spent the past few years unsuccessfully shepherding the Cyber Intelligence Sharing and Protection Act (CISPA) through Congress. CISPA was created in order to allow companies and government agencies to share information about malicious software and security breaches, a goal that many in Washington were working towards. But its approach worried privacy advocates, who objected to provisions that would give companies immunity for turning over user information along with more general data. The bill passed the House of Representatives in 2012, but President Obama indicated he would veto it, and it died in the Senate. Obama would ultimately issue his own cybersecurity executive order. In 2013, Rogers brought the bill back, to no avail.
Oct 21, 2013
Controversial cyberthreat bill CISPA may return to Congress
capitol-dome-twilight After suffering defeat this spring, the controversial legislation aimed at preventing cyberthreats, CISPA, may be returning to the Senate. According to Mother Jones, two senators are now working on a new version of the bill that looks to curb some of the concerns that kept it from initially passing. The goal of the bill will still be to make it easier for private companies to share information with the government regarding cyber threats, however the type of information that can be shared will reportedly be narrower in scope this time around.
Read Article >As the legislation is still being written, it's not clear exactly how different its updated form will be. Mother Jones reports that Senators Dianne Feinstein (D-CA) and Saxby Chambliss (R-GA) are working together to draft the bill. "The goal is to allow and encourage the sharing only of information related to identifying and protecting against cyberthreats, and not the communications and commerce of Americans," Feinstein's office tells Mother Jones in a statement. Feinstein in particular has been a major proponent for facilitating this type of sharing, having also been in support of expanding FISA.
Oct 10, 2013
NSA head says Congress needs to pass cybersecurity bills to let him stop attacks
The release of several national surveillance leaks put the brakes on cybersecurity legislation, which was already under scrutiny by civil liberties groups. But NSA head Keith Alexander thinks Congress needs to get the bills back on track, letting federal agencies and companies share information about potential attacks. "How do you defend Wall Street from a major crisis?" he asked during a Tuesday interview hosted by Politico and defense contractor Raytheon. "We have to have the rules in place that you can defend Wall Street from being taken down, and inform the civilian leadership." Those rules, he said, would need to be put in place with "cyber legislation" before somebody decided to launch a "cyberpacket" assault.
Read Article >Alexander, as head of US cyber command, discussed the offensive capabilities he's been building for some time. He also, however, said that Congress needed to untie his hands when it came to sharing information with companies that aren't part of critical infrastructure. Referencing Representative Mike Rogers' (R-MI) and Dutch Ruppersberger's (D-MD) controversial CISPA bill, he argued that the NSA, FBI, and Department of Homeland Security needed legislation to proactively prevent cyberattacks. "We have a great forensics team," he quipped. "It's all over, bad things have happened, we can come down and say 'It's really bad!'"
Apr 30, 2013
White House responds to petition against CISPA, calls for new bill that 'protects privacy'
White House at night Flickr public domain The White House has finally responded to a petition on its website signed by over 100,000 web users protesting the controversial cybersecurity bill CISPA, which was passed by the House of Representatives earlier this month. In its response to the petition, the White House comes out more forcefully against the bill, saying "This legislation still doesn't adequately address our fundamental concerns" about privacy, and pointing back to the veto threat issued by President Obama's office two weeks ago. However, the White House says that it still wants to see a new cybersecurity bill passed soon that allows companies and the government to share information about suspected "cyber threats." As the response issued today says, "Moving forward, the Obama Administration will continue to advocate vocally for cybersecurity legislation," that contains three major privacy protections.
Read Article >Apr 25, 2013
Senate Commerce Committee suggests CISPA may be dead in the water
capitoldome-congress CISPA, the controversial cybersecurity legislation passed by the House of Representatives last week, may be effectively dead for now. US News has reported that the Senate Commerce Committee, headed by Senator Jay Rockefeller (D-WV), doesn't see the bill being taken up by the Senate. Instead, the committee is working on separate bills that will address cybersecurity but hopefully avoid CISPA's privacy pitfalls. "We're not taking [CISPA] up," says a representative. "Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we're going to strengthen cybersecurity. They'll be drafting separate bills."
Read Article >After CISPA was given overwhelming approval in the House, it was referred to the Senate Intelligence Committee, which did not immediately respond for comment. CISPA was referred to the Senate last year as well, but it never passed, forcing the House to vote on the issue again. Now, an anonymous Commerce Committee staff member confirmed to The Verge that they think CISPA is still a no-go, and that it likely won't come up on the Senate floor. Rockefeller has previously said that although he supported cybersecurity legislation, CISPA's privacy protections are "insufficient." The White House has also threatened to veto CISPA, giving the Senate yet another reason to propose its own solution.
Apr 18, 2013
House passes revamped CISPA cybersecurity bill amidst warnings of 'digital bombs'
constitution2 The US House of Representatives has once again passed the Cyber Intelligence Sharing and Protection Act (CISPA), which died in the Senate last year, by a margin of 288 to 127 after two days of debate. Over several hours, House opinion on the bill boiled down to whether the redesigned CISPA successfully addressed criticism from civil libertarians, and whether the threat of cyberattacks was grave enough to justify overriding lingering concerns. Representative Candice Miller (R-MI), a CISPA supporter, painted a dire picture of North Korean hackers taking down the US power grid, and Rep. Joe Heck (R-NV) warned that "our nation is under attack." Rep. Mike McCaul (R-TX) went so far as to urge passage with a comparison to the Boston Marathon bombings: "In the case of Boston they were real bombs, in this case they're digital bombs. And these digital bombs are on their way."
Read Article >Cyberwarfare is seen as a major threat by other parts of the US government. Director of National Intelligence James Clapper has testified about the possibility of a major cyber attack, and the NSA has stepped up its cyberwarfare efforts with offensive and defensive teams. President Barack Obama has signed an executive cybersecurity order, and he's urged Congress to pass legislation that would broaden it. At its core, CISPA is meant to make it easier for companies to share information about online attacks between each other and the government, letting them catch hacks early and better defend themselves. But there's disagreement over whether it does so while protecting the privacy of ordinary people whose data is actually at risk of being exposed.
Apr 16, 2013
White House will oppose CISPA in its current form
white house statue As an amended version of CISPA nears a vote on the House floor, the White House has once again stated that it has fundamental problems with the cybersecurity bill in its current form. In an official policy statement, the Obama Administration said that lawmakers had not addressed several issues regarding information-sharing and privacy, and that "if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill." Instead, it urged a continuing dialog between Congress and the President in order to create a more acceptable version.
Read Article >Specifically, the White House remains concerned that CISPA does not require companies to "take reasonable steps" to strip personal information when sharing user data with the government or other businesses. This has been a major point of contention between CISPA supporters and civil libertarians, who worry that the bill would give companies immunity for swapping user data inappropriately. The White House says that an amended CISPA should "incorporate privacy and civil liberties safeguards" into its text, but it also worries more generally about limiting the liability of companies when they're faced with a potential security problem. "Even if there is no clear intent to do harm," the statement reads, "the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm," it writes.
Apr 15, 2013
Cyber threats at the top of US intelligence report for the first time
James Clapper Cyber threats are the number one type of danger facing the United States, according to US national intelligence director James Clapper, the man in charge of coordinating the CIA and the NSA, among many other agencies. "As more and more state and nonstate actors gain cyber expertise, its importance and reach as a global threat cannot be overstated," Clapper said in testimony he gave to the House Intelligence Committee last week, as part of his office's annual global threat assessment report.
Read Article >The US Department of Defense followed up with a news release today emphasizing the new classification of cyber threats as the most significant facing the United States. "This is the first time that cyber has been cited as the top threat," a Defense Department spokesperson told The Verge. That said, Clapper and other officials have been sounding the alarm on cyber threats for the past several years now, and even in this latest threat assessment, Clapper notes that "there is a remote chance of a major cyberattack against U.S. critical infrastructure systems during the next two years." Last year, Iran was dubbed the number one threat by the national intelligence director.
Apr 13, 2013
Lobbying group representing Google, Yahoo, and Microsoft sends letter to Congress in support of CISPA
Hacker (STOCK) Amid warnings from the White House and civil liberties groups, a trade association representing Google, Yahoo, Microsoft, Oracle, and other tech companies has come out in support of the controversial Cyber Intelligence Sharing and Protection Act (CISPA), which passed a House committee vote this week. The Hill reports that the lobbying group, TechNet, sent a letter to the leaders of the House Intelligence panel on Wednesday praising lawmakers for their work on the bill, with TechNet CEO Rey Ramsey writing that "this bill recognizes the need for effective cybersecurity legislation." TechNet's executive council includes Google Executive Chairman Eric Schmidt, Yahoo CEO Marissa Mayer, Microsoft General Counsel Brad Smith, Cisco CEO John Chambers, and other tech executives, whose names are listed in the letter.
Read Article >CISPA is making its second journey through Congress after failing to make it through the Senate last year. Support for the bill on behalf of tech companies isn't surprising; last year, several prominent corporations supported CISPA, including Facebook, IBM, AT&T, and Microsoft. Few tech companies have opposed the bill — Mozilla and Cheezburger, Inc. topped the list last year — and opposition to CISPA has largely come from interest groups: including the Cato Institute, the American Civil Liberties Union, the Center for Democracy and Technology.
Apr 11, 2013
White House knocks amended CISPA bill for not addressing civil liberties concerns
white house statue As US cybersecurity bill CISPA heads to the House Floor for a vote, the White House National Security Council has issued a statement suggesting that the President won't support it in its current form. "We continue to believe that information sharing improvements are essential to effective legislation," NSC spokesperson Caitlin Hayden told the Los Angeles Times in a statement. "But they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections... We believe the adopted committee amendments reflect a good faith-effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities."
Read Article >Apr 10, 2013
CISPA passes committee, will head to the House floor for a vote
constitution2 In an 18-2 vote behind closed doors, the House Intelligence Committee passed the controversial Cyber Intelligence Sharing and Protection Act (CISPA) cybersecurity bill. While the bill's final text is still unknown, The Hill reports that a number of amendments supported by the bill's sponsors were approved during markup, including one change that would require the government to remove personal information from "cyber threat" data they receive from private companies. The Hill also reports that the committee removed a provision from CISPA that would allow the government to use data from private companies for broad "national security purposes."
Read Article >CISPA has been criticized by the public and tech industry companies including Facebook and Microsoft. The White House has yet to fulfill a response to an anti-CISPA petition that received over 100,000 signatures. While President Obama has taken his own measures this year to promote cybersecurity information sharing, including an executive order that allows the government to share more information on cyber threats with private companies, his administration threatened last year to veto CISPA if it passed Congress.
Apr 5, 2013
House Intelligence Committee to again mark up CISPA bill behind closed doors
capitoldome Just as it did last year, the US House Intelligence Committee will hold its markup of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) out of public view in a closed session. The committee has yet to formally schedule the markup, where it will discuss and consider potential amendments to the cybersecurity bill. Designed to grant private companies the ability to share information on suspected online threats with the government (and vice versa), CISPA — now on its second trip through legislation — has raised no shortage of privacy concerns among the public and watchdog groups.
Read Article >A petition calling for the Obama administration to stop CISPA dead in its tracks crossed the 100,000 signature mark last month, requiring the White House to issue a formal response. The bill has also drawn its share of criticism from the tech industry: Facebook and Microsoft have both pushed a balanced approach to cybersecurity and continued dialogue among lawmakers and the public. While the Intelligence Committee markup will happen behind closed doors, members will be able to discuss the proceedings once the session has concluded. The Hill reports that the committee will also release details on proposed amendments and vote outcomes. That's still not enough for privacy groups, who earlier this week filed a written request to open up markup session to public scrutiny. "The public has a right to know how Congress is conducting the people’s business, particularly when such important wide-ranging policies are at stake," the letter reads. Unfortunately that outcome remains unlikely, a House spokesperson justifies the closed off nature by claiming that classified or otherwise sensitive details could come up during discussion.
Mar 15, 2013
Facebook and Microsoft soften support for latest CISPA bill
US Capitol 8 (Verge Stock) Facebook has joined Microsoft in offering a very lukewarm statement about pending legislation in Congress, the recently-reintroduced Cyber Intelligence Sharing and Protection Act (CISPA). The goal of CISPA is to allow companies to share information on "cyber threats" with the government, but the scope, nature, and direction of that sharing has raised the hackles of privacy advocates. Although both companies supported CISPA the first time around, their backing isn't as forthcoming this year. Rather than throwing its full weight behind the bill, Facebook today told CNET that it preferred to find a "legislative balance" between sharing information and user privacy. The sentiment echoes Microsoft's statement, given to The Next Web, where it too suggested a balanced approach and said that "dialogue must continue."
Read Article >In fact, industry support for this year's bill appears to be weaker than last year, with fewer letters of support from some of the usual suspects. The first CISPA bill ran up against stiff opposition and eventually died without reaching the President's desk — where it would have been vetoed anyway. With less-enthusiastic industry support this time around — not to mention a successful protest petition awaiting an official White House reply — it seems likely that the current, unaltered CISPA bill will need to see changes before it has a chance of becoming law.
Mar 13, 2013
White House must now respond to CISPA protest petition, 100,000 signatures reached
White House at night Flickr public domain The White House must issue a public statement on the controversial cybersecurity bill CISPA now that an online petition protesting the bill has passed 100,000 signatures, the minimum threshold that is required for a response from the administration on its "We The People" website. The petition, which calls upon the Obama Administration to stop the bill from being passed into law, earned its 100,000th signature late last night, exactly a month after it was first posted by an opponent in New York. The bill stands for Cyber Intelligence Sharing and Protection Act and is designed to allow private companies to share information on suspected cyber threats with the government and vice versa, but critics warn it could enable private user information to be shared without accountability.
Read Article >Feb 13, 2013
Controversial cyber bill CISPA returns to Congress for debate, same as before
US Capitol President Obama announced a new cybersecurity executive order in his State of the Union address last night and urged Congress to follow his lead "by passing legislation to give our government a greater capacity to secure our networks and deter attacks."
Read Article >Congress is acting today by reintroducing the Cyber Intelligence Sharing and Protection Act (CISPA), an older bill President Obama threatened to veto last year that would allow private companies to share information on "cyber threats" with the government and each other. The bill, which is said to be "identical" to the previous version, goes a step further than President Obama's cybersecurity order passed Tuesday.
May 4, 2012
Join Nilay and TC for a Reddit 'AMA' on CISPA at 11AM ET
US Capitol 4 (Verge Stock) Read Article >As part of Reddit's efforts to understand the controversial CISPA cybersecurity legislation more thoroughly, we've been invited to take part in an "AMA" (ask me anything) to answer questions about the bill. Our own Nilay Patel and T.C. Sottek will be taking questions about the bill on Reddit in its r/technology subsection — so hop over starting at 11AM ET and post your own questions if you'd like to learn more about CISPA, what it does, and where it's headed. In the meantime, be sure to catch up on our ongoing coverage of CISPA.
May 2, 2012
Who supports and opposes CISPA, and why?
The Cyber Intelligence Sharing and Protection Act (CISPA), which recently passed the US House of Representatives, will soon see its counterpart bills debated in the Senate. The vote on CISPA comes only months after the Stop Online Piracy Act (SOPA) was withdrawn after widespread protest, and many are wondering whether CISPA will garner the same high-profile opposition. By allowing companies to share user data with each other or the government to combat vaguely defined "cyber threats," CISPA has raised major questions about online privacy.
Read Article >Unlike SOPA, however, the provisions of CISPA largely absolve companies from responsibility if something goes wrong. This means that Google, Facebook, and others stand much less to lose (and in many cases, a good deal to gain) if it passes. We've taken a look at where several of the major tech companies and websites stand on this proposal.
May 2, 2012
Mozilla comes out against CISPA, says 'the bill infringes on our privacy'
Firefox Logo Read Article >Despite the apprehension felt by many over CISPA, the bill continues to have many high-profile supporters in the tech industry, including the likes of Intel, Oracle, and Microsoft. Mozilla, however, is speaking out, telling Forbes in a statement that while the company does believe there is a need for stronger safeguards, "CISPA has a broad and alarming reach that goes far beyond Internet security" and "infringes on our privacy." While many companies have lined up in the CISPA debate, one of the heaviest hitters of them all — Google — has been missing in action, despite the company's participation in events protesting SOPA earlier this year. When contacted, Google told Forbes that the company is "watching the process closely," but has yet to take any formal stance on the legislation.
Apr 27, 2012
The Cyber Intelligence Sharing and Protection Act: CISPA explained
US Capitol 8 (Verge Stock) Following its failure to pass the Stop Online Piracy Act (SOPA), the second session of the 112th Congress is on track for a repeat performance in internet controversy with a bill called the Cyber Intelligence Sharing and Protection Act (CISPA). The bill just passed the House of Representatives, and a companion bill in the Senate will soon be debated and voted on. Unlike SOPA, which focused on piracy and intellectual property, CISPA was originally intended to guard against "cyber threats" that could harm networks by improving cybersecurity information sharing. The bill has since been expanded to cover "national security" and other purposes, and it gives broad powers and immunity to government and military intelligence agencies to collect and share the private data of individuals from companies without the use of warrants. And like SOPA, it has prompted civil liberty and internet privacy advocates to protest the bill's broad definitions and applications.
Read Article >The Obama Administration has already threatened to veto the bill, and voiced strong opposition in a recent memorandum, but it's not clear if it will follow through. The White House has signaled that it is open to some form of cybersecurity bill, so it's possible that a compromise version will reach Obama's desk.
Apr 26, 2012
US House passes controversial CISPA cybersecurity bill, now on to the Senate
US Capitol 5 (Verge Stock) The US House of Representatives has just passed the controversial Cyber Intelligence Sharing and Protection Act, or CISPA (HR 3523) by a vote of 248 to 168. The bill passed mostly along party lines, backed by House Republicans. While the bill is intended to safeguard the US against "cyber threats," critics say that it is too vague and broad, and would give government and military intelligence agencies the ability to inspect private data without the use of warrants. While the bill hasn't garnered the same level of outrage as SOPA did in recent months from companies like Google or Facebook (Facebook supports CISPA), web advocates have been vocal in their opposition to the bill.
Read Article >The Obama administration has already strongly opposed CISPA and threatened to veto it, so it's not likely that this particular version of the bill will pass. The White House says that the bill lacks civilian oversight and privacy protections, and that "without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the government as well as in the internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections." Still, the White House has signaled that it is interested in some form of cyber security bill, so this won't likely be its final act.
Apr 26, 2012
White House threatens to veto CISPA cybersecurity bill, ahead of Friday's vote
Obama Serious (White House Flickr) On Friday, the US House of Representatives is scheduled to vote on the Cyber Intelligence Sharing and Protection Act, or CISPA for short. It's a controversial bill, to be sure. Supporters, including a who's who of tech industry firms, say that having government and corporations share internet data is necessary to ensure network security and national defense. Detractors claim it would allow private companies to misuse their customers' personal data without fear of legal retribution, as long as they claim the sharing is for cybersecurity purposes. Even should the bill pass, though, the White House has threatened a veto: today, a letter from the Executive Office of the President (PDF) says that the Obama administration strongly opposes CISPA due to a lack of civilian oversight and privacy protections.
Read Article >H.R. 3523 fails to provide authorities to ensure that the Nation's core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards.Technically, the White House says it's interested in such a cybersecurity bill in general, but says that "Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately," and that the Department of Homeland Security needs to have an oversight role. The administration seems particularly worried about the bill shielding private companies from lawsuits if they share personal data with the government, no matter the consequences of that action.