House passes CISPA Internet surveillance bill

House passes CISPA Internet surveillance bill

Summary: A last-minute push by critics of a bill that would allow Internet companies to open their networks to the Feds didn't work. The House approved CISPA by a 248-168 vote.

SHARE:
TOPICS: Security, Browser
12


House members clockwise from top left: Jared Polis, who warned CISPA would "waive every single privacy law ever enacted"; Adam Schiff; Sheila Jackson Lee; Jan Schakowsky; Mike Rogers; Hank Johnson (Credit: C-SPAN)

The U.S. House of Representatives today approved a controversial Internet surveillance bill, rejecting increasingly vocal arguments from critics that it would do more to endanger Americans' privacy than aid cybersecurity.

By a vote of 248 to 168, a bipartisan majority approved the Cyber Intelligence Sharing and Protection Act, or CISPA (the bill, which would permit Internet companies to hand over confidential customer records and communications to the National Security Agency and other portions of the U.S. government.

CISPA would "waive every single privacy law ever enacted in the name of cybersecurity," said Rep. Jared Polis, a Colorado Democrat, during today's marathon floor debate. "Allowing the military and NSA to spy on Americans on American soil goes against every principle this country was founded on."

Americans' confidential information that could legally provided to the feds would "include health records, it can include firearm registration information, it can include credit card information," warned Polis, a former Web entrepreneur who was a leader in opposing the Stop Online Piracy Act as well.

CISPA wouldn't formally grant the NSA or Homeland Security any additional surveillance authority. (A proposed amendment that would have veered in that direction was withdrawn.)

But it would usher in a new era of information sharing between companies and government agencies -- with limited oversight and privacy safeguards. The House Rules committee yesterday rejected a series of modestly pro-privacy amendments, which led a coalition of civil-liberties groups to complain that "amendments that are imperative won't even be considered" in a letter today.

That prompted some politicians, including House Intelligence Committee member Adam Schiff (D-Calif.), to reluctantly oppose the bill. Schiff said that because his proposed amendments were rejected, he had to vote against CISPA "due to my concerns about civil liberties and the privacy of Americans."

What made CISPA so controversial is a section saying that, "notwithstanding any other provision of law," companies may share information with Homeland Security, the IRS, the NSA, or other agencies. By including the word "notwithstanding," CISPA's drafters intended to make their legislation trump all existing federal and state laws, including ones dealing with wiretaps, educational records, medical privacy, and more.

Rep. Mike Rogers (R-Mich.), the chairman of the House Intelligence Committee, had predicted earlier in the week he had the votes. And it turned out he did, despite a last-minute surge of opposition that included Republican presidential candidate Ron Paul warning that "CISPA is Big Brother writ large," a White House veto threat, and 18 Democratic House members saying it "does not include necessary safeguards."

CISPA is "needed to stop the Chinese government from stealing our stuff," Rogers said. They're "stealing the value and prosperity of America."

Rogers' position paper on CISPA said the bill is necessary to deal with threats from China and Russia, and that it "protects privacy by prohibiting the government from requiring private sector entities to provide information." During today's floor debate, Rogers repeatedly referred to the need for the Feds to share attack signatures with the private sector -- but never addressed the privacy criticisms directly, except to say they were invalid.

One of the biggest differences between CISPA and its SOPA predecessor is that the Web blocking bill was defeated by a broad alliance of Internet companies and millions of peeved users. Not CISPA: the House Intelligence committee proudly lists letters of support from Facebook, Microsoft, Oracle, Symantec, Verizon, AT&T, Intel, and trade association CTIA, which counts representatives of T-Mobile, Sybase, Nokia, and Qualcomm as board members.

CISPA's authorization for information sharing extends far beyond Web companies and social networks. It would also apply to Internet service providers, including ones that already have an intimate relationship with Washington officialdom. Large companies including AT&T and Verizon handed billions of customer records to the NSA; only Qwest refused to participate. Verizon turned over customer data to the FBI without court orders. An AT&T whistleblower accused the company of illegally opening its network to the NSA, a practice that the U.S. Congress retroactively made legal in 2008.

The bill now heads to the Senate, where related cybersecurity legislation has been stalled for years, and the threat of a presidential veto makes speedy approval unlikely.

"Once the government gets expansive national security authorities, there's no going back," Michelle Richardson, ACLU legislative counsel, said after the House vote. "We encourage the Senate to let this horrible bill fade into obscurity."

CISPA Excerpts
Excerpts from the Cyber Intelligence Sharing and Protection Act:

"Notwithstanding any other provision of law, a self-protected entity may, for cybersecurity purposes -- (i) use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of such self-protected entity; and (ii) share such cyber threat information with any other entity, including the Federal Government...

The term 'self-protected entity' means an entity, other than an individual, that provides goods or services for cybersecurity purposes to itself."

About Declan McCullagh
Declan McCullagh is the chief political correspondent for CNET. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.

This story was originally posted on CNET News.

Topics: Security, Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • I would be concerned with (ii) as well...

    "(ii) share such cyber threat information with any other entity, including the Federal Government..." ///ANY OTHER ENTITY/// including corporations small businesses individuals, etc.
    conspiritech@...
    • Heading steadily for totalitarianism and police state

      Sucker nation is going down.
      LBiege
    • Corporations small businesses individuals

      that deal in the detection and prevention of cyber threats, probally. I don't think they mean that they'll give it to Google or whoever.

      Though I doubt Google would need it. They probally already have that info.
      William Farrel
  • I don't want to live on this planet anymore.

    Press link for maximum effect.
    http://www.youtube.com/watch?v=XhnN54tHjkI

    This news saddens and numbs me, but then I remember that most members of the HoR have never even touched a keyboard before and don't really know how the Internet works. They're not so much as stupid as just ignorant.
    And it shows. And we suffer through our privacy for it.
    Nox13last
    • Are laws made by a 'non-representative body' legitimate laws? I think not.

      No, it is not 'ignorance' of the internet- It is corruption. We exist in a non representative governmment; a corporate elitist dictatorship. The people are not represented; making all these laws 'color of law', dictated laws - not the laws of the people.

      The American political system has reached a 'black swan' inception point. Both political parties are now dilluted to the point they represent the same interests; corporate elites. This renders the country into a state a chaos. This is why they are attacking the constitution, pushing in stealth legislation; to legitimize their corporate takeover "after the fact".

      The people have no representation; therefore these laws are a tyrannical dictatorship, not the choice of the people.

      Now we will see a gradual collapse of society; and a collapse of all faith based institutions, because the awareness of the people is not going away; no matter how much they try to hide their corruption.

      Where is it going? I dont know. But this plot of theirs will likely fail; because there will always be the cognitive initiative of resisitance among the population that exists under it.
      JOHNDANIELS1
  • Have you actually read the bill?

    The meat of the bill only allows the intelligence community to share attack intel collected on foreign sources with commercial entities that are certified and obtain the appropriate level of clearance to handle the information. Most other countries use their intel community in direct support of their commercial industries, the US law spefically prohibits the use of national intelligence to support commercial persuites - this clarifies and limits how much the US government will share with the commercial sector. Everyone needs to take off their tinfoil hats and do original research and not believe the press since they get wrong more often than right. The bill can be found on Thomas @ http://www.gpo.gov/fdsys/pkg/BILLS-112hr3523rh.
    mtkell
    • slippery slope

      Any nation that gives up a little liberty to gain a little security, deserves neither and will lose both.
      hoaxoner
      • So you don't mind being scrutinized?

        :)
        HypnoToad72
  • Analogies between physical and information world for the Global Empire

    Some of the language of CISPA sounds like it might have been written by John Yoo.

    The determination of when CISPA info collection might cross over the boundary of illegality sounds a lot like when enhanced interrogation crosses the line ---- "pain equivalent to failure of an organ or death" --- that kind of stuff.

    Heck, NDAA hasn't caused us organ failure gang, so what's the big deal about CISPA?

    And just think of the 'synergies' as the corporate CEOs like to say in M&A deals.

    Yea, the detention centers can do unlimited strip searches, and the real benefit, is that now they could shove fiber-optic cable bundles up our arses to check every physical and data cavity.

    Now, THAT's synergy folks --- and government efficiency.

    Maybe, just maybe, it's time for us to start looking up the arse of this friggin Global Empire, wouldn't you say?

    Best luck and love to the "Occupy Empire"educational & revolutionary movement.



    Liberty, democracy, equality, & justice
    Over
    Violent/Vichy
    Empire,

    Alan MacDonald

    Sanford, Maine
    amacd
  • Good for Mike Rogers

    Though it's not stealing when companies gave China lots of information of their own free will...

    ZDNet even had an article, asking if Microsoft giving code to Russia and China posed a security risk... I'm sure anybody wanting to do a quick web search would be able to find the article and then know as much as everybody else does on the subject...
    HypnoToad72
  • RE: Sad Times

    The terrorists might not have won but we lost our soul and honor.
    edkollin
  • Google is now the "VILLAIN". Bye Bye 'Goodwill'.

    Google will now likely lose most if not all the GOODWILL consideration in their corporate earnings; and they account a substantial amount. Their impression on the public body is now that of "villain'. They are no longer the "good guys", they are the 'go along get along' corporate evil just like all the rest. They cannot be trusted anymore, and I will be using alternative browsers from now on.

    They could have become the NEW Mainstream Media. They could have been so much more. Now they have chose path of gradual decline. Now, Google will suffer the same fate as microsoft; Now their future is corporate technological suppression, instead of innovation.

    Terrorism is a farce to justify legislation that creates this corporate lockdown. Why do they think it is good for them? For companies like google, it is not.
    JOHNDANIELS1