Despite the online protests of Web freedom advocacy groups, a new cybersecurity bill known as the Cyber Intelligence Sharing and Protection Act (CISPA) has gathered supporters in Congress and the private sector as it heads towards a vote in the House of Representatives this week.
That support makes the bill’s primary sponsor, Rep. Mike Rogers (R-MI), Chairman of the House Intelligence Committee, pretty confident that the bill will be passed by the House, paving its path to become law, if also passed by the Senate and signed by President Obama.
“I feel pretty confident that we’ll close out the bill,” Rogers told TPM in a phone interview. “There is a strong chance that the bill will be passed [by the House this] week.”
That said, the White House on April 17 issued a thinly veiled critique of CISPA, indicating the President may not sign it if it reaches his desk in its current form.
Rogers told TPM he wasn’t aware of any final stance from the Administration, but acknowledged that officials had previously expressed support for alternative cybersecurity bills in the Senate.
Regarding the intensified efforts by critics to rally Web users against CISPA, Rogers noted that he and his staff had met repeatedly with advocacy groups over the past several weeks, listened to their concerns and updated the bill to address some of them.
“There’s some people who aren’t interested in having any bill happen,” Rogers told TPM. “But we’ve had an open and transparent dialogue with everyone who has chosen to engage with us, and there’s been major progress made. This has always been a collaborative effort.”
CISPA specifically seeks to encourage Web companies and U.S. intelligence agencies to share more information with each other about cybersecurity threats, including, potentially, personally identifiable information about Web users.
Internet service providers such as Time Warner Cable and other Web companies such as Facebook and Twitter already routinely share such information about their users with law enforcement and other government agencies when compelled by subpoenas, warrants and other court orders or emergency circumstances.
CISPA, however, would seek to allow for increased information sharing without going through such steps.
“An internet service provider is already protecting the network within your office,” Rogers pointed out, “They identify a nasty, malicious source code and stop it before you even know about it. They do this thousands of times a day. This is simply a voluntary arrangement that allows these companies and the government to share the malicious code they find with others, to allow them to protect their networks and users.”
As Rogers told TPM, currently only selected companies have the security clearance to receive classified cyber threat intelligence gathered by the government, but his bill is designed to bring more companies into the fold without having to go through a time consuming process.
Rogers and the bill’s other supporters, including co-sponsor Rep. C.A. “Dutch” Ruppersberger (D-MD), argue that it is necessary to combat a rising tide of malware, hackers and other “advanced persistent” cybersecurity threats that seek to steal information from or otherwise damage U.S. companies that keep their information online. A recent report by security firm Symantec saw a rapid increase in the number of targeted cyber attacks in 2011.
Critics argue that even the most recently updated version of CISPA allows companies and intelligence agencies to share user information without accountability, shielding them from lawsuits in the event that information is shared mistakenly or abused.
Asked about why the bill’s language had been changed once to include a provision specifically outlining when someone could sue before being changed back to leave that language out, Rogers told TPM that it was specifically his Democratic colleagues in the House who wanted the bill’s original language on liability to remain.
Further, Rogers told TPM: “We’re open to change this bill right up until it comes to the House floor based on external input.”
