Eleven California lawmakers are among the more than 100 co-sponsors of an increasingly controversial cybersecurity bill that would make it easier for private companies to swap information with the federal government on threats against computer systems.
Hackers and thieves, say the bill's supporters, threaten to undermine national security and the economy by targeting business secrets and financial information.
One of the co-sponsors – Democratic Rep. Anna Eshoo of Menlo Park – represents a district containing parts of Silicon Valley, home to the tech industry and its years of skepticism toward Washington meddling in Internet growth and digital innovation.
Critics worry that the bill’s language could put the National Security Agency or the Department of Defense’s Cyber Command in the position of compiling sensitive personal information belonging to Americans that flows between the federal government and the private sector.
Help us do more.
There are no meaningful restrictions for how the government can use data that consumers intended to give only to a private company, says the Center for Democracy & Technology in San Francisco. Any restrictions on the data that might exist are left up to businesses, and the information also could be used for government surveillance purposes, adds the group.
Another San Francisco privacy organization, the Electronic Frontier Foundation, argues that the bill is “dangerously vague” and the lack of restrictions means companies like Google, Facebook and AT&T could exchange customer e-mails and text messages with one another and the government, as long as they were doing it to stop “cybersecurity threats.”
Kendall Burman, a senior fellow at the Center for Democracy & Technology, told The Hill last week that the proposed legislation, called the Cyber Intelligence Sharing and Protection Act, “drives a truck through privacy law.” She said the bill, sponsored by U.S. Rep. Mike Rogers, R-Mich., is so broadly worded that it could go beyond critical cyber threats and include personal information from people accused of illegally downloading music and films.
That possibility has raised the ire of online activists who earlier this year joined Internet heavyweights like Craigslist and Google to unravel a proposed bill aimed at protecting copyrighted digital content, which backers said was necessary to safeguard intellectual property and halt the underground trade of counterfeit consumer products.
The popular Internet forum Reddit.com helped lead the opposition to that now-defunct bill, known as the Stop Online Piracy Act, and Reddit users have since drawn attention to Rogers' proposal by catapulting it to the top of the site. The bill nonetheless enjoys broad – and rare – bipartisan support, and companies like Facebook are supporting the measure. Under the Rogers plan, companies would be prohibited from using traded information in order to gain an unfair competitive advantage, and Congress would receive an annual unclassified report with recommendations on the protection of privacy and civil liberties.
“Your legislation removes burdensome rules that currently can inhibit protection of the cyber ecosystem, and helps provide a more established structure for sharing within the cyber community while still respecting the privacy rights and expectations of our users,” Joel Kaplan, Facebook's vice president of U.S. public policy, wrote in a February letter to Rogers [PDF]. “Through timely sharing of threat information, both public and private entities will be able to more effectively combat malicious activity in cyberspace and protect consumers.”
The debate comes amid news that 24-year-old hacker Cody Kretsinger agreed to plead guilty to one count of conspiracy and other charges in a Los Angeles federal court stemming from an attack on Sony Pictures Entertainment that breached customer information, according to Reuters. Internet observers were stunned to learn last month that Hector Monsegur, nicknamed “Sabu,” of the LulzSec hacking group had spent months working for the FBI as an informant.
Rogers, a former FBI agent, in a March 29 statement pointed to his bill’s numerous co-sponsors and industry backing as evidence that it’s been thoughtfully conceived.
“Every day, U.S. businesses are targeted by nation-state actors like China for cyber exploitation and theft," he said. "This consistent and extensive cyber looting results in huge losses of valuable intellectual property, sensitive information and American jobs. The broad base of support for this bill shows that Congress recognizes the urgent need to help our private sector better defend itself from these insidious attacks.”