Congress revives CISPA, and it may get the White House's support this time

On the heels of the Sony hack, a senior Democrat has revived a controversial law that wants private companies to share its customers' data with the US government.
Written by Zack Whittaker, Contributor
President Obama at 2013's State of the Union after signing cybersecurity executive order
(Image: CBS News

A prominent congressman has revived a controversial cybersecurity bill that would allow US technology companies and businesses to share private user data with the government.

The bill, formally known as the Cyber Intelligence Sharing and Protection Act (CISPA), was re-introduced to the US House of Representatives late Thursday with very few changes from its original text when it was introduced two years ago.

The bill aims to "help businesses proactively prevent attacks by creating a system of voluntary information sharing between the public and private sectors."

Rep. Dutch Ruppersberger (D-MD) cited the recent Sony hack -- which authorities claim was carried out by North Korea -- as a reason to introduce the legislation, just days after the new congress began. "We must stop dealing with cyber attacks after the fact," he said in a statement.

Ruppersberger is the only name on the bill so far, after he lost his 2014 co-sponsor of the bill, former chairman of the House Intelligence Committee Rep. Mike Rogers (R-MI), who earlier this year retired from Congress.

The Democrat has an uphill battle, civil liberties groups notwithstanding, to find bipartisan support, particularly after he was replaced as the ranking member on the House Intelligence Committee by Rep. Adam Schiff (D-CA).

CISPA allows private companies to search personal and sensitive user data of Americans to identify "threat information," which can then be shared with other opt-in firms and the federal government -- without the need for a court-ordered warrant. Supporters of the bill hope the data can be used in real-time to stop cyberattacks and enable authorities to trace back to the source of the attack.

Privacy groups and civil liberties advocates previously blasted the law as "privacy-invasive" and "dangerous."

The White House previously said the president would veto CISPA should it pass his desk because of the shared civil liberties concerns.

However, following the Sony hack, the substance of the Obama administration's rhetoric changed.

White House press secretary Josh Earnest called the rogue state's alleged attack on Sony a "serious national security matter."

A day later, President Obama said at his end-of-year press conference that despite "correlating with the private sector" on cybersecurity arrangements and preventing cyberattacks, he said "a lot more needs to be done."

Obama said he hoped Congress would in the new year work on "stronger cybersecurity laws that allow for information sharing across private sector platforms as well as the public sector." This would help to prevent cyberattacks from happening "in the first place," he added.

The Obama administration and the former Congress failed to see eye-to-eye in the past two years on proposed cybersecurity legislation.

But during the last few weeks of the retiring congress, a similarly-named bill Cybersecurity Information Sharing Act (CISA), made it through a Senate committee. Critics of the bill, however, called it an "even more toxic bill" than CISPA.

CISA will be voted on later this year. The White House has also not publicly commented on whether or not it would veto the Senate's proposed legislation.

Editorial standards