CISPA: Congress weighs privacy against 'cyber threats'

Representative Mike Rogers (R-MI), chair of the House Intelligence Committee and author of the controversial CISPA cybersecurity bill, is stepping down in 2015 in order to host a nationally syndicated radio show. On a Michigan radio program, Rogers announced that he would not seek reelection in 2014, instead accepting a spot on the Cumulus network. "I had a career before politics and always planned to have one after," he said in a statement published by MLive.com. "The genius of our institutions is they are not dependent on the individual temporary occupants privileged to serve.

In his statement, Rogers promised that he would continue to support "American exceptionalism" and "a strong nation security policy agenda." Among other things, Rogers has spent the past few years unsuccessfully shepherding the Cyber Intelligence Sharing and Protection Act (CISPA) through Congress. CISPA was created in order to allow companies and government agencies to share information about malicious software and security breaches, a goal that many in Washington were working towards. But its approach worried privacy advocates, who objected to provisions that would give companies immunity for turning over user information along with more general data. The bill passed the House of Representatives in 2012, but President Obama indicated he would veto it, and it died in the Senate. Obama would ultimately issue his own cybersecurity executive order. In 2013, Rogers brought the bill back, to no avail.

After suffering defeat this spring, the controversial legislation aimed at preventing cyberthreats, CISPA, may be returning to the Senate. According to Mother Jones, two senators are now working on a new version of the bill that looks to curb some of the concerns that kept it from initially passing. The goal of the bill will still be to make it easier for private companies to share information with the government regarding cyber threats, however the type of information that can be shared will reportedly be narrower in scope this time around.

As the legislation is still being written, it's not clear exactly how different its updated form will be. Mother Jones reports that Senators Dianne Feinstein (D-CA) and Saxby Chambliss (R-GA) are working together to draft the bill. "The goal is to allow and encourage the sharing only of information related to identifying and protecting against cyberthreats, and not the communications and commerce of Americans," Feinstein's office tells Mother Jones in a statement. Feinstein in particular has been a major proponent for facilitating this type of sharing, having also been in support of expanding FISA.

The release of several national surveillance leaks put the brakes on cybersecurity legislation, which was already under scrutiny by civil liberties groups. But NSA head Keith Alexander thinks Congress needs to get the bills back on track, letting federal agencies and companies share information about potential attacks. "How do you defend Wall Street from a major crisis?" he asked during a Tuesday interview hosted by Politico and defense contractor Raytheon. "We have to have the rules in place that you can defend Wall Street from being taken down, and inform the civilian leadership." Those rules, he said, would need to be put in place with "cyber legislation" before somebody decided to launch a "cyberpacket" assault.

Alexander, as head of US cyber command, discussed the offensive capabilities he's been building for some time. He also, however, said that Congress needed to untie his hands when it came to sharing information with companies that aren't part of critical infrastructure. Referencing Representative Mike Rogers' (R-MI) and Dutch Ruppersberger's (D-MD) controversial CISPA bill, he argued that the NSA, FBI, and Department of Homeland Security needed legislation to proactively prevent cyberattacks. "We have a great forensics team," he quipped. "It's all over, bad things have happened, we can come down and say 'It's really bad!'"

The White House has finally responded to a petition on its website signed by over 100,000 web users protesting the controversial cybersecurity bill CISPA, which was passed by the House of Representatives earlier this month. In its response to the petition, the White House comes out more forcefully against the bill, saying "This legislation still doesn't adequately address our fundamental concerns" about privacy, and pointing back to the veto threat issued by President Obama's office two weeks ago. However, the White House says that it still wants to see a new cybersecurity bill passed soon that allows companies and the government to share information about suspected "cyber threats." As the response issued today says, "Moving forward, the Obama Administration will continue to advocate vocally for cybersecurity legislation," that contains three major privacy protections.

CISPA, the controversial cybersecurity legislation passed by the House of Representatives last week, may be effectively dead for now. US News has reported that the Senate Commerce Committee, headed by Senator Jay Rockefeller (D-WV), doesn't see the bill being taken up by the Senate. Instead, the committee is working on separate bills that will address cybersecurity but hopefully avoid CISPA's privacy pitfalls. "We're not taking [CISPA] up," says a representative. "Staff and senators are divvying up the issues and the key provisions everyone agrees would need to be handled if we're going to strengthen cybersecurity. They'll be drafting separate bills."

After CISPA was given overwhelming approval in the House, it was referred to the Senate Intelligence Committee, which did not immediately respond for comment. CISPA was referred to the Senate last year as well, but it never passed, forcing the House to vote on the issue again. Now, an anonymous Commerce Committee staff member confirmed to The Verge that they think CISPA is still a no-go, and that it likely won't come up on the Senate floor. Rockefeller has previously said that although he supported cybersecurity legislation, CISPA's privacy protections are "insufficient." The White House has also threatened to veto CISPA, giving the Senate yet another reason to propose its own solution.

The US House of Representatives has once again passed the Cyber Intelligence Sharing and Protection Act (CISPA), which died in the Senate last year, by a margin of 288 to 127 after two days of debate. Over several hours, House opinion on the bill boiled down to whether the redesigned CISPA successfully addressed criticism from civil libertarians, and whether the threat of cyberattacks was grave enough to justify overriding lingering concerns. Representative Candice Miller (R-MI), a CISPA supporter, painted a dire picture of North Korean hackers taking down the US power grid, and Rep. Joe Heck (R-NV) warned that "our nation is under attack." Rep. Mike McCaul (R-TX) went so far as to urge passage with a comparison to the Boston Marathon bombings: "In the case of Boston they were real bombs, in this case they're digital bombs. And these digital bombs are on their way."

Cyberwarfare is seen as a major threat by other parts of the US government. Director of National Intelligence James Clapper has testified about the possibility of a major cyber attack, and the NSA has stepped up its cyberwarfare efforts with offensive and defensive teams. President Barack Obama has signed an executive cybersecurity order, and he's urged Congress to pass legislation that would broaden it. At its core, CISPA is meant to make it easier for companies to share information about online attacks between each other and the government, letting them catch hacks early and better defend themselves. But there's disagreement over whether it does so while protecting the privacy of ordinary people whose data is actually at risk of being exposed.

As an amended version of CISPA nears a vote on the House floor, the White House has once again stated that it has fundamental problems with the cybersecurity bill in its current form. In an official policy statement, the Obama Administration said that lawmakers had not addressed several issues regarding information-sharing and privacy, and that "if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill." Instead, it urged a continuing dialog between Congress and the President in order to create a more acceptable version.

Specifically, the White House remains concerned that CISPA does not require companies to "take reasonable steps" to strip personal information when sharing user data with the government or other businesses. This has been a major point of contention between CISPA supporters and civil libertarians, who worry that the bill would give companies immunity for swapping user data inappropriately. The White House says that an amended CISPA should "incorporate privacy and civil liberties safeguards" into its text, but it also worries more generally about limiting the liability of companies when they're faced with a potential security problem. "Even if there is no clear intent to do harm," the statement reads, "the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm," it writes.

Cyber threats are the number one type of danger facing the United States, according to US national intelligence director James Clapper, the man in charge of coordinating the CIA and the NSA, among many other agencies. "As more and more state and nonstate actors gain cyber expertise, its importance and reach as a global threat cannot be overstated," Clapper said in testimony he gave to the House Intelligence Committee last week, as part of his office's annual global threat assessment report.

The US Department of Defense followed up with a news release today emphasizing the new classification of cyber threats as the most significant facing the United States. "This is the first time that cyber has been cited as the top threat," a Defense Department spokesperson told The Verge. That said, Clapper and other officials have been sounding the alarm on cyber threats for the past several years now, and even in this latest threat assessment, Clapper notes that "there is a remote chance of a major cyberattack against U.S. critical infrastructure systems during the next two years." Last year, Iran was dubbed the number one threat by the national intelligence director.

Amid warnings from the White House and civil liberties groups, a trade association representing Google, Yahoo, Microsoft, Oracle, and other tech companies has come out in support of the controversial Cyber Intelligence Sharing and Protection Act (CISPA), which passed a House committee vote this week. The Hill reports that the lobbying group, TechNet, sent a letter to the leaders of the House Intelligence panel on Wednesday praising lawmakers for their work on the bill, with TechNet CEO Rey Ramsey writing that "this bill recognizes the need for effective cybersecurity legislation." TechNet's executive council includes Google Executive Chairman Eric Schmidt, Yahoo CEO Marissa Mayer, Microsoft General Counsel Brad Smith, Cisco CEO John Chambers, and other tech executives, whose names are listed in the letter.

CISPA is making its second journey through Congress after failing to make it through the Senate last year. Support for the bill on behalf of tech companies isn't surprising; last year, several prominent corporations supported CISPA, including Facebook, IBM, AT&T, and Microsoft. Few tech companies have opposed the bill — Mozilla and Cheezburger, Inc. topped the list last year — and opposition to CISPA has largely come from interest groups: including the Cato Institute, the American Civil Liberties Union, the Center for Democracy and Technology.

As US cybersecurity bill CISPA heads to the House Floor for a vote, the White House National Security Council has issued a statement suggesting that the President won't support it in its current form. "We continue to believe that information sharing improvements are essential to effective legislation," NSC spokesperson Caitlin Hayden told the Los Angeles Times in a statement. "But they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections... We believe the adopted committee amendments reflect a good faith-effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities."

In an 18-2 vote behind closed doors, the House Intelligence Committee passed the controversial Cyber Intelligence Sharing and Protection Act (CISPA) cybersecurity bill. While the bill's final text is still unknown, The Hill reports that a number of amendments supported by the bill's sponsors were approved during markup, including one change that would require the government to remove personal information from "cyber threat" data they receive from private companies. The Hill also reports that the committee removed a provision from CISPA that would allow the government to use data from private companies for broad "national security purposes."

CISPA has been criticized by the public and tech industry companies including Facebook and Microsoft. The White House has yet to fulfill a response to an anti-CISPA petition that received over 100,000 signatures. While President Obama has taken his own measures this year to promote cybersecurity information sharing, including an executive order that allows the government to share more information on cyber threats with private companies, his administration threatened last year to veto CISPA if it passed Congress.

Just as it did last year, the US House Intelligence Committee will hold its markup of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) out of public view in a closed session. The committee has yet to formally schedule the markup, where it will discuss and consider potential amendments to the cybersecurity bill. Designed to grant private companies the ability to share information on suspected online threats with the government (and vice versa), CISPA — now on its second trip through legislation — has raised no shortage of privacy concerns among the public and watchdog groups.

A petition calling for the Obama administration to stop CISPA dead in its tracks crossed the 100,000 signature mark last month, requiring the White House to issue a formal response. The bill has also drawn its share of criticism from the tech industry: Facebook and Microsoft have both pushed a balanced approach to cybersecurity and continued dialogue among lawmakers and the public. While the Intelligence Committee markup will happen behind closed doors, members will be able to discuss the proceedings once the session has concluded. The Hill reports that the committee will also release details on proposed amendments and vote outcomes. That's still not enough for privacy groups, who earlier this week filed a written request to open up markup session to public scrutiny. "The public has a right to know how Congress is conducting the people’s business, particularly when such important wide-ranging policies are at stake," the letter reads. Unfortunately that outcome remains unlikely, a House spokesperson justifies the closed off nature by claiming that classified or otherwise sensitive details could come up during discussion.

Facebook has joined Microsoft in offering a very lukewarm statement about pending legislation in Congress, the recently-reintroduced Cyber Intelligence Sharing and Protection Act (CISPA). The goal of CISPA is to allow companies to share information on "cyber threats" with the government, but the scope, nature, and direction of that sharing has raised the hackles of privacy advocates. Although both companies supported CISPA the first time around, their backing isn't as forthcoming this year. Rather than throwing its full weight behind the bill, Facebook today told CNET that it preferred to find a "legislative balance" between sharing information and user privacy. The sentiment echoes Microsoft's statement, given to The Next Web, where it too suggested a balanced approach and said that "dialogue must continue."

In fact, industry support for this year's bill appears to be weaker than last year, with fewer letters of support from some of the usual suspects. The first CISPA bill ran up against stiff opposition and eventually died without reaching the President's desk — where it would have been vetoed anyway. With less-enthusiastic industry support this time around — not to mention a successful protest petition awaiting an official White House reply — it seems likely that the current, unaltered CISPA bill will need to see changes before it has a chance of becoming law.

The White House must issue a public statement on the controversial cybersecurity bill CISPA now that an online petition protesting the bill has passed 100,000 signatures, the minimum threshold that is required for a response from the administration on its "We The People" website. The petition, which calls upon the Obama Administration to stop the bill from being passed into law, earned its 100,000th signature late last night, exactly a month after it was first posted by an opponent in New York. The bill stands for Cyber Intelligence Sharing and Protection Act and is designed to allow private companies to share information on suspected cyber threats with the government and vice versa, but critics warn it could enable private user information to be shared without accountability.

President Obama announced a new cybersecurity executive order in his State of the Union address last night and urged Congress to follow his lead "by passing legislation to give our government a greater capacity to secure our networks and deter attacks."

Congress is acting today by reintroducing the Cyber Intelligence Sharing and Protection Act (CISPA), an older bill President Obama threatened to veto last year that would allow private companies to share information on "cyber threats" with the government and each other. The bill, which is said to be "identical" to the previous version, goes a step further than President Obama's cybersecurity order passed Tuesday.

As part of Reddit's efforts to understand the controversial CISPA cybersecurity legislation more thoroughly, we've been invited to take part in an "AMA" (ask me anything) to answer questions about the bill. Our own Nilay Patel and T.C. Sottek will be taking questions about the bill on Reddit in its r/technology subsection — so hop over starting at 11AM ET and post your own questions if you'd like to learn more about CISPA, what it does, and where it's headed. In the meantime, be sure to catch up on our ongoing coverage of CISPA.

The Cyber Intelligence Sharing and Protection Act (CISPA), which recently passed the US House of Representatives, will soon see its counterpart bills debated in the Senate. The vote on CISPA comes only months after the Stop Online Piracy Act (SOPA) was withdrawn after widespread protest, and many are wondering whether CISPA will garner the same high-profile opposition. By allowing companies to share user data with each other or the government to combat vaguely defined "cyber threats," CISPA has raised major questions about online privacy.

Unlike SOPA, however, the provisions of CISPA largely absolve companies from responsibility if something goes wrong. This means that Google, Facebook, and others stand much less to lose (and in many cases, a good deal to gain) if it passes. We've taken a look at where several of the major tech companies and websites stand on this proposal.

Despite the apprehension felt by many over CISPA, the bill continues to have many high-profile supporters in the tech industry, including the likes of Intel, Oracle, and Microsoft. Mozilla, however, is speaking out, telling Forbes in a statement that while the company does believe there is a need for stronger safeguards, "CISPA has a broad and alarming reach that goes far beyond Internet security" and "infringes on our privacy." While many companies have lined up in the CISPA debate, one of the heaviest hitters of them all — Google — has been missing in action, despite the company's participation in events protesting SOPA earlier this year. When contacted, Google told Forbes that the company is "watching the process closely," but has yet to take any formal stance on the legislation.

Following its failure to pass the Stop Online Piracy Act (SOPA), the second session of the 112th Congress is on track for a repeat performance in internet controversy with a bill called the Cyber Intelligence Sharing and Protection Act (CISPA). The bill just passed the House of Representatives, and a companion bill in the Senate will soon be debated and voted on. Unlike SOPA, which focused on piracy and intellectual property, CISPA was originally intended to guard against "cyber threats" that could harm networks by improving cybersecurity information sharing. The bill has since been expanded to cover "national security" and other purposes, and it gives broad powers and immunity to government and military intelligence agencies to collect and share the private data of individuals from companies without the use of warrants. And like SOPA, it has prompted civil liberty and internet privacy advocates to protest the bill's broad definitions and applications.

The Obama Administration has already threatened to veto the bill, and voiced strong opposition in a recent memorandum, but it's not clear if it will follow through. The White House has signaled that it is open to some form of cybersecurity bill, so it's possible that a compromise version will reach Obama's desk.

The US House of Representatives has just passed the controversial Cyber Intelligence Sharing and Protection Act, or CISPA (HR 3523) by a vote of 248 to 168. The bill passed mostly along party lines, backed by House Republicans. While the bill is intended to safeguard the US against "cyber threats," critics say that it is too vague and broad, and would give government and military intelligence agencies the ability to inspect private data without the use of warrants. While the bill hasn't garnered the same level of outrage as SOPA did in recent months from companies like Google or Facebook (Facebook supports CISPA), web advocates have been vocal in their opposition to the bill.

The Obama administration has already strongly opposed CISPA and threatened to veto it, so it's not likely that this particular version of the bill will pass. The White House says that the bill lacks civilian oversight and privacy protections, and that "without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the government as well as in the internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections." Still, the White House has signaled that it is interested in some form of cyber security bill, so this won't likely be its final act.